Good Practices

Carry out human rights due diligence related to private security providers in order to identify, prevent and mitigate human rights risks and impacts

(see human rights due diligence, see Human rights violations by public security forces: monitoring incidents and referring them to appropriate remediation within Training – Working with Public Security Forces) and Unidentified root causes, unaddressed impacts of the operation or unfulfilled commitments: addressing persistent tensions within Stakeholder engagement strategy – Working with Communities). This is a key component of the UN Guiding Principles on Business and Human Rights (no. 17 and 18).

• Ensure that human rights due diligence goes beyond identifying and managing material risks to the company itself and centres around risks to rights-holders. ‍
• Ensure that human rights due diligence:

Is continuous, since human rights risks and impacts may change over time as the company’s operations and operating context evolve. Due diligence procedures should be updated based on the evaluation of their effectiveness.

Is included in the development of a new activity or relationship, such as before signing a contract with a private security provider prior to major changes in the operation (e.g. increase in the number of security guards protecting the site) or in response to or anticipation of changes in the operating environment (e.g. rising socio-economic tensions).

• Incorporate information from the risk and impact assessment when assessing and anticipating security needs. Ensure that the human rights risk and impact assessments, as well as operational context analysis, include:

Information on the country’s human rights profile, in particular human rights risk indicators, to gain a better understanding of the context. The UN Office of the High Commissioner for Human Rights has developed human rights indicators that may be useful in this respect.

National and local crime statistics as a reference to identify potential crimes and security incidents that could impact the operating site and nearby areas.

• Consult with potentially affected groups and other stakeholders that can provide relevant information and recommendations for the risk and impact assessment (see Unidentified root causes, unaddressed impacts of the operation, or unfulfilled commitments: addressing persistent tensions within Stakeholder engagement strategy – Working with Communities).

Consult potentially affected stakeholders (including vulnerable groups such as women, indigenous peoples, farmers, cattle breeders, fishermen, landowners and foreign nationals) using a language and terms they can understand well. Be transparent and share all information that is directly relevant to them (e.g. timeline of the project, area of operations, results of environmental impact assessment). Listen with an open mind and keep a record of any concerns they may have. Remember that concerns that have not been taken into account early on in the project may become grievances that escalate into tensions over time. Ensure these groups are not just consulted during data collection, but during all stages of the due diligence process (e.g. when scoping, creating a locally appropriate mitigation plan, monitoring impacts and reporting on findings).

Consult externally with other companies, as well as home and host country officials.

Consult with credible, independent experts  (e.g. civil society, national human rights institutions and relevant multi-stakeholder initiatives) to gain a good understanding of the context and how the project may impact the status quo.

• Assess security risks to the company’s personnel, local communities and other potentially impacted groups, as well as actual and potential human rights impacts of the company’s security arrangements. Evaluate risks using all internationally recognized human rights as a reference point.

Include adverse human rights risks and impacts that may be directly linked to the company through its security providers.

Carefully evaluate human rights impacts on individuals and groups that may be at heightened risk of vulnerability or marginalisation (e.g. women, children, indigenous peoples or foreign nationals). Ensure these risks are well understood and assessed. Consult with specialised organisations working with these groups or hire an expert to help with the identification of these groups and the impact assessment.

In situations of armed conflict, also assess all risks and impacts that may affect respect of international humanitarian law. (see Presence of public security forces assigned to areas of corporate operations: preventing increased incidents and escalation of tensions within Security arrangements – Working with Public Security Forces).

Conflict-sensitive human rights due diligence

View Content

Websites to use for addressing risks of human rights abuses, as well as security risk mapping:

• Human Rights and Business Country Guides (Danish Institute for Human Rights)
• Amnesty International Country Pages and International Report (Amnesty International)  
• Reports and Primers on Business and Human Rights Topics (BSR)
• Universal Human Rights Index Database (Office of the UN High Commissioner for Human Rights)
• Freedom in the World (Freedom House)
• Human Rights Watch World Report (Human Rights Watch)  
• Visualize Risk (Responsible Sourcing Tool)  

Determine the company’s security needs and draft an accompanying plan on the basis of findings from the risk and impact assessment (see human rights due diligence).  

• Integrate the findings from risk and impact assessments across relevant internal functions and processes, and ensure all relevant company departments work together to identify security needs and develop the security plan. This will avoid duplication of efforts and incoherence in actions.    
• Identify context-appropriate prevention mechanisms to avoid the identified risks and impacts. If complete prevention is not possible, consider appropriate mitigation mechanisms for each risk and impact. Examples of measures can be found in Phase 4, Impact Mitigation and Management, of the Human Rights Impact Assessment Guidance and Toolbox, Danish Institute for Human Rights.  
• Prioritise addressing the potential risks that are most severe (in terms of threats to human health and safety, risks to vulnerable groups etc.). The UNGPs make clear that severity is judged by the scale, scope or irremediable nature (i.e. irreversibility) of the impact (see UN Guiding Principles on Business and Human Rights, no. 15).
• Consider carefully which risks and impacts require a security-related prevention or mitigation mechanism. Although this should be assessed on a case-by-case basis, remember that there are situations in which having a too high security profile may jeopardise good relations with local communities. Consider the advantages and disadvantages of the different security options (e.g. public security forces, private security providers, in-house security, security equipment). u Develop business resilience and emergency response strategies in case of disruptive events (e.g. public disorder) as part of the security plan.
• Consider whether there is a need to review the company’s risk management policy.
• Ensure that gender-specific risks are accounted for, for example, by having a gender- sensitive approach to security practices, oversight mechanisms and access to grievance mechanisms (see gender and Impacts on the broader community’s security: ensuring that person’s in vulnerable situations have adequate protection within Impacts of company operations on the security of communities – Working with Communities)

• Establish a legitimate, accessible, predictable, equitable, transparent and rights-compatible grievance mechanism to provide remediation for actual impacts related to the project. Note that such a mechanism needs to be established at the outset and be made known to all potentially affected stakeholders (see 3.10.a and 4.1.a).
• Human right abuses by private security providers: setting up procedures and policies to ensure adequate responses within Human rights abuses (Working with Private Security Providers) and Unidentified root causes, unaddressed impacts of the operation or unfulfilled commitments: addressing persistent tensions within Stakeholder engagement strategy – Working with Communities).

• Track performance of actions taken and communicate the results externally.

Where the security plan involves contracting private security services, consider the following good practices.  

• Review the risk and impact assessment to ensure the following elements have been properly analysed:

Whether the private security provider has undertaken its own human rights risk assessment.  

National private security regulation and any potential deficits in the system.

Private security industry background and history of past performance in the country, in particular cases of human rights abuses and IHL violations by private security providers.

Perception of private security providers by local authorities and the general population, in particular community perceptions of and cultural sensitivities surrounding security providers (e.g. the industry as a whole, weapons, religion, foreigners, other clans). Voluntary Principles on Security and Human Rights: Implementation Guidance Tools, p. 50 (International Council on Mining and Metals, International Committee of the Red Cross, International Finance Corporation and IPIECA 2011)  

Need versus risk of having armed private security. The use of armed private security heightens tensions with local communities and creates additional risks related to the use of deadly force with weapons. The security arrangement should in all cases be preventative, and the mere presence of security personnel often acts as a deterrent. The security arrangement should be subject to a holistic reflection that relies on technologies and communication. Furthermore, in some countries, private security guards are not allowed by national law to carry certain type of weapons, firearms or ammunition. If allowed by national law, companies should consider which posts require armed private security. In some contexts, it may be better to have a small, well-equipped incident response team rather than having all private security guards armed. In other contexts, it may be appropriate to stipulate that private security guards should be unarmed and their primary role limited to tasks within the company premises, except when required by the risk assessment or to respond to an emergency or threat situation.

Any other potential risks and impacts that may be created or increased by the use of private security.

• Identify if certain tasks are better allocated to local private security providers or private security providers coming from outside the area of operations. Ensure national legislation permits hiring international security providers.
• Identify the activities to be sub-contracted to a private security provider and develop a request for proposals (see Selecting private security providers: assessing quality and cost considerations within Bids and contracts – Working with Private Security Providers)

• Ensure that the company’s security arrangements do not aggravate risk factors.

Questions to ask in a private security industry assessment to ensure accountability and oversight

View Content

Risk mitigation: hiring private security providers which are certified by the International Code of Conduct Association (ICoCA) or another industry standard

View Content

‍

Communicate how the company addresses its human rights risks and impacts to all relevant stakeholders (see human rights due diligence).  

• Develop procedures to share information about the security team activity, location, operational and logistical status, relevant threat information, and incident reporting to company management and staff, communities and relevant civil or military authorities.
• The UN Guiding Principles on Business and Human Rights emphasise that communicating on how human rights impacts are addressed is a key element of human rights due diligence (see human rights due diligence).
• Ensure communications are accessible to their intended audiences. Consider different formats (e.g. billboards, posters, website) that are appropriate to the local context and available in local languages.
• Provide information that allows internal and/or external stakeholders to evaluate the adequacy of the company’s response.
• Consider sharing ‘lessons learned’ with other companies working in the area.

Regularly evaluate regularly the effectiveness of private security arrangements, including their ability to prevent and mitigate risks and impacts. This is particularly relevant after an incident.

• These evaluations are a component of tracking responses to human rights risks and impacts (see human rights due diligence).
• In cases where security measures have failed to prevent or mitigate risks and impacts, repeat the whole process described in this section to understand what went wrong and why. Identify appropriate alternative measures.
• Incorporate lessons learned into future risk and impact assessments.