Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ManagementPhysicalSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingAccess ManagementFire & Life SafetyIdentity ManagementPhysical Security

5 minutes with Hugh Dunleavy - Duty of care is more critical than ever

By Maria Henriquez
5 minutes with
April 20, 2021

As we continue into 2021, it's no secret we are still reeling from the aftermath and impacts that 2020 unleashed across the globe. That's why—now more than ever—it is critical that companies prioritize their duty of care plans, or risk falling behind for good. Below, we speak to Hugh Dunleavy, Senior Vice President, U.S. Operations and Chief Security Officer of Crisis24, a GardaWorld company, about crafting a robust duty of care program.

Security: What is your background and current role and responsibilities?

Dunleavy: I am the Senior Vice President, U.S. Operations and Chief Security Officer of Crisis24, a GardaWorld company. Crisis24 is a large corporate risk management company, providing a full spectrum of open-source business intelligence, risk management, executive protection, crisis security consulting services, and evacuation support to many of the largest and most complex international organizations in the world. I bring in an excess of three decades of U.S. Federal law enforcement, U.S. military, and private sector corporate security and risk management expertise to Crisis24.

 

Security: Why is continuous people risk management and Duty of Care more important than ever?

Dunleavy: “Duty of Care” is a legal term generally referring to an evolving standard of care that a reasonable and prudent organization, risk manager, or executive is expected to take in order to mitigate potential risk to their staff. “Duty of Care” is not a static term; it is an evolving definition which is broad in scope and includes the extended workplace, including business travel and expat assignments.​ Duty of Care may include employee awareness, training, safety, physical security, medical and mental health support. Employer obligations under the Duty of Care standard routinely extend beyond the workplace and traditional work hours and likely includes extended responsibilities to dependents, contractors, business partners, etc.​

Global events present dynamic challenges to organizations and their workforce. Incidents that may affect organizations and staff may occur at any time of day, anywhere on the globe, often with little or no advance warning, and, as is often the case, outside normal business hours. This continually changing threat environment requires a continuous approach to assessing, mitigating, and managing risk. An effective Continuous Risk Management (CRM) program relies upon a well-established process, driven by high-quality, accurate, and timely intelligence, supported by sophisticated technology and professional risk management staff intended to provide proactive and responsive mitigation solutions. A robust Continuous Risk Management (CRM) program is an integral component and provides direct support to an organization’s Duty of Care for its staff.

Duty of Care comes in many forms. In July 2020, Crisis24’s Response Operations Center was notified by a client, a faith-based organization, that one of their missionaries in Nigeria and his family were targeted by Boko Haram and required immediate support. We were able to secure their location, assess their medical condition, and arrange for safe evacuation back to the United States.

One month later, we supported another client, a global NGO, with locating more than 200 expats, traveling staff, and dependents during the explosion in the Port of Beirut. Our security team, using advanced notification technology, began reaching out to these individuals within minutes of the explosion, provided updates to the clients on their status and wellbeing, and in some cases, facilitated medical response.

“Duty of Care” does not always have to be quite as dramatic as these examples. This past January 6th, for example, Crisis24 used its mass notification technology to effectively communicate with our staff working and living in the metro Washington DC area, to avoid the violent protest activity unfolding at the U.S. Capitol. With a number of our team working from home during the COVID-19 pandemic, our Duty of Care extends to ensuring their wellbeing at their home office locations as well.

 

Security: What are the essential elements of a robust Duty of Care program?

Dunleavy: Effective Duty of Care is directly supported by a robust Continuous Risk Management (CRM) program. Organizations require situational awareness into their global risk exposure, and Continuous Risk Management provides the framework for organizations to assess and manage risk. CRM is a process, and as the name implies, a continuous cycle of evaluation that can enable organizations to quantify risk metrics unique to their organization, monitor and assess those risks on an ongoing basis and inform critical decision makers. The intent is to support sound business decisions to mitigate or avoid risk from all hazards that may adversely impact staff and operations.

Essential elements of effective Duty of Care include a robust Continuous Risk Management (CRM) process, intended to support a number of critical components:

  • Monitoring – (timely, accurate, and effective intelligence)
  • Notification
  • Communications
  • Preparation / Avoidance (Training, Pre-Incident Planning, Exercises)
  • Response / Recovery
  • Post-incident Critical After-Actions / Lessons Learned

It is crucial that organizations learn from and improve incident response procedures. Regardless of the scale and impact of a disruption or incident, and the effectiveness of existing control measures, it is essential to take the opportunity to learn from your organization’s response and improve your program.

 

Security: How can businesses evaluate their TRM policy and trainings, and the most common gaps in existing policies?

Dunleavy: Routine evaluation of an organization’s Travel Risk Management (TRM) program and policies is critical to insure effectiveness and support Duty of Care. Benchmarking corporate TRM policies with trusted industry partners is a well-established and effective mechanism of self-evaluation of TRM policy and guidelines. However, semi-annual external TRM policy audit and policy review by a qualified external crisis security consulting provider is the preferred mechanism of TRM program evaluation.

Effective TRM policy consists of proactive and reactive elements, fundamental concepts essential to develop, implement, assess, evaluate, and maintain a formal, organizational-wide TRM program. A robust TRM program establishes a capacity to proactively plan, train, monitor and establish event triggers for travel restrictions. A robust TRM program includes established reactive capabilities and resources to notify, communicate, and respond to traveling staff. A well-established TRM program further supports the recovery of traveling staff impacted by a given incident, and their subsequent potential medical and mental health recovery requirements. The effectiveness of a TRM program depends on strong leadership and requires the support and commitment of senior management and active participation from all staff, to ensure its adoption and integration into the governance of the organization.

 

Security: Why is implementing a Duty of Care program so vital for the long-term survival of a business?

Dunleavy: Providing reasonable safeguards for the most essential assets of any organization to the greatest extent possible is critical. Organizations go to considerable lengths to protect their intellectual property, business and information systems. Companies take significant effort to secure their facilities from all manner of hazard – physical security, fire protection, access control, and information technology security.

The core of all organizations is its people, its staff, contractors, consultants, vendors, and supply chain providers, etc. These critical human capital assets create and drive business; they are the key to the long-term success and survival of any organization.

Aside from the legal requirements and ramifications associated with Duty of Care, which holds organizations, and their executives, responsible to provide reasonable and prudent safeguards for their staff, it is just sound business practice to safeguard your organization’s “crown jewels” – its people.

Organizations, regardless of the nature of their business – defense, energy sector; faith based; academia; food industry, humanitarian, etc.--routinely send their staff to regions where the security situation is marginal at best or the environment has been compromised. Organizations have a legal requirement to insure the “Duty of Care” for their most important assets. Employees are keenly aware of an organization’s responsibilities to its staff. Training, intelligence, 24/7 multi-factor communications with redundancies, geo-location technologies and an effective response plan are integral to providing Duty of Care. Organizations that effectively provide for the security and well-being of its staff, are better able to retain quality staff and accomplish its mission, ensuring a robust capability to provide for the Duty of Care of an organizations staff directly support its success and long term viability.

KEYWORDS: corporate security crisis management duty of care emergency response risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • 5 minutes with

    5 minutes with Satya Gupta: The surge of remote work and its impact on critical infrastructure organizations

    See More
  • 5 mins with Bocek

    5 minutes with Kevin Bocek - Why machine identity management is critical for security

    See More
  • Alan Duric

    5 minutes with Alan Duric – Security, privacy and more

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing