Duty of Care: What is Your Role?
Technology has made many organizations truly global, and global business means that your employees can be anywhere in the world at any time. Having a reliable travel risk management program in place is essential for any business to give employees confidence when they go abroad.
Tim Willis, Director of EMEA Sales for Dataminr, helps enterprise security teams ensure safe employee travel.
Why does a company have to ensure duty of care to its traveling employees?
Willis: There are two components to that question. First is the legal component and the legal responsibility you have as an organization to ensure the right measures are in place to practicably safeguard against reasonably foreseeable risk. However, the legal framework in this regard is still immature in many jurisdictions, so this should be overlaid with a moral component; simply put, ensuring you look after your people when they travel or conduct overseas assignments on behalf of your company is the right thing to do. Ensuring you address both elements effectively can have a tangible return on investment by improving productivity and ensuring overseas assignments are less likely to fail, as well as a more intangible element in that your corporate reputation as a caring employer makes you a more attractive organization to work for.
What does a travel risk management policy entail?
Willis: It needs to be manageable and achievable. We often see lengthy and very detailed policies, yet they are difficult to implement properly and to achieve their intent. Any policy also needs to fit for all regions of the globe with roles and responsibilities clearly defined. First, you should ensure you have an overarching policy defining the intent, supported by procedures detailing how that intent is to be achieved by different business units based on functional or regional variations.
For example, an engineering company may have a service contract component to a sale that necessitates engineers traveling to high-risk destinations to service equipment. However, the sales team may not necessarily need to visit that country, to conduct the deal. Therefore, a blanket travel ban to that destination will not work – the policy needs to balance business need against risk. Nevertheless, in every policy, you should define risk categories for each country to set your benchmark to therefore more easily justify exceptions.
How can an enterprise security director ensure that company employees adhere to travel rules and regulations to ensure their safety?
Willis: All organizations face that challenge and implementation and compliance can depend on your company's culture. Some may be more prescriptive and punitive of transgressions, while others may be more laissez faire. But the program needs to be solid from end to end, and it should include pre-travel risk, informing employees, knowing employees' locations and communicating with traveling employees to support them if an event should take place.
When you are aware of things that can happen, that is a key part of building a culture. When employees understand the intent and start to say "my company is looking out for me," then that good word starts to spread. But you also need C-suite support because if you have a policy and your executive team doesn’t follow it, then no one will stick to it. Other more tactical measures include not paying travel expenses if an employee violates a rule. But generally, the carrot tends to work better to build the culture in an organization.