risk mitigation plan

Risk Mitigation Plan

DAI Confidential August 15, 2019

KENYA NIWAJIBU WETU (NIWETU)

Project Risk Mitigation Plan

Award No: AID-OAA-I-13-00013/AID-615-TO-16-00010

Prepared for:

United States Agency for International Development/Kenya

C/O American Embassy

United Nations Avenue, Gigiri

P.O. Box 629, Village Market 00621

Nairobi, Kenya

Prepared by:

DAI Global, LLC

7600 Wisconsin Ave, Suite 200

Bethesda, MD 20814

DAI Confidential

NOTE

This is a “pre-event” plan designed to mitigate risks for

NIWETU, as opposed to the Incident Management Plan (IMP),

which is used “post-event.” The IMP provides guidance for

managing various incidents and is available in the NIWETU

project office and on the DAI Portal.

The plan is a living document that is updated regularly based on

changes in the operating environment, political realities and

ongoing project learning. Should there be a Standard Operating

Procedure change, staff will be informed via the Security Focal

Point (SFP), Ibrahim Somo, and an updated version of the plan

will be circulated.

Kenya NiWajibu Wetu (NIWETU) Risk Mitigation Plan i

DAI Confidential

Contents

Project Operations Overview 1

Introduction 2

Security Situation 2

Potential Risks and Mitigation Measures 4

Security Concept and Measures 6

Roles and Responsibilities 7

Information, Reporting and Analysis 8

Standard Operating Procedures 8

Incident Management 12

Communications 13

IT Infrastructure Security Measures 13

Medical Issues 16

Annex A: Security and Emergency Contacts (as of 17 Oct 2016) 18

Annex B: Warden System (as of 17 Oct 2016) 20

Annex C: Hibernation, Relocation and Evacuation Plan 22

Annex D: Staff Security and Safety Guidelines 24

Annex E: Risk Category Matrix 25

Annex F: Vehicle Safety Guidelines 27

Annex G: Local Health Care Providers 30

Kenya NiWajibu Wetu (NIWETU) Risk Mitigation Plan 1

DAI Confidential

Project Operations Overview Type of Staff Number Notes/Description

Cooperating Country Nationals (CCNs) 26 Includes LTTAs and local support staff

Expatriates (Expat) and Third Country

Nationals (TCNs) 3 Chief of Party (COP), Director of Grants and Operations

(DEPUTY DIRECTOR OF OPERATIONS) and

Communications Officer, Expat LTTAs

Offices Number Notes Description

Nairobi 1 House #82 UN Crescent

Gigiri, Nairobi

Garissa 1 Nomads Palace Hotel, off Kismayo Road

Mandera 1 Redsea Resort Hotel, Mandera Town

Isiolo 1 Ebada Plaza, Isiolo Town

Wajir 1 Red Cross Office, Wajir Town

Travel Notes/Description

In-city Project travel shall take place in project vehicles or

transportation services procured by the project. As needed,

vetted taxis may be used.

In-country Project travel shall take place in project vehicles, ground

transportation services procured by the project, or plane.

TAMIS requests need to be initiated for any project travel

outside of Nairobi. The Kenya-Somalia border regions

require due diligence for all staff and must be cleared by the

SFP.


DAI Confidential

Introduction This Risk Mitigation Plan will ensure your familiarity with the security procedures, requirements

and security information as they relate to project staff. This is not a policy document; rather,

this plan outlines practical procedures related to DAI security policies. For security policies,

please refer to the DAI Field Operations Manual (FOM), Section 11: Project Security and Safety.

Every member of the project has a responsibility to promote security, and is required to follow

all rules and procedures contained in this Risk Mitigation Plan. Failure to do so could endanger

your life, put others at risk, and place the project in jeopardy. The Risk Mitigation Plan is

designed to help keep you and your colleagues safe, and to enable our projects to run safely.

The COP has overall responsibility for enforcing the Risk Mitigation Plan. The Risk Mitigation

Plan will be updated periodically, but all staff are encouraged to contribute to the plan through

the COP as needs arise.

All staff, whether short- or long-termers, must read this Risk Mitigation Plan. Failure to comply

with security protocols can result in the dismissal of the staff member from the project. This

Risk Mitigation Plan is a confidential document and is not to be disseminated to any other party

without the written permission of the COP.

SUPPORTING DOCUMENTS

Hard copies of this Risk Mitigation Plan and supporting references are kept in the office of the

DEPUTY DIRECTOR OF OPERATIONS.

Supporting references for this plan—available on the DAI Portal or on the Project Technical

and Administrative Management Information System (TAMIS)—include:

▪ Field Operations Manual: Section 11. Project Security and Safety of the Field Operations

Manual (FOM), where this template is housed, outlines DAI’s Security Policy and

important procedures on day-to-day project security management and incident

management.

▪ Project Security Plan Guide: Provides guidance on how to create the project security plan.

▪ DAI’s Project Resource Manual: Provides common features to many insecure situations

and events, supporting Standard Operating Procedures (SOPs) and guidance.

▪ The Incident Management Plan: Used for managing emergencies and incidents at the

project level. The Incident Management Plan contains guidance on how to manage an

incident, a communication plan, information collection tools and action checklists. It also

includes an introduction to various threats DAI projects and staff might face as well as

guidelines on mitigating these threats.

Security Situation Kenya faces a complex variety of security threats, including ethnic and religious tensions, high

crime rates and a heightened risk of terrorist attacks. Ethnic violence is a notable concern and

major political events, including elections, are known to exacerbate the threat. While civil

unrest related to the 2013 general elections was generally limited to western Kenya, including

Kakamega and Kisumu Counties and the coastal county of Tana River), violence was


DAI Confidential

widespread during the 2007 elections. Ethnic disputes over natural resources, particularly in

rural counties such as Marsabit, Samburu and Tana River, frequently escalate into violent

conflict.

The high rate of crime, particularly in urban areas, constitutes a major threat. Nairobi possesses

high crime rates from a variety of criminal acts, including opportunistic petty theft (pick-

pocketing and snatch-and-grab) and armed violent crime (armed muggings, carjacking,

residential and business burglaries). Criminals regularly wield weapons during crimes and display

a willingness to shoot uncooperative or hesitant victims. Kawangware, and similar estates in

Eastlands, reportedly suffer from the highest rates of gun-related crime. However, violent

crime commonly occurs in Dandora, Eastleigh, Embakasi, Gikomba, Kariobangi North, Kibera

and Korogocho. Large crowds have the potential to incite and escalate mobs and to increase

the risk of criminal activity. Outside of Nairobi, banditry in rural areas and along roads increase

after dark. The threat of kidnapping is also present, particularly in areas near the Somali

border. Recent acts include an attempted kidnapping of an international humanitarian staff

member on a convoy near the Dabaab refugee complex in 2014 and the successful kidnapping

of a Kenyan NGO worker from the Dabaab refugee camp in 2015.

Kenya has a history of terrorist attacks. Such threats have elevated since 2011 when Kenya

commenced military action against al-Shabaab (AS) and Islamist rebels in Somalia. AS has

subsequently executed and attempted attacks throughout Kenya, with Dadaab, Garissa,

Mombasa and Nairobi experiencing higher threat levels. The range of targets is varied, including

churches in the border areas with Somalia, Nairobi’s Eastleigh neighborhood, religious

gatherings, population centers and police/law enforcement. Over fifty attacks occurred in 2015,

largely in the northeastern counties of Garissa, Mandera and Wajir and the coastal county of

Lamu. The most prominent AS attack was on Garissa University, which left 147 dead. Other

attacks included assaults on police forces, and bus hijackings. Small-scale attacks remain the

most prevalent, but the U.S. Embassy indicates a continued risk of attacks targeting foreign

interests, including the recent January 2019 attack on the 14 Riverside complex.

Violent civil unrest continues to threaten many parts of Kenya, including Nairobi. While

political events are known to cause unrest, ethnic tension and conflict are additional sources of

potential violence. Population displacement in the western provinces and the Rift Valley remain

unresolved. The 2017 planned general elections were a source of concern, with past elections

marked by violence. Within Nairobi, protests may result in road blockades and demonstrations.


DAI Confidential

Potential Risks and Mitigation Measures NIWETU recognizes that there are potential risks based on both the country of operation and

the focus of the project that could impact implementation. Where feasible, NIWETU will take

the necessary steps to seek to mitigate these risks. If risks cannot be mitigated, NIWETU will

make recommendations for the way forward based on the details of the situation.

The following chart outlines the major risks, accompanying mitigation measures and response

plans for key issues that may impact NIWETU implementation. This list is not exhaustive.

Through the ongoing environmental scanning occurring under the project, NIWETU will update

its contextual awareness in key areas and aim to forecast trends or potential issues as they

arise. Using this ongoing information stream, risks will be assessed and mitigated as best as

possible.

As detailed in the rest of the plan, the issues listed below are not the only concerns for

NIWETU, but represent the most salient threats to ongoing implementation of the project.

Issue Mitigation Measure Response Plan

Shift by the Government of

Kenya towards implementing partners working in the CVE

space

Re-brand program with a

unique name so as to not use the phrase “CVE”. Open

communication with USAID

to remain abreast of current

thinking and attitudes.

Work with USAID to shift

language and posture of programming away from

CVE.

Project subject matter and

beneficiaries of sensitive

nature

Adopt a “low profile”

presence befitting the local

culture in all regions. Mimic

surrounding buildings, limit

visual and physical exposure

and avoid using USAID

branding on buildings and

vehicles. Use information

from ongoing environmental

screening to understand

changes in attitudes towards

the project.

Train all staff on how to

maintain a low profile and on

the importance of discretion

when discussing project

activities. Develop talking

points to be used by all staff.

LTTA Expat work permit

and/or associated dependent

passes processing time

Submit work permit packages

directly upon arrival and

carry proof of filing

paperwork when travelling.

Frequent communication

with USAID and consistent

tracking of the status of work

permit packages, TAPP cards,

etc.

LTTA Expatriate work

permit and/or associated

dependent passes denied

Consistent planning and

proactive mentoring:

NIWETU Deputy Director

of Operations consistently

Demobilization of affected

staff member/s, shift to

remote management posture

where certain functions are


DAI Confidential

mentors, and Chief of Party

consistently mentors DCOP.

managed by offsite personnel

and transition certain

authorities (TBD) to local

counterparts.

Official detention of staff

while conducting project

activities

Slow, proactive and

intentional engagement in

NIWETU’s areas of

operation so that local

government and law

enforcement are aware of NIWETU’s objectives and

are familiar with staff

movement patterns.

Immediate engagement by

the senior management team

with DAI’s local lawyers;

immediate communication

with USAID COR and, under

her advisement, the EXO and RLA. Program team use

relationships with County

Commissioners, and local law

enforcement.

Major destabilizing event NIWETU will use a Risk

Category Matrix (Annex E)

to categorize the security

environment within a town

or city. NIWETU will have

dedicated staff members

charged with constantly

monitoring the political

environment and will have a

communication plan to

ensure all staff are informed

and aware.

Detailed Hibernation,

Evacuation and Relocation

Plan clearly outlines multiple

scenarios and stages as

applied to major events.

Problems moving cash at the

county level

The project will use Standard

Chartered Bank’s ‘M-Wallet’

application to provide staff

cash via M-Pesa for field use.

NIWETU will avoid cash

payments to grantees, using

checks and money wires for

payments. Standing Blanket

Purchase Agreements with

service providers.

High crime rate in Nairobi

(Office)

Security measures in the

office will include guard

services, alarm and panic

buttons, reinforced windows and doors and an access

control system. All staff will

be trained on SOPs as

outlined below in the plan.

NIWETU will avail itself of

private security and law

enforcement support.


DAI Confidential

High crime rate in Nairobi

(Personal)

All staff will be trained on

SOPs as outlined below in

the plan.

NIWETU will avail itself of

private security and law

enforcement support.

Communication and

Information Security

Only staff are permitted to

use DAI-provided

computers. DAI-provided

computers are equipped with

malware and hardware

security locks. Information

will be stored on a private server procured expressly

for NIWETU. WPA2-

encrypted wireless network

protocols will be in place to

support protected internet

access. NIWETU will use

Skype and WhatsApp,

encrypted virtual platforms,

for online and telephone

communications. All

hardcopy files containing

personal information will be

secured in a locked room.

The DAI home office has the

ability to wipe and clear

computers and the server

remotely. Backups of the

server are in Bethesda,

Maryland so information

continuity remains.

Security Concept and Measures To implement projects of this nature safely, staff must project a “low-profile” presence that is

befitting to the local culture in all regions. At the county level, this requires staff behavior to be

above reproach and commensurate with the local culture. NIWETU physical security measures

must balance low-profile compatibility with the local surroundings and adequate protection

against major security risks. This requires that NIWETU mimic surrounding buildings as much

as possible, avoid using USAID branding on NIWETU buildings and vehicles and ensure that

staff clothing and attire is commensurate with norms established in the area/s in which

NIWETU personnel are travelling.

The SFP will manage day-to-day security and implement DAI’s low-profile strategy while liaising

with the COP.

The office will be guarded by security personnel 24/7 and CCTV cameras will monitor the overall

building complex. The NIWETU office is secured by an alarm system along with strategically-

placed panic buttons which, when activated, will trigger a response from the security provider.


DAI Confidential

NAIROBI CONCEPT

Although the NIWETU program based in Nairobi is not deemed to be exposed to any specific

risks, staff are vulnerable (as are the rest of the population) to residual risks such as criminality.

In the current environment, this does not impact NIWETU operations.

SOMALIA-KENYA BORDER REGION AND NON-PRESENCE AREA CONCEPT

Staff not designated to work in these areas should not proceed to the border regions unless a

full risk assessment has been carried out and mitigation measures have been put in place.

Designated local staff may operate in these areas, but must have reporting structures put in place.

For the provision of security, NIWETU staff will generally rely on community acceptance.

Roles and Responsibilities The COP has overall responsibility for the safety of project staff, the project and its assets. All

major security decisions, including those related to procuring equipment, hiring security service,

and handling major security incidents, shall be approved by the Global Security Director or

designee before purchase or action.

The DCOP is the SFP for the project and is responsible for:

▪ Reporting directly to the client and Department of Global Security on security-related

issues.

▪ Updating the Risk Mitigation Plan and managing safety within the project.

▪ Informing and coordinating with staff on security, including decisions made by the client

or others affecting the security of staff or projects.

▪ Coordinating emergency contingency plans such as evacuation, medical or otherwise, of

staff.

▪ Monitoring the security environment.

▪ Scheduling periodic security training and drills, and testing systems and equipment

especially before anticipated events that might have security implications (such as

elections).

▪ Providing visitors, STTAs and new staff with a security briefing.

For non-presence areas, each traveling team will appoint a Traveling Warden (TW). The TW

will be the most senior traveling team member and will be responsible for:

▪ Ensuring that the traveling team receives a security briefing pre-departure.

▪ Establishing on the ground contacts and sharing lodging information with the traveling

team.

▪ Filling out the Warden System with the traveling team’s contacts.

▪ Ensuring that vehicle preparation is conducted per Annex F guidelines.

▪ Establishing a check-in schedule with team and reporting to the SFP as predetermined.

▪ Reporting to SFP/RSFP any security events impacting staff safety while traveling.

▪ Ensuring that satellite phones are tested and functioning pre-departure.

All project staff (LTTA, STTA, ICAs and others) are responsible for:


DAI Confidential

▪ The safety and security of themselves and co-workers.

▪ Adhering to security instructions issued in the plan or others issued by the SFP.

Staff have a responsibility to report to the SFP any of the following;

▪ Any threat or incident directly affecting staff safety or project continuity.

▪ Updates on the security situation in their area of responsibility.

▪ All travel plans including contact information and estimated dates of travel.

Information, Reporting, and Analysis NIWETU will get security information from the United States Embassy via SMS and email as

well as through the USAID Kenya PLSO and UNDSS/NSP reports circulated by Global Security.

Some staff members will subscribe to SMS alerts and disseminate the information through the

Warden System. Information from iJET, ISOS and other open source or contracted sources is

also employed. The SFP will monitor the news and inform staff of any issues or security

concerns.

See Annex A: Security & Emergency Contacts for a list of contacts in the event of a

security incident.

See Annex B: Warden System for further details about the Warden System and protocol.

Standard Operating Procedures

OFFICE SAFETY AND SECURITY

• No firearms are permitted in DAI CVE offices.

• All staff are to be sensitized and trained on basic security protocols.

• All offices have security guards 24/7 with access control systems in place.

• A key registry must be kept.

• Entry to vendors is not allowed beyond the reception area.

• All LTTA expat, TCN staff and STTA DAI employees traveling to the project must register

their details on iJET Worldcue (https://traveler.worldcue.com).

• Do not use public transportation on duty except for NIWETU-designated taxis and other

taxis.

• Do not have cell phones clipped to the side (belt). Cell phones are better kept inside

pockets.

• Do not count money in public or carry large amounts.

• All security-related incidents must be immediately reported to the SFP.

• All staff must carry a phone at all times.

• Any phone number and/or address changes must be reported to the DEPUTY

DIRECTOR OF OPERATIONS in writing.

• Security vehicle and personnel searches shall be followed by all staff no matter the position

or nationality.

https://traveler.worldcue.com/


DAI Confidential

Access Control and Security Guards

Access to the NIWETU office, located at UN Crescent House no; 82 Gigiri will be controlled by

a combination of personnel and an access control system (thumbprint). Access to the office must

be requested by HR for new employees and will be approved by the DEPUTY DIRECTOR OF

OPERATIONS. Vendors will be required to go through security screening at the main gate and

will be hosted in the reception area on the front desk, which also serves as waiting area for the

guests.

NIWETU hires security guard to protect the premises from theft. The security guards also

provide access control to the office compound. The Deputy Director of Operations is the point

of contact for issues related to compound security guards. Guard SOPs are issued by KK security

in consultation with NIWETU field security officer.

Safe Room

The safe room in the office is designated as the current Chief of Party office room located on the

first floor. In case of an emergency, staff should gather in this location.

Assembly Point In the event of an emergency, staff should gather in the safe room, and decide on next steps,

guided by the SFP. The evacuation location and assembly point will be the front garden of the

compound. In the case of fire, staff should exit the building, and convene in the assembly point.

Emergency Provisions and Equipment

There will be two Kenyan Red Cross-compliant first-aid kits available in the office. One will be

located with reception, the other in the kitchen.

The Operations Assistant is responsible for inventorying the provisions monthly, keeping track

of expiration dates and maintaining the emergency provisions at the office.

Administration

The below files are maintained by the Deputy Director of Operations and are kept with the HR

files in hardcopy and on TAMIS.

▪ An Emergency Information Form for every Expat, listing his or her name, date of birth,

next of kin/emergency contact information, insurance carrier information, blood type,

medications, allergies and medical qualifications.

▪ Copies of passports, visas, insurance cards and ISOS cards.

STAFF SAFETY AND SECURITY

Project Staff Personal Security

All staff must abide by security directions given by the SFP or DAI/W security team.

There are no restrictions on travel around Nairobi, but common sense – such as avoiding slums

and high crime areas – must be applied.

It is advised that all staff take taxis or drive at all times while in Nairobi. Walking, particularly

while carrying a bag that could potentially store a laptop or other electronics, often attracts

thieves who use force or the threat of force to extract personal belongings. Vehicle windows

should remain up at all times.


DAI Confidential

There is currently no curfew in Nairobi or the counties in which NIWETU works. In the event

that a nighttime curfew is called, international and local staff must abide by the instructions

given. In the event that a complete curfew is in effect, staff should work from home.

See Annex D: Staff Security and Safety Guidelines for guidance on common responses to

the security threats and risks prevalent in the project’s area of operation.

Subcontractors and ICAs

During emergencies, DAI will coordinate with subcontractor POCs, but the ultimate

responsibility for response - or at times of extreme insecurity, evacuations - will lie with

individual subcontractors. Unless stated otherwise in writing, subcontractors are responsible

for their own security while conducting work for NIWETU.

DAI has one subcontractor, Wasafiri Consulting-Kenya, on the NIWETU project. Wasafiri will

not be co-located with the NIWETU project team nor will they rely on DAI for travel support.

TRAVEL

The home office Project Associate is responsible for coordinating all expat and STTA travel

with the home office. All international travelers must activate their iJET accounts and ensure

that their itineraries, including flight numbers and hotel locations, are loaded into iJET. Any

changes should be immediately updated in iJET.

The Project Associate shall monitor all project-related travel. In-country travel policies and

procedures are included in this manual.

While on travel, the designated TW should contact the SFP in the Nairobi office at least once a

day and make travel adjustments based on any pertinent security updates. If personnel are

travelling in an area of poor mobile phone reception, they must take appropriate measures (i.e.,

regular email contact or communication using satellite phones). Changes in itineraries should be

communicated to the Nairobi office immediately. All travel outside of Nairobi must be cleared

by the SFP in advance and approved through TAMIS.

Travel in Nairobi

While there are no restrictions on travel around Nairobi, common sense—such as avoiding

high crime areas —must be applied. TAMIS requests need to be initiated for any project travel

outside of Nairobi. The Kenya-Somalia border regions require due diligence for all staff and

travel to these areas must be cleared by the SFP.

Lodging in Nairobi

NIWETU STTA and consultants will stay at either approved hotels or personal lodging in the

city. Hotels will need to be recommended and approved by the SFP/COP.

Travel Outside Nairobi

All travel outside of Nairobi must be approved through TAMIS. Given consistent fluctuations in

security in the counties, travel, and any restrictions that apply, will be evaluated at the time of

the request.

Lodging Outside Nairobi

All staff will be required to stay in NIWETU approved lodging.


DAI Confidential

VEHICLES AND VEHICLE TRAVEL

Vehicles are managed by the Deputy Director of Operations or their designee. Vehicle and

driver SOPs and checklists are located in the Deputy Director of Operations’s office. Basic

SOPs are included below. Full SOPs and other information can be found in Annex F: Vehicle

Safety Guidelines.

General

• Only employees are allowed to travel in project vehicles.

• Local speed limits and road laws must be obeyed.

• Do not leave valuable items in sight in an unmanned vehicle.

Drivers

• Drivers should be used at all times unless dispensation is received from the COP.

• Drivers must carry out vehicle checks per the “Vehicle Checklist” weekly and prior to

field visits.

• No driver under the influence of alcohol or drugs will be allowed to drive.

• Drivers will be held accountable for equipment in vehicles.

• Drivers must apply central locking when traveling.

• No driving after nightfall is permitted unless deemed as an emergency or due to a

breakdown.

• If caught out at night, drivers must locate the nearest Hotel or ‘safe haven’.


DAI Confidential

Incident Management In the event of a security-related incident, project management will use DAI’s Incident

Management Plan. They can also use DAI’s Department of Global Security, which will lead Crisis

Management within the home office. Contact details can be found in Annex A: Security &

Emergency Contacts.

INCIDENT MANAGEMENT TEAM

The COP, DCOP and DEPUTY DIRECTOR OF OPERATIONS will comprise the project

Incident Management Team (IMT).

SFPs from additional DAI projects will comprise the Country Incident Management Team for

events that may affect multiple projects (such as staff abduction, natural disasters, wide-scale

unrest and evacuation).

Responding to Extreme Insecurity

In an extreme insecurity event, the COP will work with DAI/W and the SFP to determine the

appropriate course of action. This is typically hibernation, relocation or evacuation. See Annex C: Hibernation, Evacuation, Relocation Plan. Evacuation of all staff may not always be

appropriate and is not the immediate response in most cases.

In order to be able to measure risk and apply appropriate security measures, it is necessary to

have a matrix in which tripwires trigger a set of precautions for the project to abide by. While

these are not elaborate, they heighten staff awareness and assist them in understanding at which

security level they are and what procedures to follow.

A Risk Category Matrix is used to categorize the security environment within a town or city.

This will inform the SOPs to be followed and is useful especially for travel management and

hibernation, relocation and evacuation situations. This matrix will be primarily utilized by the

security office, but all staff should be familiar with it. See Annex E: Risk Category Matrix.

USAID may send out a ‘Mandatory Evacuation’ or an ‘Ordered Evacuation’ notice, which tend to

be more formal and political in nature. The NIWETU Nairobi office will assist in the coordination

of any option and ensure that communication protocols are kept open. The evacuation will

normally consist of all Expat and TCN personnel and dependents. In most cases, DAI will not be

able to assist local staff. The COP and SFP need to be cognizant of possible evacuation ‘indicators,’

such as regional disturbances, terrorism activity, political/electoral violence, increased direct

threats to NIWETU, recent civil disturbances and violence.

Roles and Responsibilities

The IMT and Crisis Management Team, in consultation with the client and the DAI/W Executive

Team, shall clear any decision to evacuate host countries. While the probability of a security

evacuation for Nairobi-based staff is low, the IMT will need to plan for project continuity in the

counties. The project continuity plan should, at a minimum, include: Schedule of Authorities, local

Acting COP appointment, schedule of payments, and contracts and important documentation

archiving.


DAI Confidential

Items to be Carried with All Evacuees:

▪ Passport

▪ Other forms of personal identification

▪ USD200 or equivalent in cash, minimum ▪ Mobile phones with credit

▪ Copy of passport and visa (this will expedite the reissuing process, if lost)

Communications Security communications should be reported up to the SFP who in turn reports to the COP

and, if applicable, to DAI/W. If an incident happens on the ground that requires “incident

management,” then this flow is the same and it is reciprocal from the SFP and COP. The SFP’s

primary role is to account for their staff, manage the immediate incident and ensure compliance

with the Risk Mitigation Plan.

The project will use a Warden System for emergency communication. See Annex B: Warden

System for contacts and instructions.

The primary means of communication during a crisis in an urban area is a cell phone. The back-

up communication method is SMS. In the counties, satellite phones will be issued and utilized.

Email will also be utilized in all locations. Phones stationed at the offices will be tested for credit

as well as functionality by the TW before the team departs for travel.

See Annex A: Security and Emergency Contacts for radio/television station information

that can be used during a crisis.

Additionally, NIWETU will start a project WhatsApp group which will include DAI/W staff,

such as the Project Manager and Project Associate, and can be used to communicate during

security situations or emergencies.

IT Infrastructure Security Measures

PHYSICAL SECURITY

Physical security is an important aspect of information systems security. To ensure physical

security for project offices, DAI is based in a secured office compound with security guards and

intrusion detection. Physical security measures for the server room and computer equipment

include:

▪ AC to control temperature and humidity;

▪ Server UPS devices with environmental monitoring (temperature and humidity);

▪ Stabilizers and power conditioners for the server and communication equipment as needed;

▪ Grounding for the rack and electrical outlets;

▪ Locked server room with limited access by authorized personnel only; and

▪ Surge suppressors and locks for client equipment.


DAI Confidential

Additional measures to improve physical data security include storing backup tapes/drives in a

fireproof safe on-site and off-site in a secure location.

NIWETU currently has a locked file room and shredder to destroy paperwork, if necessary.

Staff will be advised that day-to-day documentation should not be left unattended on desks.

Any documentation with personal information of the team needs to be filed and locked or

destroyed. The DEPUTY DIRECTOR OF OPERATIONS will provide the protocol to the team

for how to destroy hard files, including HR, grant, and finance files, during routine security

training.

NETWORK SECURITY Network security involves deploying a DAI-owned hardware firewall for each project office.

This firewall is positioned between the DAI LAN and ISP owned router or modem. Firewalls

are configured for Network Address Translation (NAT), Port Address Translation (PAT), Port

Filtering and Access Control Lists and VPN with 160bit 3DES or 128bit AES encryption to

provide reliable internet connectivity, network security and secure exchanges of voice and data

between headquarters’ and program office servers. Firewall software also keeps networks safe

from viruses, intrusions, botnets, spyware, Trojans, worms and other malicious attacks.

Wireless access points are used in offices to provide internet access for guest users and are

separated from local LAN through the implementation of DMZ and restrictive access lists. They

use the WPA2 pre-shared key protocol.

Antivirus Endpoint Security is used for centralized antivirus management on both servers and

client equipment (desktops and laptops). This protects against viruses, network attacks, spam,

spyware and other malicious programs.

Access to corporate applications housed in Bethesda and other secure sites is protected by

VPN and HTTPS/SSL.

Windows firewall as well as the locking of screens after a certain period of inactivity (defined in

the AD policies) is activated on all client computers.

APPLICATION SECURITY Application security is ensured through regular maintenance and appropriate access control.

Server, firewall and client operating system and software updates are done weekly, monthly and

quarterly as part of regular maintenance or as needed if security threats are detected. IT

support will conduct weekly back-up of the servers in each office. Firewalls and server updates

are conducted on a monthly basis. All updates on individual laptops and desktops are

completed through server authentication. This ensures all updates on individual laptops and

desktops are properly done.

All laptops and data have Kaspersky encryption software. All servers have a high degree of

encryption to protect grant, finance and procurement files. Only those with appropriate IT

administrative rights are able to access servers. On a daily basis, project data is replicated on

home office servers, thus creating a daily back-up of project data. As a practice, external hard

drives have encryption software. NIWETU does not encourage staff to use thumb drives for

official project data. All staff are highly encouraged to save their project/program work on the

public drive which is backed-up by the server.


DAI Confidential

All emails on smartphones are also encrypted using Microsoft Outlook.

Encryption includes dual security with 128bit key level. All data between offices is shared using

VPN Tunneling with a high level of encryption and security.

System performance is monitored on-site by a trained local System Administrator and remotely

by the DAI Headquarters IT team in regular intervals or when the issue is escalated.

Access control is managed through active directory user accounts with restricted privileges on

logged computers where local administrative privileges are reserved for those who have

received appropriate training and authorization (system administrators).

DAI System Administrators also monitor network devices and server logs.

In addition, application level access control (based on user position and privileges) is used on all

corporate applications (portal, project management and financial applications).

Passwords consist of at least 8 characters (64-bit) alphanumeric and expire after 90 days.

DATA SECURITY AND DISASTER RECOVERY DAI uses disk level encryption software with DOD approved algorithm to encrypt client

equipment (desktops, laptops) in all office locations. In addition, DAI uses encrypted folders for

remote users and encrypted traffic over the internet as well as WPA2 encryption on wireless

networks (as recommended by the NSA).

Data back-up is taken daily, weekly, monthly and yearly to ensure data can be recovered in the

event of equipment issues or disasters. Back-up media will be kept in secure locations.

Mobile devices which contain any business information, such as email, will have remote wipe

capabilities enabled.

Access to email over the web is protected by HTTPS/SSL.

DAI has a standing disaster recovery policy and procedures that support continuity of operations of DAI Headquarters and project/program sites. DAI’s Disaster Recovery Plan and

accompanying procedures describe the data center disaster recovery plan for both the DAI

main computing facility and supporting systems. It details how the various organizational units

intend to discharge their responsibilities in the event of a disaster. It also describes the

provisions and safeguards, which are undertaken in preparation for such a contingency. The

Disaster Recovery Plan provides for the continuation of essential technology services and

corporate administrative information processing activities during the period, which may be

required for recovering from a disaster. DAI’s data and communication services are distributed

between servers in Bethesda and remote secure locations in the U.S. Project/program sites are

part of the overall disaster recovery planning, however, the specific procedures for a particular

site may also be governed by the country/location and may be in line with the project- and

location-specific security plan in the event of crisis.

At the project site level, critical program/project management data are contained in the

Microsoft Outlook and TAMIS which are replicated with DAI Headquarters servers at regular

intervals. Application level security is applied to the project management database based on

user position and privileges. Financial system data are uploaded twice a month to the corporate

financial system and all back-up documentation is uploaded to secure cloud storage.


DAI Confidential

DAI Headquarters IT Support staff monitor network and server activity and can revoke

privileges to any staff within minutes (if required).

TRAINING AND STANDARD OPERATING PROCEDURES Due to the nature of NIWETU, the project will train staff on day-to-day information security good practices, such as locking up laptops, locking computer screens when leaving workstations

and not leaving printed documents with sensitive information on the printer. Special care will be

taken to safeguard financial, grant and procurement related files. The finance, grant and

procurement offices will have separate MFP printers and locked offices. The training for end

users will be adjusted to include additional training and increasing the awareness of phishing and

other “softer” information security attacks that, for example, might target staff using familiar

names/emails or websites. Chrome browser has built-in sandboxing capability and will be

recommended for use for all needs that involve internet browsing.

Mobile devices like smartphones will have remote-wipe capabilities enabled and anti-virus

installed, and staff will be instructed how to act and report issues or theft. Staff will also be

trained on how to manage GPS capabilities in mobile devices and on how to minimize risks

when on field assignments.

In addition, DAI operating procedures and policies contain instructions on the use of network

resources and systems and also contain guidelines about social media use. Staff will be trained

on these policies and will be required to review them and sign acknowledgement forms.

Medical Issues Basic modern medical care is available in Nairobi and some counties, but falls below western

standards. While private clinics in Nairobi provide better care, the remaining areas of Kenya

have poor medical services due to substandard equipment, facilities and medical supplies. The

U.S. Embassy advises that the blood supply is considered unsafe and that blood should come from

trusted sources, including friends and family.

See Annex A: Security and Emergency Contacts for a list approved hospitals.

See Annex G: Local Health Care Providers for a list of medical care providers issued by the

U.S. Embassy.

MEDICAL AND EMERGENCY KITS

Office medical kits are kept at reception and in the kitchen. Each vehicle has a medical kit.

The Administrative Assistant is responsible for checking kits at least monthly and maintaining

the kit inventory.

MEDICAL EMERGENCY AND EVACUATION

Medical evacuation of staff while traveling will be coordinated by the SFP from Nairobi or his/her

designee.

Medical evacuation of NIWETU expat and TCN employees and their dependents, and

Independent Consultants hired through Bethesda will be coordinated by International SOS.

Incidents should be reported to the SFP immediately and personnel can dial International SOS


DAI Confidential

directly or via the DAI Crisis Line. Staff must carry the International SOS account number

(11BCMA085117) and phone number (+44- 208-762-8008) at all times. The decision to

evacuate an employee to a local or regional center, or out of the country, will be made in

consultation with International SOS, the COP or his/her designee, DAI home office and local

medical personnel.

International SOS (ISOS)

All DAI Expat and TCN employees are issued an ISOS card before deployment. The card is to

be kept on the person at all times. ISOS is to be used in any life threatening medical emergency.

The COP is responsible for enacting the ISOS procedures and must be contacted as a priority.

DAI’s ISOS account number is 11BCMA085117.

See Annex A: Security and Emergency Contacts for a list of medical/emergency numbers

and locations.


DAI Confidential

Annex A: Security and Emergency Contacts (as of 7 July

2017) Contact (Title

and Name) Phone number Email

Project Contacts

Chief of Party, John

Sampson +254 (0) 796 112 710 [email protected]

SFP/Deputy Chief of

Party, Ibrahim Somo +254 (0) 721 889 965 [email protected]

Director of Grants

and Operations, Joyce

Mwayi

+254 (0) 715 760 486 [email protected]

Other DAI Project Contacts

Regional Director,

Africa Lead, James

Collins

+254 (0)726 709 840 [email protected]

Chief of Party,

KIWASH, Joseph

Sanders

+254 (0) 718 454 218 [email protected]

DAI Department of Global Security Contacts

DAI Department of

Global Security

See below for specific numbers [email protected]

DAI Crisis Line +1 443 716 2300 VP Global Security,

Barry Shapiro +301 272 7888 [email protected]

Global Security

Director, John Reid +1 202 258 3111 [email protected]

Global Security

Specialist, Paraylla

Blakaj

+1 240 274 0173 [email protected]

Global Security

Associate, Zac

Monreal

+1 301 503 0451 [email protected]

Other DAI Contacts

Director of

Administration (including insurance),

Daphne McCloskey

+1.301.718.8254 (office)

+1.202.368.2208 (mobile)

[email protected]

Human Resources,

Kevin Duffy +1.301.771.7729 (office)

+1.301.503.0971 (mobile)

[email protected]

Kenyan Local Emergency Contacts

Local Police 999, 112, 020 272 4154 N/A

Nairobi Fire Service Tel: 020-2234559/0771637161 Nairobi County Fire Station, Tom Mboya Street,

Breweries (Ruaraka) and Industrial Area

Disaster Management 4425461 (all emergencies operator) Airport

USAID +254 (0) 208 622 000

U.S. Embassy (and

others) 0203 636 451 (business hours)

0203 636 170 (after hours)

mailto:[email protected]


DAI Confidential

Contact (Title


Security Company -

Alarm KK Security [email protected];

[email protected]

Other Security Contacts and Resources

In-Country

Chief Sec Advisor

UNDP, Mark

Richmond

+254 710281014

+2522 4006935

n/a

UNODC, Geraint

Roberts +2522 4237974 [email protected]

Warrior INSIGHT

Head of Delivery,

Jerry Bland

M: +254 790 205 726

T: +254 709 851 000

[email protected]

www.warrior-insight.com

Warrior INSIGHT

PLSO Operations

Manager, Steve Boyle

M: +254 795 749 349

T: +254 709 851 000

E: [email protected]

W: www.warrior-insight.com

Skype: PLSO.stevenboyle

Local radio and TV phone number email address

Nation TV +254 20 3288000 [email protected]

[email protected]

Citizen TV +254 719 060 000

+254 732 169 000

[email protected]

Radio Citizen +254 719 060 000 [email protected]

KBC English Service

Radio

+254 (0) 0723892654

+254 (0) 734780124

[email protected]

Overseas Security

Advisory Council TBD www.osac.gov

Other Information Resources

iJET N/A https://traveler.worldcue.com/

Medical Contacts

ISOS: Medical

Evacuations and

Emergencies

Account Number:

11BCMA085117

001-215-942-8226

(may be called collect) www.internationalsos.com

The Aga Khan

Hospital (this hospital

has been given the

ISO: 9001:2000

certificate)

+ 254 020 525016

+ 254 020 528793

3rd Parklands Avenue and Limuru Road, Nairobi

Kenyatta National

Hospital

+254 729 406939 Hospital Road, Upper Hill, Nairobi

Dr. Peter Grifiths

(The Dental Practice)

+254 734 437 513;

+254 020 444 3392

Flat No. A1, Haven Court, Waiyaki Way,

Westlands

Kenyan Red Cross +254 0700 395 395 South C, off Popo road.

Garissa: P.O. Box 1100 - 70100

Garissa

Email: [email protected]

Tel:0714-433511

Kismayu Road, Garissa




DAI Confidential

Contact (Title


Isiolo: P.O. Box 223-60300

Isiolo


Tel:0722-210652

Hospital Road, Isiolo

Mandera: P.O. Box 132 - 70300

Mandera


Tel:0722-662039

Wajir: P.O. Box 70

Wajir


Tel:0724-694666/0735-694666

Annex B: Warden System (as of 31 July 2019) ▪ The Warden System contact information is distributed to all staff.

▪ Information flows two ways, with initiation depending on original source.

▪ The DCOP is the SFP. The Wardens are the Deputy Director of Operations, Deputy

Director of Grants and the Program Learning Director.

When appropriate, the Warden System will be activated. All staff should be contacted and

given the relevant information pertaining to the crisis, consisting of: Who? What? Where?

When? How?

The system will be activated by mobile phone call. SMS text will be the back-up contact

message.

▪ When a message is received, the recipient MUST reply to acknowledge receipt.

▪ If no reply is received within 10 minutes, a telephone call should be placed to the staff

person’s mobile phone.

▪ If the person is thought to be at home, his or her designated land line number should be

called.

Caller Person To Be Called

Title and name Phone Number Title and Name Phone Number

COP,

John Sampson

+254 (0) 796 112 710 SFP,

Ibrahim Somo

+254 (0) 721 889 965

DAI Crisis Line +1 443 716 2300

USAID,

John Langlois

+254 (0) 724 253 491

Africa Lead,

James Collins

+254 (0) 702 391 464

KIWASH,

Joe Sanders

+254 (0) 718 454 218


DAI Confidential

Caller Person To Be Called

Title and name Phone Number Title and Name Phone Number

SFP,

Ibrahim Somo

+254 (0) 721 889 965 Warden 1,

Joyce Mwayi

+254 (0) 715 670 486

Warden 2,

Lilian Lamai

+254 (0) 722 941 768

Warden 3,

Catherin Mbinyo

Program Learning Director

+254 (0) 796 088 914

Warden 1,

Joyce Mwayi

+254 (0) 715 670 486

PO- Strategic Communications and

Civil Society, Ronald Ojwang

+ 254 (0)722 495 049

PO- Research and Government

Support, Irene Ndungu

+254 (0)748 103 755

PO- Curricula and Training, Erick

Achola

+254 (0)722 844 279

Communications Officer, Hank Nelson +254 (0)715 672 313

Grants Officer, Helidah Korir +254 (0)724 653 624

Grants Specialist , Yasmin Mohamed +254 (0)710 845 174

Warden 2,

Lilian Lama

+254 (0) 715 670 486 Hussein Ahmed (MnE Specialist) +254 (0) 725 033 863

Procurement and Logistics Officer,

Barbara Wasilwa

+254 (0) 720 777 739

Finance and Accounting Officer,

Michael Muithya

+254 (0) 720 482 514

Driver, Lawrence Mwaura +254 (0) 712 090 628

Operations Assistant, Wako Buro

+254 (0) 704 467 735

PDO-Mandera, Mohamed Edin +254 (0)717 699 601

PDO-Nairobi, Suli Guhad +254 (0)705 663 467

Office Aide, Anhtony Okello +254 (0)701 480 114

Warden 3,

Catherine Mbinyo

+254 (0) 796 088 914 PDO- Wajir Abdinoor Ali +254 (0)700 273 001

CMO-Wajir, Hanan Abdisamed +254 (0)713 880 867

PDO-Garissa, Amina Abdi +254 (0)721 717 890

CMO-Garissa – Ismail Ali +254 (0)727626405

CMO-Mandera, Shukri Adan +254 (0)721 829 800

PDO-Isiolo, TBD

CMO-Isiolo, Hassan Guyo +254 (0)721 464 929

CMO-Nairobi, Nelly Kiarie +254 (0)717 894 468


DAI Confidential

Annex C: Hibernation, Relocation and Evacuation Plan

If there is more than one DAI project in country, the projects shall align their hibernation,

relocation and evacuation plans (for example, assembly and relocation areas and safe havens as

well as routes to these).

OUTLINE OF PLAN AND RESPONSIBILITIES

Step 1: Evacuation Call Out

The Crisis Management Team, in consultation with the client and the DAI home office

Executive Leadership Team, shall clear any decision to evacuate the host country.

Responsibilities

The COP will:

▪ Account for all staff through the Warden list.

▪ Decide on whether staff should be picked up, self-drive or remain until safe to travel.

▪ Notify the DAI Crisis Line.

Step 2: Office/Residence

The designated meeting location for staff is the safe room located on the first floor.

If it is too dangerous to travel, staff will take shelter at home or at the office.

Responsibilities

▪ The COP will check if all staff and vehicles are present and accounted for.

▪ The COP or designee will brief staff and initiate the Evacuation Plan.

▪ STTA staff will ensure that they report on their whereabouts.

▪ The SFP will ensure that all staff are accounted for, collected (if required), and report

this to the COP.

▪ Drivers will be responsible for preparing vehicles as per the driver’s checklist and fitting

the satellite vehicle docking stations.

▪ All staff will collect their “grab bags” and other belongings and be prepared to assemble

at the office or their residence depending on the instructions issued or situation.

Step 3: Assembly Areas

The assembly area for loading staff, vehicles and equipment is the parking lot near DAI-

designated parking spaces.

Responsibilities

Drivers will move the vehicles to prepare for the packing of essential equipment.

Step 4: Relocation Area

The designated relocation area(s) is/are to be determined depending on situation and staff

whereabouts at the time.

Step 5: Safe Haven

In the event of an evacuation, the designated safe haven for the project is to be determined.

NIWETU Expat staff will follow directions provided by the U.S. Embassy and home office.


DAI Confidential

Responsibilities

The COP will be responsible for the administrative and operational withdrawal to the final

destination.

Items to be carried with all evacuees:

▪ Passport (or a photocopy if acceptable).

▪ Other forms of personal identification.

▪ US $200 in cash, minimum or in equivalent currency.

▪ Telephones with credit and satellite telephones.

▪ Scanned copy of passport and visa (this will expedite the reissuing process, if lost).


DAI Confidential

Annex D: Staff Security and Safety Guidelines

In event of an emergency, there are basic guidelines that should be followed, although actions

by staff will depend on many other factors at the time. These will not be set as SOPs, but are

used to show the best course of action in most situations.

General Security

• Take time to plan activities. Try to know the exact route before traveling. Dress and behave appropriately

according to Kenyan culture.

• At a new assignment, find out about local customs and behavior and potential threats or areas to avoid.

• Maintain a calm, mature approach to all situations.

• Be non-provocative when confronted with hostility or potentially hostile situations. Criminals are known to fire

upon uncooperative or hesitant victims.

• Be alert to the possibility of confrontation with individuals or groups. Be aware of times when crowds can be

expected, such as after religious services or sporting events.

Commuting in Nairobi

• Never walk at night. Always use vetted taxis.

• Be aware of surroundings. Avoid groups of people loitering on the streets.

• If possible, walk with companions.

• Avoid walking too close to bushes, dark doorways and other places of concealment.

• Use well-traveled and lighted routes.

• Maintain a low profile and avoid disputes or commotion in the streets.

• If a driver pulls alongside to ask for directions, do not approach the vehicle. A common criminal technique is to

ask a potential victim to come closer to look at a map.

• Carry all belongings in a secure manner to prevent snatch-and-run theft.

• If someone suspicious is noted, cross the street or change directions away from them. If necessary, cross back

and forth several times. If the person is following or becomes a threat, use whatever means necessary to attract

attention of others. Remember, it is better to suffer embarrassment from being overcautious than to be a victim

of crime.

In the Event of a Traffic or Car Accident

• Quickly discern the attitudes and actions of people around the accident site to ensure that the staff member is

not at risk by staying.

• Do not leave the site unless staff safety is jeopardized and then only to drive to the nearest police station.

• Provide care and assistance as appropriate. As appropriate, contact local authorities immediately and cooperate

as required. Contact the COP and DEPUTY DIRECTOR OF OPERATIONS as soon as practical.

• When approaching an accident involving other vehicles consider safety and security, take care not to become

involved in a second accident while responding.

Traveling by Taxi

• Taxi providers must be vetted by the project and their reliability ascertained.

• Any use of taxi service providers outside the approved list should obtain prior approval from the DEPUTY

DIRECTOR OF OPERATIONS.

• Ensure taxi doors and windows are locked while traveling.

• The best way to avoid being a victim of a carjacking is to be aware of surroundings, particularly at night or early

morning hours. Ensure taxi drivers allow sufficient distance between you and the vehicle ahead of you while

stopped in traffic.

• If you believe you are being followed, instruct the driver not to drive directly to your intended destination but

rather detour to a public or guarded area and seek help. Call the SPF immediately.


DAI Confidential

Annex E: Risk Category Matrix

RISK MATRIX

VERY LOW TO

LOW RISK

▪ Project not significantly impacted by security events. ▪ Complete freedom of movement for international organizations.

▪ No demonstrations, community violence, political upheaval. ▪ Acceptance of western activities, no threats issued. ▪ Local population activity within the town normal. ▪ Criminality negligible.

MEDIUM RISK

▪ Project may be indirectly impacted by security events. ▪ Minor security events occurring or imminent.

▪ General freedom of movement for international organizations. ▪ No demonstrations, community violence, political upheaval. ▪ Acceptance of western activities by locals.

▪ Local population activity within the town normal. ▪ Criminality prevalent but contained.

HIGH RISK

▪ Project directly impacted by security events. ▪ Significant events occurring or imminent. ▪ Limited freedom of movement for international organizations.

▪ Monthly demonstrations, community violence, political upheaval. ▪ Threats issued to western agencies, activities not necessarily accepted by locals. ▪ Local population activity within the town limited due to curfews, imposed or self-imposed. ▪ Criminality prevalent.

EXTREME HIGH RISK

▪ Project directly impacted by security events. ▪ Catastrophic or potentially catastrophic events occurring or imminent. ▪ No freedom of movement for international organizations.

▪ Daily demonstrations, community violence, political upheaval. ▪ Western agencies targeted, activities not accepted by locals or unsafe to carry out. ▪ Curfews imposed. ▪ Criminality, looting ongoing.

Tripwires for Project status

Project Implementation – LOW RISK

• Projects can be implemented, restarted or continued.

• Normal SOPs apply.

Project Implementation – MEDIUM RISK

• Projects can be implemented, restarted or continued.

• Normal SOPs apply, but initiate graduated risk & security response.

Project Implementation – HIGH RISK

• Projects can be implemented, restarted or continued after consultation with the COP, DEPUTY DIRECTOR OF OPERATIONS and USAID.

• Security-related/contingency SOPs apply. Initiate incident and crisis management protocols.

• COP approval for movement, social activities outside confines curtailed.

Project Implementation – EXTREME HIGH RISK

• Projects should not be implemented, restarted or continue in this environment.

• Initiate full scale security and crisis response.

• Projects can be suspended.


DAI Confidential

• Movement only in emergency.

• Evacuation, hibernation or relocation possible.


DAI Confidential

Annex F: Vehicle Safety Guidelines

GENERAL VEHICLE SAFETY REQUIREMENTS

▪ All drivers and passengers are required to wear seat belts. Seat belts can significantly reduce

the risk of death or injury in the event of an accident.

▪ When travelling and parked, vehicles should be kept locked at all times.

▪ No firearms are permitted in NIWETU vehicles.

▪ When valuable items such as cash have to be moved through areas where there is a risk of

banditry, divide the valuables among passengers and place them in hiding places in the

vehicle.

▪ Use discretion when planning a trip transporting valuables. This should be considered

confidential (do not discuss over the radio, send trip details over non-DAI email accounts or

discuss in public places).

▪ Any trips to high-risk areas should be considered confidential (do not send trip details over

non-DAI email accounts or discuss in public places). ▪ The use of public transportation for program activities during times of tension should be

kept to a minimum.

VEHICLE ACCIDENT In the event of an accident involving a NIWETU vehicle and driver:

▪ Assess the situation carefully to determine next steps.

▪ If there is an angry crowd, continue driving and report to the police immediately. Often, if

you stop, the crowd may react and try to harm you.

▪ If you have broken down in an area where there have been recent violence or bandit

attacks, it is safest to stay with the car and refrain from traveling until daylight the following

day.

▪ If it is safe to stop, take injured persons to the nearest health facility following emergency

first aid procedures. Children should be accompanied by a relative.

▪ If another car is involved, details of the car and driver should be taken. Report the incident

to the DEPUTY DIRECTOR OF OPERATIONS as soon as possible.

▪ Depending on local practice, the police should be informed of the incident as soon as

possible and should provide a written accident report to DAI.

▪ If there is any possibility of injury to NIWETU staff, all staff involved in the accident need to

undergo a medical check-up as soon as possible.

▪ SFP fills out incident report and submits it to [email protected]. For more guidance, see

Incident Management Plan.

If needed and possible, NIWETU will attempt to send support to the location. If there are

problems with the police, seek support from the SFP. Under no circumstances should the

vehicle operator offer any comment regarding liability for the accident. DAI/W should be

notified as soon as possible.

All acts of careless driving, especially when resulting in an accident, will result in a suspension of

driving privileges and may result in the termination of employment with the project. Accidents



DAI Confidential

not the fault of the driver (i.e. being backed into, rear-ended, etc.) will be reviewed on a case-

by-case basis by the COP.

ROAD BLOCKS

Checkpoints manned by armed personnel should be treated with caution. Unexpected, unofficial or informal roadblocks present particular risks. Travelers may choose to turn around

prior to approaching the roadblock until they can confirm its legitimacy.

▪ If stopped by police or other local authority personnel, be firm but courteous.

▪ Always slow down when approaching checkpoints. Roll the driver’s side window down, turn

the radio off and watch and listen for the order to stop.

▪ Always obey an order to stop. If the people at the checkpoint are pointing their guns at your

vehicle and the atmosphere is obviously tense, everyone in the vehicle should remain

absolutely still. Do not jump out without warning or make any sudden movements as this

may provoke swift retaliation. Answer all questions as concisely, accurately and courteously

as possible.

▪ When at a check point, do not raise any objection to identity checks or the control of

vehicles or cargo. If you feel that this is not appropriate, have the most senior staff member

attempt to discuss the matter with the local authority in charge of the check point.

▪ Report any check point abuses to the relevant authorities. If you can take down their names

and record the date and time of the incident, that will help in the reporting process.

▪ Drivers of NIWETU vehicles should resist pressure from those manning the check points to

give lifts to unauthorized passengers.

▪ In the event that, due to circumstances beyond your control, you have to approach a

checkpoint at night, the following actions are to be observed when approaching the check

point:

− Reduce speed to a minimum when approaching.

− Make sure headlights are on low beam (not bright or full beam).

− Turn on the inside light.

− Stop the moment you are ordered to stop or at the barrier if no order has been given.

− Do not make any movement unless instructed to do so.

− Do not drive on unless clearly instructed to do so.

CARJACKING

Authorized drivers must be conscious of the possibility of carjacking and take appropriate

precautions. The project vehicle is a valuable investment, but not as valuable as a human life. In

the event of carjacking, the safety of NIWETU employees and other passengers is the priority;

the driver must take whatever steps he/she feels necessary in order to protect his/her life and

the lives of passengers. This may include damaging or losing the vehicle.

The following are common indicators that a carjacking may be imminent:

▪ A vehicle with two or more occupants following closely or alongside, maintaining the same

speed as you.

▪ Animated conversation or gestures between occupants of vehicles traveling behind or

alongside project vehicle, especially those in the front seat.


DAI Confidential

▪ A vehicle trailing behind your vehicle at a constant distance.

▪ A vehicle trailing closely behind your vehicle that does not take opportunities to overtake

you.

▪ A vehicle trying to pass your vehicle on a deserted stretch of road or suspicious persons

loitering along the roadside (sometimes on both sides of the road) in high-risk areas,

especially at stop signs, traffic lights and road blocks.

If stopped by carjackers:

▪ Do not resist.

▪ Keep your hands in view.

▪ Do not make any sudden moves. Be especially careful reaching to release your seat belt.

Explain what you are holding.

▪ Do not try to fight back or repel the carjackers.

▪ Comply with hijackers’ instructions quickly. Hijackers are probably nervous and want to

leave the area as rapidly as possible. ▪ Surrender personal items, such as jewelry, purses, wallets and baggage, on demand.

▪ Try to discretely note hijackers’ physical and clothing descriptions.

▪ Do not provoke hijackers with a display of anger or rude remarks.

▪ Report the incident quickly and accurately.

Vehicle Check List

All project vehicles are required to be equipped with the following items before departure for

any destination:

Equipment: Miscellaneous:

1. One spare tire (inflated) 1. Vehicle documentation

2. Complete tool set 2. Personal documents

3. Shovel 3. Vehicle log

4. Spare water for vehicle 4. Flashlight with extra batteries

5. Fueling hose 5. Satellite phone

6. Motor oil 6. Drinking water

7. Vehicle jack 7.Complete first aid kit

8. Electrical tape

9. Tire wrench and repair kit

10. Jumper cables

11. Tow rope or cable

12. Hose clamps

13. Spare fan belt

Before going on any long journey check the following:

• Vehicle engine oil is adequate.

• Fuel tanks have been filled.

• Tire air pressure is correct.

• Water level in the radiator is adequate.


DAI Confidential

Annex G: Local Health Care Providers

Please refer to the attached list.

CIC Insurance Panel

of Providers.pdf

risk mitigation plan

Documents