GSA Global is a specialist security, risk and investigation company which was invited in 2018 to support the development of a new ISO dedicated to business travel risk management (TRM).

Four years on from when ISO 31030 was published and, from the travel risk management assessments conducted by GSA Global over that period, considerable insights have been gained about how organisations from all sectors, and of all types and sizes, undertake TRM. Many positives can be identified since the ISO’s introduction which augur well for continuing improvements in the safety, security and well-being of business travellers, and for enhancing the professionalism of TRM, more widely. Positive developments noted in this period include:

  • Many larger organisations have recruited staff into specialist travel risk & security positions, and these personnel demonstrate real commitment, and are lauded for their approachability and willingness to support both inexperienced and experienced business travellers.
  • Similarly, most organisations assessed recognise that they do not have the skills to provide urgent medical and security assistance to travellers in difficulty and have procured specialist organisations like Healix which possess the expertise and global reach to provide a 24/7 response.
  • Over 120 travel risk professionals in the EMEA and Americas’ regions have joined GSA Global’s facilitated quarterly forums where contemporary travel risk challenges and good practice are shared amongst a growing global peer network.
  • Insurance companies and brokers are beginning to leverage training bursaries to help organisations reduce travel-related risks and claims.
  • Travel risk professionals are learning rapidly from global events like extraordinary weather phenomena, wars and cyber-related travel disruption.

However, thousands of hours of assessment have highlighted aspects of TRM where progress is less evident, including:

  • Where TRM is part of the corporate security rather than corporate travel, we found that travel risk arrangements were generally more practical, operationally grounded and more connected to other risk management arrangements.
  • Evidence that some travel risk professionals feel relatively isolated within their organisation’s corporate structure and in shouldering a substantial level of personal responsibility for a travel risk programme, can find themselves open to corporate scapegoating where avoidable incidents occur.
  • In a related finding, most travel risk professionals learn ‘on the job’ and few are provided with a structured and continuing professional development pathway.
  • Many corporate departments which have a contribution to make to duty of care considerations fail to realise they are a vested stakeholder in TRM. In particular, HR, legal and procurement teams often perceive themselves as tangential providers of occasional advice, rather than integral contributors of travel risk identification, assessment and mitigation. Organisational co-ordination of TRM stakeholders is often disjointed, as a result.
  • A recurrent theme remains that travel risk professionals prioritise their due diligence of travellers’ accommodation to high-risk locations, and it is commonly left to travellers to select their own accommodation on the basis of price rather than security threats, even in medium risk locations. Whilst the undesirability of this situation is often recognised by those involved, they cite the lack of resource to do anything different and the powerful effect of commercial considerations on changing the status quo.
  • Most assessments have revealed security professionals’ concern that crisis management policies are not adequately supported by the solid foundations of clear allocation of roles and responsibilities, training, exercising, and relevant SOPs that are relevant particularly in the golden hour.
  • With notable exceptions, feedback from most respondents is that travel risk management is squeezed out of corporate executives’ considerations by the sheer volume of other challenges senior managers face. The maxim is maintained that because serious travel-related crises have not previously arisen on their watch, that situation is likely to continue. A consequence is that duty of care may not be properly understood, particularly how risk mitigation should be resourced and co-ordinated, as noted above.

We have found pockets of excellence where the optimal combination is evident of engaged leadership, committed travel risk professionals, and a culture where staff engagement is valued as the primary way to achieve better customer relationship.

Looking ahead, as a positive catalyst for change in TRM practice ISO 31030 is about to get a major boost. ISO has started work on identifying what aspects of the Guidance should be encoded in a certification standard – the important transition from what organisations should do, to what organisations must do – for both end users of TRM, and suppliers of TRM services. Some of the issues which have drawn our attention include:

  • The need to enhance awareness of information security to include the growing challenge of human elicitation and social engineering
  • The role of drones both in security breaches and security patrol tactics
  • The advent of laws (like in the UK) where duties to prevent sexual harassment of workers includes during business travel

Much has been learned over the last four years, and further development is inevitable to take account of changes in strategic threats and risks. Such change is surely to be welcome provided proposals are predicated on principles of proportionality; according to the foreseeable travel risks an organisation faces, and the provision of sufficient skilled resource to manage those risks.