SECURITY AUDIT AND RISK MANAGEMENT

Prepare for the unexpected by learning about and managing the security risks associated with your operations.

Who is this audit for?

This audit is for non-governmental organizations, activist groups, human rights defenders and alike who operate in a challenging, or outright hostile environment and want to improve their security posture as well as their ability to effectively implement their mission. It's ideal for those who wish to pro-actively understand and mitigate the potential negative impacts of their vulnerabilities.

​

Audit topics

Our risk assessment program is tailored to fit each client's unique situation. We typically cover a broad range of isseus including security of physial assets, personell, operational equipment and office and other property. We also address "soft" issues such as reputational risk for the organization and its leaders. Risk mitigation measures vary according to the risk profile of the client but may include threat management, contingency planning, security protocols, crisis communication, physical infrastructure, relevant staff training and  the use of open-source intelligence (OSINT).

​

Methodology

Our security audit is an interactive process between Pivot Brigade experts and the client's designated staff, including management, front-line employees, and those who will likely have a role in implementing proposed risk mitigation measures. Through a structured group interview, we identify threats that employees have experienced, perceive, or deem probable. We supplement this set of threats with elements we define from an expert point of view. Then, working with the client, we assign probabilities and severity values to the threats and develop the organization's risk matrix. With the matrix, we develop a Risk Management Action Plan proposing one-off mitigation measures, general policies, and operational procedures corresponding to each risk in the matrix. Proposed measures are often technical, operational, organizational, or capacity-building in nature. The Action Plan is finalized with input from the client on available implementation resources. As part of the program we provide advisory support to the client throughout the Risk Management Action Plan implementation, as required.