Kidnapping and Ransom Incident Management

Incident Management Guidelines

Kidnapping is a specialist area and must be treated with the utmost professionalism and sensitivity. The distinction between a hostage situation and kidnapping situation is that the location of the victim is not known during a kidnapping situation. In certain environments, the ability to recover kidnapped persons might be possible using Western military force support to cordon off or search areas, if the proper incident management policies, agreements, and standard operating procedures are in place. In other environments, it will be the sole responsibility of a kidnapping and ransom team to recover kidnapped persons.

In the event of a kidnapping, the following (initial) steps should be taken to ensure the safety of the victim:

Action Points

1. Stand up the Incident Management and Crisis Response Teams using the SAD CHALETS system.
2. Liaise with appropriate consulate/embassy and nearby police or military commander if authorized.
3. Be sure that a kidnapping has indeed occurred; explore all possible explanations for a missing person (see missing person guidelines).
4. Confirm where the victim was last seen, and with whom; get a full statement of events, as well as what the victim was wearing.
5. Determine whether the victim has any medical conditions, and ascertain the state of the person's mental health.
6. Start a log of events and update it as events transpire.
7. Alert expert consultants and negotiators (if sanctioned).
8. Notify the victim's family (if sanctioned).
9. Limit information given to the media for the well‐being of the victim.
10. Choose a telephone to be used when talking to kidnappers, and attach a recording device if possible.
11. Retrieve personal file of victim so that “proof of life” questions can be verified.
12. Do not indicate to kidnappers that police have been notified (if appropriate).
13. Promise nothing, but be conciliatory.
14. Allow the experts to do their job once they arrive on scene.
15. Take notes and record details such as voice, age, timbre, race, and gender of kidnappers.
16. Take statements from anyone who may have witnessed the event; obtain a description of kidnappers, vehicles, and other details.
17. Place all evidence in plastic bags; handle corners only to avoid damaging fingerprints.
18. Forward all information through the correct communication channels, and update where necessary.
19. Provide an IMP Risk Assessment Report as soon as possible.

Facility Physical Security Breach Incident Management

Incident Management Guidelines

A physical security breach of a facility, whether in a remote, hostile, or permissive environment, may pose a range of risks to the company. Managers should consider the nature and intent of the breach, as well as the possible goals and motives of the intruders.

In the event of a physical security breach occurring, the following points should be addressed:

Action Points

1. Stand up the Incident Management and Crisis Response Teams using the SAD CHALETS system.
2. Establish the nature of the breach (criminals, youths, activists, terrorists) and associated risk levels and types.
3. Elevate alert status and post guards around the area; start roving patrols.
4. Notify local government, military, and law enforcement organizations.
5. Determine where the breach occurred and secure the point of entry.
6. Confirm an Incident Management Control Point to receive external security agencies; notify them as to safe routes in.
7. Perform a role call of all personnel; identify any missing staff.
8. Close down and secure all facilities; if necessary, move personnel to safe havens.
9. Perform an inventory of all weapons, equipment, and documents, if appropriate.
10. Determine the consequences of the breach and begin mitigation to prevent future security breaches.
11. Employ bomb‐sniffing dogs if appropriate, and clear muster points for possible hazards.
12. Provide status reports to organic and external security groups.
13. Conduct a sweep of the area for unauthorized intruders and devices.
14. Confirm whether intruders are still present; if so, track and monitor their movements if possible.
15. Maintain a flow of information to organic and external security groups.
16. Write a complete, detailed report of the breach.
17. Forward all information through the correct communication channels, and update where necessary.
18. Provide an IMP Risk Assessment Report as soon as possible.