From Security Management to Risk Management

Originally published


Due safety and security is not an end in itself but a condition for sustainable access, and is thereby an enabler to aid agencies’ institutional and operational goals of presence and program implementation. Safety and security management are increasingly seen as one element of an organization’s overall risk management, which also includes financial, reputational and legal risks.

All organizations need to manage risk in order to achieve their objectives. Risk management is not limited or restricted to the operational (field) environment or merely a technical response; it is an institutional and managerial process.

The relationship between risk and security is more than simply a linguistic turn and merits being addressed systematically. For a critical discussion, this policy paper takes as its starting point the recent generic approach presented in the International Organization for Standardization (ISO) 31000:2009, Risk management – Principles and guidelines.