Home » Protection Manual for Human Rights Defenders » Chapter 8: Making sure security rules and procedures are followed

Why don’t people follow security rules, and how can we avoid this from the outset?

‹ Security is everybody’s businessupWhy security rules and procedures are not followed ›

First of all, the word “compliance” carries connotations of submissiveness and docility and should therefore be avoided. People only follow rules which they understand and accept, because they can then make them their own. The key word here is therefore “ownership”.

In order for a security procedure to be followed, everyone in the organisation has to embrace it. This doesn’t happen instantly. In order for staff to embrace a security procedure they must be allowed to participate in drawing it up and implementing it. Training, understanding and acceptance of the procedure are also crucial.

Table 1:

The relationship between individuals and organisations in security terms. KEY

Concept Approach 1: “Everyone must follow the rules!” Approach 2: “The individual and the organisation have agreed on the rules.”

Concept: Approach Approach 1: Rule-focused Approach 2: Based on organisational and personal security needs

Concept: Type of relationship between the individual and the organisation Approach 1: Normative or “paternalistic” Approach 2: Based on dialogue

Concept: Why do we follow the rules? Approach 1: By obligation, to avoid sanction or expulsion Approach 2: To observe an agreement, with room for criticism and improvement (because we agree with the purpose/need, in order to help protect our colleagues and the people we work with/for)

Concept: Responsibility for security Approach: Not shared Approach 2:Shared

Ownership is not just about “following rules”, but about establishing an agreement about the rules that will make individuals follow them because they understand them, see them as appropriate and effective, and feel they have a personal stake in them. For this reason, the rules should also conform to individuals’ moral and ethical criteria and basic needs.

Ownersship is not about simply “following rules”,
but about respecting an agreement between
the organisation and staff regarding security.

In order to maintain the agreement between staff members and the organisation it is important that the individual(s) responsible for security keep others constantly involved through briefings, reminders about aspects of the agreement, and by asking for people’s opinions on how appropriate and effective the rules are in practice.

Such involvement will however be of little value without an organisational culture of security which underpins formal and informal work procedures or programmes.

In summary, the necessary basis for people to observe security rules and procedures can be achieved through the following steps:

  • Developing an understanding that security is important for the protection of victims, witnesses, family members and colleagues, to enable the core work of the organization to continue.

  • Developing and valuing an organisational security culture.

  • Creating ownership of security rules and procedures.

  • Making sure all staff participate in designing and improving security rules and procedures.

  • Training people in security issues.

  • Making sure all staff are convinced about the appropriateness and effectiveness of security rules and procedures.

  • Establishing an agreement between the organisation and individuals about respecting security rules and procedures.

  • Involving those responsible for security in briefing and training people; in reminding staff of the terms of the agreement and asking their opinions on how appropriate and effective the rules are in practice.

»