Steps to Developing a Basic Security Plan

As a continuation of our series about OutRight’s safety and security workshops, we’ll discuss where to start when developing a basic security plan. Please note, this post is not an exhaustive list. It is meant to be mixed and matched with other materials being shared online. The following is a starting point for any organization or individual in the beginning stages of creating a security plan.

First step. Assess the following: threats, risks, controls, and vulnerabilities. An easy way to start this process is to make a list for each item. It will help give an overview of current situations and issues to be evaluated. Here is how we define them: 

Threats Risks Controls Vulnerabilities
Anything that you try to protect yourself against How threats exploit vulnerabilities to obtain, damage, or destroy assets Any mechanism that you can use to reduce your vulnerabilities against threats Any weakness or gap in protecting your assets


It’s necessary to continuously review how the above changes in order to be proactive rather than reactive. 

Once threats and risks have been identified, they must prioritized. Threats and risks can be determined by whether they need to be dealt with immediately or continue to be monitored. We can do this by accessing the probability of occurrence compared to the severity of the threat (see graphic).

  • High Impact: Act Now: having members of your organization attacked
  • High Impact: Continue to Monitor: receiving violent threats against members of your organization
  • Low Impact: Act Now: office security camera is broken
  • Low Impact: No Action: general risk of office being burglarized

Once we have identified and prioritized our threats and vulnerabilities, we can start thinking about how to tackle the most important threats through reducing our vulnerabilities. Sometimes there are basic things we can do in order to protect ourselves against threats by taking simple steps such as ensuring our cell phones are charged and have a power pack. This means that if we feel in danger we will be able to contact someone for help.

An emergency contact list is crucial for ensuring the safety of all members of your organization or group, should something happen. Members should be regularly informed of updates and who has access to this list. An emergency contact list should contain the phone numbers of individuals who can help in difficult situations such as lawyers, other human rights defenders, and any media who are sympathetic to the LGBTIQ cause.

Another tactic that can be taken is to create checklists for those going out into the field that would include useful items should a threat occur. For example:

Another key action or tactic to consider when talking about safety and security is always having a contingency plan or plan B. Even at the best of times, things don’t always go our way. We must be aware of this and have other arrangements in place for when this happens.

Example Security Log

A good way for us to protect ourselves is by finding other groups or organizations that have similar interests and face related threats. As the saying goes, there is safety in numbers. This allows us to share information about potential threats and solutions to threats with each other. It also means that we have support if an issue does arise.

The most essential task we must undertake when facing security concerns, is documentation. We must record and report all threats and breaches of security whether it is digital or physical security. This allows us to speak to authorities and the media, where necessary, in an intelligent and informed manner. If possible, keep a detailed log book to help track events.

Our next segment is entitled ‘Activist Self Care’. Till then, we invite you to share tactics your organization uses when dealing with safety and security via social media using #OutRight.