Managing risk – Your organisation
Organisations need plan for the risk of threat from domestic extremism in the same way that they plan for any other business risk.
The health and safety laws require employers to:
- look at risk of harm to people in the workplace and make arrangements to tackle them
- appoint a competent person to put the arrangements in place
- set up emergency procedures
- give employees information and training on safety at work.
Organisations at risk from domestic extremism, including animal rights extremism, should use the requirements of the health and safety laws as a framework to plan for that risk.
Business continuity management – ensuring your organisation can cope with a disruptive incident and return to normality as quickly as possible – provides another useful framework for planning against risk from domestic extremists.
There are four steps to managing the risk from domestic extremism to your organisation:
- 1. Identifying the threats and your vulnerabilities
- 2. Deciding what you need to protect
- 3. Putting security measures in place to reduce risk
- 4. Implementing your security plan
1. Identifying the threats and your vulnerabilities
To manage risk you need to start by identifying the:
- types of threats that you face from domestic extremists
- vulnerabilities that domestic extremists can use against you
- damage that the threats and vulnerabilities could cause to your business.
Keep the threats in perspective. Fear is the biggest weapon of domestic extremists, particularly animal rights extremists. Much of the activity by domestic extremists is to disrupt your ability to do business and cause economic damage. Violent attacks by domestic extremists are very rare. However, you need to prepare for the unexpected.
Domestic extremists use a wide range of tactics. Their targets will include your buildings, information systems, staff, customers, suppliers.
The threat may not only come from outside your organisation. Animal rights extremists have been helped by people working for the organisations they have targetted.
Think about:
- what is likely to happen
- where it might happen
- how the extremists might to it
- how it will affect your business.
Ask yourself:
- What does the news tell you about recent domestic extremist activities and the current national and international climate?
- Is there anything about your building, staff or activities that would attract a domestic extremist attack?
- Do you have links to or are you seen as having a special relationship with a high-profile individual or organisation that is a domestic extremist target?
- Does your location mean that you may suffer damage from an attack on a high-risk neighbour?
- Is there any aspect of your business or activities that domestic extremists might wish to exploit to aid their campaigns? For example, data about customers and suppliers, personnel information, routine access to other premises that might be potential domestic extremist targets.
A vulnerability is a weakness that can be used against you. If domestic extremists are able to exploit your vulnerabilities they may be successful in attempts to target your organisation.
Simply doing business with an organisation that is a target of domestic extremists may create vulnerabilities and expose you to threats.
Ask yourself:
- Where is your organisation vulnerable?
- Do those vulnerabilities result from others – customers, contractors, suppliers, visitors?
- What will be the impact on your ability to do business?
Think about:
- partnerships
- people
- systems and processes
- timescales
- buildings
- suppliers
- customers.
Assessing the types of threat that you face and your vulnerabilities will help you to make better decisions about what to do to protect your organisation.
Go to 'Domestic extremist tactics' for more information.
TOPˆ2. Deciding what you need to protect
Identify what you want to protect and the ways in which it is vulnerable to domestic extremist threat. Your priorities for protection will fall in the following categories:
- People – staff, contractors, customers, visitors
- Physical assets – business premises and their contents
- Information – electronic and non-electronic data
- Processes – supply chains, critical procedures.
Domestic extremists may also seek to damage the reputation of your organisation or individual staff – what people think about you – by making false claims.
You will already have plans in place to protect important assets from other threats. How do your priorities for protection from domestic extremist threats fit with the plans you already have?
Think about:
- your plans to deal with fire and crime
- your procedures for assessing the reliability and integrity of staff
- your measures to protect your IT and communication systems from electronic attacks
- your precautions to limit access to your premises and your information.
Ask yourself:
- What do you need to add to each of these plans to deal with specific domestic extremist threats?
- Are there any domestic extremist threats to your priorities for protection that require separate plans?
3. Putting security measures in place to reduce risk
You need to put in place security measures to deter activity by domestic extremists and minimise the harm it may cause.
Use your answers to steps 1 and 2 to help you to decide what measures you need to put in place to develop planned responses to domestic extremist threats.
Remember, domestic extremist campaigns follow an escalating pattern of core tactics. The police will need to know about peaceful, non-emergency incidents – such as polite contact during Phase 1: Lawful protest – as well as criminal activity, in order to fully investigate any domestic extremist campaign against your organisation.
Your planned responses for dealing with domestic extremism will need to cover:
- domestic extremist incidents that do not put your organisation or staff at direct risk of immediate harm
- violent or illegal domestic extremist activity that directly threatens your organisation or staff.
Go to 'Domestic extremist tactics' for more information.
Developing your security plan
Seek advice, talk to others and get more information to help you develop your security plan.
- Consult your staff. They might have valuable ideas to contribute that you have not thought about.
- Talk to trade associations that represent your business interests. Can they give you specific advice about domestic extremist threats facing your line of work?
- Speak to organisations that experience domestic extremist threat. Find out what they do, learn from their experiences.
- Set up a Warning, Advice and Reporting Point (WARP). A WARP is a small-scale communication network that keeps you up to date with threats to your IT system. You can set up a WARP with other organisations at risk from domestic extremist threats.
You can find out more about WARPs from the National Infrastructure Security Coordination Centre (NISCC) website.
- Get advice from the police:
Crime Reduction Officer (CRO)
CROs can give advice about security in the workplace and at home. Their expertise includes intruder alarm systems, close circuit television (CCTV), perimeter protection, access control, asset control. They can also advise on motor vehicle safety and personal safety.
Counter-Terrorism Security Adviser (CTSA)
CTSAs are specialist security advisers based within local police forces who provide protective and counter terrorism security advice to support business. CTSAs can help to ensure that you devise security plans that conform to local emergency planning arrangements. They may direct you to professional organisations that can provide appropriate security solutions.
NETCU
We can help you with assessing risk and can provide one-to-one strategic and tactical guidance, security advice and support.
- Make use of public information to help with developing your plans.
4. Implementing your security plan
To successfully implement your security measures you will need the support of the management team within your organisation.
You will also need to make staff aware of the security measures and their role in making them work. A written policy can help you to achieve this. You will need to make staff aware that a written security policy exists and of its contents.
Finally, to be successful in implementing your security policy, you will need someone in your organisation to take responsibility for security and report to management.
Think about:
- How you will make staff aware of the security measures and what they need to do in the event of a domestic extremist incident
- What internal communication cascades and drills you will need
- How you will liaise with the local police to report and record non-emergency as well as emergency incidents
Ask yourself:
- Is each security measure appropriate to the nature of the threat?
- What procedures will you require to make and keep records of domestic extremist activity, including non-emergency incidents?
- How will you liaise with the police and other services during an emergency incident?
- How will staff to report non-emergency incidents within your organisation?
- What training will you need to provide for staff?
Get feedback from your staff and make it easy for them to raise concerns about the plan so you can revise the plan if necessary.
Reviewing your security plan
You should regularly review and rehearse your security measures to make sure that they continue to support the needs of your organisation.
Things change. Effective security should reflect this, taking into account new threats and new vulnerabilities.
By rehearsing your security plan – practicing your security measures – you will be able to discover any weaknesses in it and make appropriate changes.
You should review and update your security plan:
- after a domestic extremist incident within your organisation
- after a domestic extremist incident in your local area
- after a change in your business practices
- when you receive new information about threats
The security measures you put in place underpin the resilience of your organisation to withstand the threat of domestic extremism, including animal rights extremism, and actual attacks.
Robust, well-planned security measures that you regularly rehearse and review will give you the ability to respond effectively to domestic extremism and protect your staff and your business.
