MENU
Documenting
war crimes in Ukraine
The Tribunal for Putin (T4P) global initiative was set up in response to the all-out war launched by Russia against Ukraine in February 2022.
• About the KHPG / KHPG Policies

Safety policy of the Kharkiv Human Rights Protection Group (Duty of Care policy)

28.01.2024   

Approved:

Director of KHPG, Ye. Yu. Zakharov

6 January 2024

  1. General principles

This policy applies to all employees of the NGO “Kharkiv Human Rights Protection Group” (hereinafter referred to as KHPG) in Kharkiv and Kyiv offices of the organization, lawyers, psychologists and other specialists who work with KHPG on a contractual basis and volunteers, i.e. all those who ensure the fulfilment of the mission of KHPG regardless of their position, age, gender or length of service (hereinafter referred to as KHPG employees).

The purpose of this policy is to ensure the creation and maintenance of a safe environment for life and health of KHPG employees, security of KHPG offices, equipment, communications, databases, websites, KHPG pages in social networks, accumulated data, archive, library.

This policy includes the principles of creating a safe environment in KHPG offices, safe conditions during business trips of employees within Ukraine and international business trips, as well as information and other types of security.

  1. Safe conditions in Kharkiv and Kyiv offices of KHPG

Given the legal regime of martial law throughout the country and the ongoing Russian aggression against Ukraine, there is a risk of situations threatening the lives and health of employees at any time. The heads of the Kharkiv and Kyiv offices are responsible for timely identification of risks and responding to them to minimize the consequences.

Field office managers are required to continuously assess risks and the overall security situation in their region.

In the event of a threat to the health and life of employees, office managers will immediately inform them of the necessary security measures.

The Head of the office may decide to temporarily suspend the activities of the office and/or relocate/evacuate it (namely, employees, documentation, equipment, furniture, etc.) to a safer location located in the territory controlled by the Government of Ukraine.

In the event of circumstances that pose a threat to the health and life of office employees, as well as property and data, the head of the office shall notify the security specialist of KHPG as soon as possible. The Security Specialist immediately analyzes the risks that have arisen, formulates proposals for their elimination and submits them to the Director of KHPG.

The Kharkiv and Kyiv offices of KHPG are equipped with the following security features:

  • fire extinguishers and other fire extinguishing equipment;
  • first aid kits with critical bleeding control devices (CAT tourniquets, bandages, bandages and other devices);
  • automatic defibrillators;
  • backup power and communication facilities (battery power plants, Starlink);
  • body protection (bulletproof vests, helmets).

Subject to appropriate funding, employees are provided with life and health insurance.

The offices of the Kharkiv Human Rights Group undergo a quarterly security assessment based on the following indicators:

  • fire safety;
  • security related to military operations;
  • hygiene and biological security;
  • protection against unauthorized intrusions;
  • seismic security;
  • data security;
  • communications security;
  • technological security.

  1. Safety of business trips

When planning business trips, responsible employees provide information to the security specialist on the planned business trip location(s), length of stay, overnight stay(s), and transportation. This information is also provided to the project manager. Employees are briefed on security issues before leaving for a business trip.

The project manager maintains regular communication with employees during the business trip to obtain safety information.

During the business trip, employees are obliged to monitor risks and respond promptly in the event of a situation that poses a threat to life and health.

In the event of a hazard, employees shall immediately notify the KHPG Safety Officer and follow his/her instructions.

During business trips to high-risk locations, including locations near the combat zone, employees are provided with and required to wear personal safety equipment: critical bleeding control devices, body armor, helmets, etc.

When traveling on a business trip, employees should give preference to hotels equipped with shelters, if possible.

Company vehicles of KHPG must be equipped with a fire extinguisher and a first aid kit for providing first aid in the combat zone, which contains at least five CAT standard tourniquets. This first aid kit is not a substitute for personal safety equipment.

Life and health insurance is provided to employees traveling on business trips, subject to appropriate funding.

During business trips, employees are required to prevent data compromise.

In the business trip report, employees are required to describe incidents that posed a security threat, if any, and the actions they took to overcome these threats. The data on these incidents are entered into a unified register and sent to the KHPG security specialist.

  1. Safety of international business trips

When planning international business trips, employees provide information to the Security Officer regarding the planned location(s) of the business trip, the period of stay, the place(s) of stay and transportation. Tickets and accommodation must be booked in advance, and medical insurance must be provided for all days of the business trip. This information is also provided to the project manager. Employees receive a safety briefing before leaving on a business trip.

During business trips abroad, employees are required to prevent data compromise.

The business traveler is obliged to notify the project manager upon arrival at each destination. The project manager maintains regular contact with employees during the business trip to obtain security information.

Employees inform the security specialist about incidents that occurred during the business trip, about crossing the state border of Ukraine, and about returning from the business trip.

In the business trip report, employees are required to describe the incidents that posed a security threat, if any, and the actions taken to overcome these threats. The data on these incidents are entered into a unified register and sent to the KHPG security specialist.

  1. Data security

Employees are required to use only equipment and software that is recognized as safe by the organization. The organization maintains a list of “white” software available to each employee. It is forbidden to use software outside this list without prior consultation with a security specialist.

Before receiving and working with the equipment, employees receive a security briefing and undertake to follow the recommendations for use.

Employees are required to pay attention to all risks of data loss or compromise and report them immediately. Each employee must ensure that they have an up-to-date backup copy of their work data on physical media or in the cloud.

Communication within the organization is carried out exclusively by means of white-listed software.

At the organization level, two-factor authorization, complex passwords, the principle of minimum necessary access, and data encryption are used. Employees regularly take part in training and other education on data security

All employees are familiarized with the policy of processing and protection of personal data and are obliged to comply with this policy against their signature.

KHPG employees who work with international crime databases are familiarized with the policy “Rules and Procedures for Working with the KHPG Database” against their signature and are obliged to comply with this policy.

  1. Security specialist of KHPG

The security specialist is responsible for the overall security of the entire organization.

The functions of the security specialist:

  • general risk assessment and monitoring;
  • keeping a register of incidents;
  • advising the organization's employees on security issues, organizing trainings;
  • conducting a quarterly audit of the organization's offices;
  • periodic individual checks of employees for awareness of security policies and recommendations;
  • access administration;
  • maintaining a list of “white” software;
  • ensuring the safety of the organization's mass events;
  • responding to crisis situations, providing instructions to employees, notifying the relevant authorities;
  • general control of the organization's hardware and software, instructing employees before starting work with new tools;
  • control of data handling and data destruction in accordance with the policy;
  • analyzing this and other policies of the organization, proposing changes, developing a security strategy for the company and updating it annually;
  • preparation of medical and non-medical evacuation plans;
  • periodic reporting to the Director of KPG.
 Share this