About This Toolkit

About the Toolkit

Print Friendly and PDF

What is this Toolkit?

This Toolkit is a practical handbook that brings together all relevant resources and good practices related to human rights compliant security practices, as well as tools and case studies that help translate the good practices to a particular operational context. 

Why Use this Toolkit?

Security is an issue for all companies whether it relates to their field operations, supply chains, or contractors. Responsible security management is especially challenging in complex environments where governance is weak and companies face the task of  managing overlapping and complex networks of stakeholders. Companies must address the rules, needs and expectations of host governments and communities as well as consider the roles, capacities and impacts of using public or private security. These challenges are compounded today by an evolving security landscape, marked by human rights impacts of major societal disruptions created by global challenges such as climate change and pandemics, as well as by a wide range of expectations from societal actors such as governments, civil society and investors. 

An increasing number of regulatory regimes require companies to undertake security and human rights due diligence. Besides, there is a strong expectation that businesses do no harm and contribute to sustainable development in their operations and along their supply chains – with the security dimension being integral to building and maintaining the social license to operate. 

Ineffective security management has significant impacts on the rights and development of communities and substantial consequences on the company’s social license to operate. Implementing the human rights compliant security practices recommended in this Toolkit is  not merely a good practice, but an absolute necessity. 

Sustainability, business and human rights: How does the Toolkit fit in? 

The Toolkit makes the management of security and human rights-related risks easier and helps companies address increasing expectations with respect to sustainability as well as business and human rights. 

Embedding responsible management of security and respect for human rights into company operations, business relationships and supply chains is a powerful way to drive implementation of the Sustainable Development Goals (SDGs), especially the vision of Goal 16:  promoting peaceful and inclusive societies.  Yet the relationship between the SDGs and businesses is mutual; by positioning security and human rights respect at the heart of decisions, companies can harness more market opportunities, manage risks more effectively, and maintain their social license to operate. The Toolkit therefore helps companies align their security management efforts with the goals of the SDGs. 

Beyond the SDGs, the Toolkit helps companies address their responsibility to respect human rights and humanitarian law as set out by a number of international standards and frameworks as set out below.

a) United Nations Guiding Principles on Business and Human Rights (UNGPs)

The UNGPs were unanimously endorsed by the United Nations Human Rights Council in 2011 and have established the authoritative international framework affirming the respective role of States and companies to ensure human rights protection. To this end, the UNGPs reaffirm the State duty to protect human rights and spell out the corporate responsibility to respect human rights. The UNGPs provide companies with a roadmap to meet this responsibility: by making a policy commitment to human rights, establishing a human rights due diligence process to identify, prevent, mitigate and account for how they address their impacts on human rights, and enable remediation of adverse human rights impacts.

The Toolkit helps companies meet their responsibilities under the UNGPs, supporting companies to harmonize the implementation of the UNGPs with other applicable international instruments where they reinforce each other. The Toolkit also indicates how certain fundamental requirements for human rights due diligence, such as human rights impact assessments and stakeholder mapping, can be used to develop human rights compliant security practices. 

The Toolkit also supports heightened human rights due diligence for companies doing business in conflict affected regions. In line with the recommendations of the UN Working Group on Business and Human Rights, the Toolkit promotes a conflict-sensitive approach that supports companies to ensure their security arrangements do not exacerbate conflict dynamics. 

National laws and regulations are also increasingly implementing the UNGPs and requiring human rights due diligence. States are required to enact and enforce such legislation as part of their obligations to prevent, investigate and provide effective remedies for victims of business-related abuses. 

b) The Voluntary Principles on Security and Human Rights (VPs)

The VPs were adopted in 2000, over a decade before the adoption of the UNGPs. The VPs set standards and good practices to help companies identify and mitigate security and human rights risks.  The VPs continue to provide the most focused guidance for companies on how to implement responsible corporate security practices, which is at the heart of the UNGP’s due diligence approach.  

DCAF and the ICRC are longstanding, active Observers to the Voluntary Principles Initiative  and developed this Toolkit in successful editions between 2014 and 2016 to provide a practical guide for companies to manage the security of their operations in line with the provisions of the VPs. The development and updating of this Toolkit has benefited from the continuous support of the Swiss government, as part of its own commitment as a government member of the Voluntary Principles Initiative to promote the implementation and respect for those principles. Although this Toolkit has been developed for all companies whatever the nature of their operations, supply chains, or contractors, it has direct relevance for stakeholders who seek to ensure that corporate security management is aligned with the provisions of the VPs.

c) OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas (the OECD Guidance)

In sector-specific initiatives tackling resource extraction or other types of large foot-print operations, security is also increasingly recognised as a core part of heightened human rights due diligence requirements. In 2011, the Organisation for Economic Co-operation and Development (OECD) published its Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas to help companies respect human rights and avoid contributing to conflict through their mineral sourcing practices. The OECD Guidance cultivates transparent supply chains and sustainable corporate engagement in the mineral sector, enabling countries to benefit from their mineral resources whilst preventing their extraction and trade from becoming a source of conflict, human rights abuses and insecurity. With respect to security and human rights risks, the OECD Guidance’s Model Supply Chain Policy recommends that any company that may need to contract public or private security forces becomes a member of the Voluntary Principles to guide them in following best practice policies.  To this end, the Toolkit also helps companies meet the due diligence framework of the OECD Guidance. In both artisanal and small-scale mining as well as large scale mining supply chains, the Toolkit responds to the growing pressure for companies to improve how security good practices are incorporated in various industry programmes and how these are verified, checked and reported on.

d) International Humanitarian Law 

This Toolkit also draws on international humanitarian law (IHL) and is particularly relevant for companies that operate in conflict affected and high-risk areas.  IHL binds not only States, but also non-State actors as well as individuals – including managers and staff of companies – whose  activities may have a connection to an armed conflict. For instance all entities, groups and individuals whose activities involve a direct participation in an armed conflict are required to respect IHL. The Toolkit integrates provisions of IHL and provides recommendations and examples of good practices to assist companies in managing the security of their operations in a way that respects this body of law.

How to use the Toolkit?

The Toolkit is structured around real-life security and human rights challenges identified through consultations with a wide variety of stakeholders. 

These are included in the list of challenges. 

The document has internal links: by clicking on one challenge area, the user is automatically directed to the page where that challenge is discussed, with corresponding guidance. As a result, users do not need to read the whole document, they merely need to identify the challenges they are facing and click to access the relevant pages. To assist in this process, the list of challenges is organised by the type of stakeholders they are connected with (namely: host governments, public security forces, private security providers or local communities). See also: Quick guide to using the Toolkit

Each challenge is presented on a separate page with a series of related good practices. These good practices are not meant to be prescriptive. It is up to the user to evaluate whether they could be feasible, useful and appropriate to the local context in a specific situation.

Good practices are in many cases followed by a reference to a source where more information or guidance can be found. The main sources used for the development of this Toolkit are mentioned in the list of References, together with the respective abbreviations used throughout the Toolkit. Key words highlighted in the text link to short fact sheets on priority topics. 

Practical tools such as checklists and case studies are also key components of the Toolkit. These are geared towards supporting project-level implementation.

Background and Approach 


The Geneva Centre for Security Sector Governance (DCAF) and the International Committee of the Red Cross (ICRC) partnered in 2012 to develop practical tools for companies operating in complex environments. Together with a large number of stakeholders from various sectors of society who were consulted in the early stages of the partnership, the partners identified the need for coherent guidance and practical tools to support responsible business conduct when it comes to the security and human rights arrangements of company operations.  The results have been this Toolkit and the creation of the Security and Human Rights Knowledge Hub.

The Toolkit is the result of an extensive literature review combined with interviews with company headquarters and field research. Field missions were conducted between 2013 and 2015. In the same period and as part of the headquarters and field research, the project team held over 200 meetings with representatives from host and home governments, companies, civil society organisations, local communities and other relevant actors. These exchanges enabled the identification of real-life security and human rights challenges related to corporate operations, as well as good practices, tools and case studies that could help address those challenges.

In 2020-2021, DCAF and ICRC partnered with the Geneva Center on Business and Human Rights (GCBHR) to further develop and update the Toolkit with new content, examples and case studies, good practices, and references to tools to ensure that both the Toolkit and the Knowledge Hub remain relevant and fit-for-purpose. The Toolkit is available in English, and will be translated to French, Spanish and Chinese to support companies across different contexts.


1) Living products: both the Toolkit and the Knowledge Hub are regularly updated with good practices, tools and resources, and amended based on user feedback, and periodical in-depth revisions.

2) Integration and practicality: these products are developed to help address requirements and expectations originating from the main international instruments related to business and human rights; in addition, they are implementation-oriented and reflect field realities, which makes them practical and user-friendly

3) Knowledge sharing: users are encouraged to share knowledge and materials so that they can be integrated in the Toolkit and/or the Knowledge Hub and made available to the wider public. Any confidentiality constraints can be raised with the project team and will be duly addressed.

4) Non-prescriptive recommendations: it is up to the user to evaluate whether the proposed good practices are useful and relevant in a specific context.         

About the Partners

  • DCAF – the Geneva Centre for Security Sector Governance works globally to promote good security sector governance through security sector reform. DCAF’s Business and Security Division works with companies, governments and communities to promote  security, sustainable development and respect for human rights. 
  • The ICRC is an impartial, neutral and independent humanitarian organisation whose exclusively humanitarian mission is to protect the lives and dignity of victims of armed conflict and other situations of violence and to provide them with assistance. The ICRC also endeavors to prevent suffering by promoting and strengthening humanitarian law and universal humanitarian principles. 
  • The Geneva Center for Business and Human Rights (GCBHR) is the first Human Rights Center at a business school in Europe. The Center works with companies to identify business models that enable profits and principles to co-exist. The GCBHR offers companies a safe space to discuss pressing human rights challenges and train future leaders to develop and integrate human rights standards in their respective industry contexts.
  • The Peace and Human Rights Division of the Swiss Federal Department of Foreign Affairs has generously supported the DCAF-ICRC partnership since its inception. In particular, Switzerland has supported the development of the Toolkit and its present revision.