Healthcare NGO Partners for Risk Management Assistance
It’s a hospital in the sky. Orbis International is a global, non-governmental organization (NGO) that treats avoidable blindness, and it runs the Flying Eye Hospital—an ophthalmic teaching hospital onboard an MD-10 aircraft that travels the world to train eye care professionals and strengthen eye care systems in Africa, Asia, the Caribbean, and Latin America. In addition, the organization offers an online mentoring program and long-term country programs. The NGO’s mission to provide eye care in the areas with the greatest need inevitably puts it in harm’s way in countries with serious security risks.
But also inevitably, budgets and resources are tight for NGOs, and Orbis looked for assistance in managing risk across its global footprint, eventually landing on ADT Commercial’s Enterprise Security Risk Group (eSRG) in 2020.
“Orbis’s global safety and security function is centralized within our headquarters office, based in New York City,” says Manu Nathen, Orbis’s general counsel and chief compliance officer. “While our security personnel are experts in their field, the large scope of the job versus the small size of the team limits their bandwidth. Orbis needed outside advice on scaling systems to address disparate safety and security concerns.”
By working with eSRG—and then ADT Principal Patricia Coureas, CPP, in particular—Orbis was able to leverage a staff of senior executives with experience in law enforcement, military, intelligence, corporate security, and technology communities—services that ADT Commercial provided pro bono to the nonprofit, Nathen says. This enabled the NGO to assess its physical security risks and build a roadmap to a more secure future.
“ADT Commercial set up a series of workshops with various Orbis stakeholders, including global safety and security, the general counsel, and leaders of Orbis’s global program teams,” Nathen says. “These workshops were organized by topic, including safety and security training, surety technologies and supplies, and general risk management. ADT Commercial facilitated each workshop, with subject matter experts leading. The workshops were interactive, with notes taken in real time and reports disseminated quickly afterwards.”
ADT Commercial reviewed three areas in particular: upgrading Orbis’s security risk management system, improving access to security technology and supplies, and enhancing and formalizing the NGO’s safety and security training program, according to a case study from the security company. The framework developed is meant to help Orbis adapt and evolve its current security program, and it included a risk assessment template, a security technology plan, and a safety and security training checklist.
“Orbis implemented essential tools immediately, including a robust checklist to analyze or country offices’ security levels,” Nathen says. “We utilized this checklist most recently when analyzing the security of our new office in Zambia.”
According to the ADT case study: “Orbis and the eSRG collaborated closely, walking through each priority security matter to see what gaps in security existed, and identified areas of improvement to prevent and respond to potential threats to the organization. For each, they agreed upon a solution that addressed the issue efficiently and cost-effectively.”
But for an organization with fewer than 500 individuals on staff, including employees and volunteers, Orbis ran up against a key obstacle with their security risk management goals.
“Our biggest challenge was not with pitfalls in the project itself, but rather with our limited bandwidth to execute on ADT Commericial’s recommendations,” Nathen adds. “We overcame this by being extremely clear on bandwidth constraints upfront and having ADT tailor their recommendations to suit Orbis’s unique capabilities.”
This restriction also informed Orbis’s next steps, he says.
“Because our staff already has limited bandwidth, we want to optimize and automate several elements of our risk management program. We plan to leverage existing IT and information management platforms to address many of the routine tasks that take up a bulk of the security manager’s time,” Nathen says. “For example, we plan to build a dashboard of critical risk information (such as country risk ratings) that decision makers and staff can reference. We also plan to automate incident reporting and leverage security vendors for automated travel risk management services.”
In addition, he adds, “We are planning to reassess, improve, and develop risk management templates to share across departments and functional areas. By standardizing operating procedures and protocols, we will reduce the burden involved with planning and preparation.
“We plan to conduct periodic exercises and rehearsals with crisis and incident management teams to improve staff efficiency when responding to emergencies,” he continues. “By increasing staff capacity in emergency management, we can better maintain business continuity in the face of stressful conditions.”