Security Incident Information Management Handbook
About this handbook
Security incident information management (SIIM) is the collection, reporting, recording, analysis, sharing and use of information (including data) linked to a security incident.
Security incident information management is a key part of an organisation’s broader security risk management, which aims to support organisational security in order to ultimately improve access to populations in need.
The SIIM Handbook seeks to make an important contribution in advancing practices related to security incident information management within non-governmental organisations (NGOs).
The handbook is intended to support users in establishing and developing effective information management for security event reporting and monitoring systems, both internally and externally, across the organisation and the sector.
This document is part of a broader SIIM project, which is aimed at strengthening humanitarian responses to crises by building the capacity of NGOs to improve security incident-related information management, and enhancing their ability to share incident information in a safe and appropriate manner to support good decision-making across various levels of an organisation.
The SIIM Handbook presents a broad range of tools and guidance, from advice on how to design an effective security incident report to sharing security incident information efficiently with a wide range of relevant stakeholders. The security risk management approach and vocabulary presented in these guidelines follows the global standard issued by the International Organization for Standardization (ISO), ‘Risk management – principles and guidelines’ (henceforth ISO 31000:2009).
This handbook deals with security incident information management, not with the management of security incidents as such.
Most of this handbook is applicable to all types of incidents, including critical incidents, that is, events that disrupt normal, routine operations and require an organisation’s crisis management response. Throughout, the term ‘incident’ will be used to refer to all types of incidents. When referring to a critical incident, this will be specified. Reference may occasionally be made to ‘non-critical incidents’, which will refer to all incidents that would not be considered critical and therefore not require a crisis management response. It is important to stress, however, that while some incidents may be deemed critical by one organisation, they may not be deemed so by another organisation that has the capability to deal with the incident through routine management procedures.
Although often undervalued, collecting and managing information related to incidents that are not deemed critical, including ‘near misses’, can be as important for analysis and sound security-related decision-making as information from critical events. This handbook, therefore, provides tools to help develop standards for the reporting and information management of all incidents, including those that occur more commonly and would generally not be deemed critical.
This handbook reflects current practices in the sector, and provides recommendations and observations for NGOs. It draws on resources from a broad range of experts including the European Interagency Security Forum (EISF), Insecurity Insight, RedR UK and many of their member organisations and broader networks. While using existing tools and guidance, it aims to avoid duplication by highlighting and drawing out the elements of security incident information management. This handbook is not prescriptive, but rather offers a wide menu of options for organisations to strengthen their security incident information management.
Although this handbook was written with a focus on humanitarian organisations and operations, the information is broadly applicable to other NGOs as well, particularly development-focused organisations.
This version of the handbook (published September 2017) incorporates feedback and input received from stakeholders within the humanitarian and development sector.
This is an open-source document, and will be made available online in English, French and Arabic.