Person-centred approach to security

Chapter summary

Each individual’s personal risk profile is shaped by vulnerabilities and strengths, influenced by how they are perceived by others. An inclusive approach to security risk management challenges stereotypes that label certain profiles as inherently more vulnerable, while considering specific risk factors that may be overlooked in a homogenous approach.

Identity-based risks can relate to factors such as race, ethnicity, nationality, disability, culture, religion, gender, sexuality and socio-economic status, as well as combinations of these factors. Sources of threat can be both internal and external to the organisation. In hostile work cultures, minor incidents can escalate into more severe forms of aggression.

Some identity characteristics, like sexual orientation or hidden disabilities, are invisible, highlighting the need for an inclusive security risk management approach that assumes diverse needs, encourages dialogue and empowers staff to raise concerns. Additionally, while location-based risks are important, whether a location is ‘safe’ often depends more on the individual’s identity and how they are perceived than on the location itself, requiring a shift in focus from ‘where is safe’ to ‘who is safe’. 

In practice, a person-centred approach involves recognising profile-specific risks due to the intersection of individual characteristics (intersectional identity) and behaviour, organisational factors and the context in which staff are working (both in the physical and digital spheres) (see figure below), and tailoring security measures to specific needs and vulnerabilities. While a focus on individual differences can raise fears about potential discrimination, this can be avoided through collaborative policy development, clear communication, and feedback mechanisms that ensure security practices are consultative, equitable, fair and adaptable.

There are a number of ways in which a person-centred approach can be implemented and supported. Examples include:

• Training security focal points to incorporate identity-based risk concerns into risk assessments, security plans and arrangements.
• Addressing internal as well as external threats, recognising that minor instances of hostility within an organisation can escalate into more serious forms of harm.
• In group settings, such as briefings and training, destigmatising discussions and tackling ‘myths’ around personal vulnerability.
• Involving diverse staff in developing and reviewing security policies and practices.
• Offering accessible guidance and resources on identity-based risks so that staff can make informed security decisions without being forced to disclose personal information.
• Providing staff with focal points they can speak to on a confidential and one-to-one basis about their security concerns.
• Incorporating identity-based risks and unconscious bias into security training.
• Recruiting security staff from diverse backgrounds.

Organisations that have made progress in this area have begun small, with targeted shifts in particular areas that then snowballed. Initiating a person-centred approach does not necessarily require a significant investment of money or time, but can start with a shift in perspective, for example by security staff simply asking how a situation or programme may impact the security of colleagues with different profiles and needs.