by: Gian-Rico Luzzi, VMware Senior Manager Physical Security EMEA
Accelerated by the pandemic, globalization, proliferation of mobile workers and other emerging issues, the topic of travel risk management (TRM) as a corporate mandate is now in the spotlight-and with good reason.
One of the most important aspects of TRM is managing the risk associated with health and safety (H&S). This can be broken into two categories, with subcategories that overlap-the risk to the traveler and the risk to the business.
Now, voyager (except …)
The risk to people in this context relates to the physical or psychological harm that can affect the traveler. This could be due to injury, sickness, disease, physical assault or sexual assault. It also extends to accidents, travel-related stress, exhaustion due to inappropriate recuperation, exposure to extreme weather, poor local hygiene conditions, poor medical care, and limited access to prescription drugs or specialist medical care.
Diversity characteristics can also give rise to challenges and risk. There are six countries where being homosexual is punishable by death, around 70 countries and territories that criminalize same-sex relationships, 32 countries that have laws restricting freedom of expression on sexual relationships, and many other countries that have LGBTQ+ rights yet the population is still intolerant. Any of these can give rise to an incident (assault, abuse, discrimination, detention) which could affect travelers' H&S.
Travelers trying to conceal a characteristic may even be exposed. For example, specific medicine types being discovered during airport screening, or if needing to arrange specialist medical care in a hostile location. And LGBTQ+ travelers are not alone. Women, BAME*/BIPOC** and disabled travelers are all exposed to additional H&S related risk.
Call of duty
H&S concerns also pose various risk types to the business, too. The most prominent of these is compliance risk-breaching what are called Duty of Care requirements and ultimately being found negligent by a court of law.
Duty of Care is defined in ISO 31030 travel standards as the moral responsibility or legal requirement of an organization to protect the traveler from hazards and threats. This basically means a business should take reasonable steps to protect their employee travelers from foreseeable harm. Such efforts include ensuring a proportional and customized risk assessment program/framework is in place to disclose and mitigate known risk, now and in the foreseeable future. They also ensure that processes are flexible enough to change as business travel conditions change, such as the frequent alterations in pandemic airport/country protocols that could strand an employee or otherwise have a detrimental impact on travel.
Easier said (and done!)
For businesses, many of the vulnerabilities lie in the processes required to manage the risk, or the lack thereof. The good news is, despite all the aforementioned concerns, implementing TRM within an organization of any size is not as daunting as you might think-if it's done correctly.
An effective TRM program will identify all of the H&S concerns applicable to the company based on its profile, as well as the nature of its industry and type of services. These are then correlated with its travel destinations and the diverse characteristics of its traveling population. Processes must ensure visibility into all planned travel so that trip-specific risk assessment can be carried out. Failure to get this right can potentially nullify risk reduction measures in place as stakeholders may inadvertently be 'blind' to the risk-yet performing a risk assessment is a legal requirement. The key is to ensure the processes are scalable.
That said, large companies with thousands of travelers can't be expected to perform individual risk assessments for every trip. Partnering with experienced and competent third-party service providers may be required-automating risk assessment and disclosing location-specific medical and security risk ratings/levels to all travelers. This makes the entire travel risk process more effective, and enables internal TRM teams to focus attention on trips that are of elevated risk.
Making a commitment
For an organization adopting travel risk management and the systematic approach outlined in ISO 31030, there is a single major factor that will determine success-commitment from leadership. As with any company-wide initiative, top management should take and demonstrate ownership of the travel-related risk. This guarantees TRM policy and objectives are established and integrated into business processes, resourced appropriately, and promulgate the need to conform to TRM policy and processes. If leadership support and commitment are not achieved, TRM mandates essentially become a series of fragmented and ad-hoc protocols that fail to adequately prepare and protect travelers and the business.
Check back soon for the third blog in our TRM series that will cover specifics regarding best practices for TRM deployment. In the meantime, check out our first TRM blog and ISO30310 blog.
*Black, Asian, and minority ethnic **Black, indigenous, people of color
VMware on VMware blogs are written by IT subject matter experts sharing stories about our digital transformation using VMware products and services in a global production environment. Contact your sales rep or firstname.lastname@example.org to schedule a briefing on this topic. Visit the VMware on VMware microsite and follow us on Twitter.