This chapter focuses on considerations for managing sensitive information and transferring information securely, as well as measures to take when normal methods of communication are disrupted.
Information security refers to measures and practices to protect sensitive information from unauthorised access, breaches and misuse. For humanitarian organisations, this often involves safeguarding personal data, operational details and other sensitive information that, if compromised, could endanger individuals or operations. Organisations should have up-to-date information security policies and procedures and train staff on the importance of maintaining information security. Good practice in information security also includes managing communications and digital security and addressing risks emerging from hostile surveillance.
The ability to communicate with others reliably and securely is especially important in high-risk environments. A good communications plan is tailored to fit the organisation and meet its specific needs in each context where it is operating. The combination of communications equipment used will vary depending on the context, and can range from hardline devices, mobile phones, high frequency radios, very high and ultra high frequency radios, to satellite communication devices.
The answer to which communication methods and equipment are the most secure depends on location, circumstances and timing, as technology changes quickly. Organisations may also consider encryption options when selecting communications equipment. Decisions should be based on thorough risk assessments to identify the communication tools that best suit the operational needs and context.
Communication plans should incorporate redundancy, meaning that communication remains functional even if one component fails. A Primary, Alternate, Contingency and Emergency (PACE) plan can be useful to maximise communication redundancy and thereby reduce risk. For instance, mobile phones might be designated as the primary method of communication. If this method fails, the team then switches to the alternate (e.g. VHF radio), followed by the contingency (e.g. satellite communication) if that also fails.
Staff require training on how to follow the communications plan and maintain and protect communications equipment. Staff should also be made aware that, even under the best circumstances, communications can be accessed by third parties, and they must be mindful of what is being communicated. It is good practice to ensure that staff know how to communicate clearly and securely using different communication tools.
Emergency Telecommunications Cluster (n.d.) Services & activities.
GISF (n.d.) Communications technology hub.
WFP (n.d.) Emergency Telecommunications Cluster.
