How to use the MOTSS:
1. Determine whether the destination is a LOW, MEDIUM or HIGH threat country using one of the following:
Government travel advice.
Insurer-provided or subscription risk portal.
Bespoke systems, such as Open Briefing's country threat rating tool.
2. Identify which standards to apply:
For all travel to LOW threat countries, apply CORE standards 1-9. Core standard 10 should be applied or not on the basis of a risk assessment. The traveller should also review the enhanced standards.
For all travel to MEDIUM threat countries, apply the relevant CORE standards plus ENHANCED standards 11-14. Enhanced standard 15 should be applied or not on the basis of a risk assessment. The traveller should also review the advanced standards.
For all travel to HIGH threat countries, apply the relevant CORE and ENHANCED standards plus ADVANCED standard 16. Advanced standards 17-20 should be applied or not on the basis of a risk assessment.
3. Implement the appropriate standards.
Standard 1. Travel advice
The traveller should review appropriate travel advice prior to deployment.
The traveller should review the following sources of information on safety and security in the destination country:
Traveller’s government travel advisory/warnings
Employer’s government travel advisory/warnings
Overseas Security Advisory Council (OSAC) crime and safety report
Centers for Disease Control and Prevention (CDC) traveller’s health advice
Insurer-provided or subscription-based risk portal, if available
The traveller should remember that travel advice is not static, and is subject to change at short notice. Also, the traveller should check for planned demonstrations, public holidays, elections or other events that will occur during their deployment and may temporarily elevate the threat due to political, religious or social tensions around the occasion or the likelihood of drunkenness, violence or crackdowns.
Standard 2. Record of emergency data
The traveller should leave a record of emergency data (RED) with their employer or a trusted third party.
A record of emergency data (RED) contains among other things information about the travel plans and the contact information of the person(s) that the traveller desires to be notified in case of emergency. A Personal Security Profile (PSP) is available from Open Briefing to meet this need.
If travelling to a high-threat country, the traveller should also complete proof of life and security declaration forms. The answers to proof of life questions should not be easy to guess or discernible from open sources, such as social media. Questions should not be related to sensitive issues (e.g. politics or religion) but should help trigger a positive memory and instil hope for the traveller. It is also important that the distress code word can be easily incorporated into conversation.
The security declaration is an important way of demonstrating that the employer has secured the traveller’s informed consent.
Standard 3. Check-in schedule
The traveller should check-in with their line manager or other point of contact according to a pre-agreed schedule.
The check-in schedule should be in line with the organisation’s travel security procedure or proportionate to the threat in the absence of such a procedure:
Low: Once a day (evening)
Medium: Twice a day (morning/evening)
High: Twice a day (morning/evening), departure/arrival during in-country travel
Critical: Three times a day (morning/lunchtime/evening), departure/arrival and every 30 minutes during travel
The organisation should have pre-agreed and tested monitoring, escalation and response procedures in place for missed check-ins or panic alerts. This should include a crisis management plan.
Standard 4. Travel medical insurance
The traveller should obtain suitable travel medical insurance from a reputable provider.
The country travelling to (including if against government travel advice)
The full duration of the deployment
War and terrorism
The type of visa travelling on
The policy should also allow:
Incidental holidays (if relevant)
Standard 5. Mobile/cell phone
The traveller should take a mobile/cell phone that will work on the GSM carrier frequency ranges in the country to be visited and with local network SIM cards.
The traveller should check the coverage of the areas to be visited with the proposed network or a mobile analytics company.
Note that calls may be weakly encrypted between handsets and cell phone towers; however, conversations are vulnerable to interception by phone companies and governments as they travel through the phone network. If required, the easiest way to ensure that voice calls are encrypted is to use a service that offers end-to-end encrypted calls, such as Signal.
All mobile phones can be tracked. The usual advice to turn phones off and remove batteries (if possible) may itself create risks when others attending the same meetings might also disconnect from the network in the same way at similar times. This allows automated analysis to identify patterns that can be further scrutinised by security forces in order to potentially identify individuals that the traveller is interacting with. Instead, travellers should leave phones in their hotel or residence during sensitive meetings or at other times when the risks of being surveilled outweigh the need to carry a communication device for safety or convenience.
Standard 6. Basic first aid kit
The traveller should take a basic first aid kit and know how to use the contents.
The first aid kit should include:
Bandages, dressings, plasters, wound closure strips
Antiseptic cleansing wipes, antiseptic cream, eye wash
Tweezers, scissors, thermometer, examination gloves
Anti-diarrhoeal medicine, oral rehydration solution
Antihistamines, hydrocortisone cream
Painkillers, anti-inflammatories, personal medication
The traveller should note that narcotic drugs and psychotropic substances (italicised in the list above) are under the scope of international law, and their importation may be regulated. This includes analgesic opioids and their derivatives (e.g. codeine) and medications used to treat a range of mental health disorders. Some countries also regulate medications used to treat neurological conditions, such as Parkinson’s disease and epilepsy, and others include sedating antihistamines on their banned list.
Travellers taking medication should ensure that they have a medical prescription and potentially a certificate issued by a competent authority in the country of departure and/or a permit issued by a competent authority in the country of destination.
Standard 7. Secure mobile devices
The traveller should ensure that all work and personal mobile devices and peripherals that they take on deployment are secured to the appropriate level to meet the information security threat in that country.
This standard applies to all laptops, tablets and smartphones as well as any USB flash drives and other removable media or storage devices.
The traveller should consider applying the following to all mobile devices prior to deployment:
Full disk encrypted (or set to automatically lock after a short delay with user account(s) secured by a password or passcode)
Latest operating system and app updates and security patches
An asset tracking app that allows remote tracking, locking and wiping (e.g. Find My)
When the information security threat is assessed to be high, the traveller should consider only taking a burner phone and sanitised laptop containing and with access to the absolute minimum necessary information assets and services.
Standard 8. Online security
The traveller should take steps to protect the privacy and security of their online activities during the deployment.
The traveller should consider installing the following on their mobile devices prior to deployment:
The traveller should also ensure that the correct privacy and security settings are enabled for all online services that they will use during their deployment, including:
Strong, unique passwords
Two-factor authentication (2FA/2SV)
The traveller should ensure that they are connecting to websites over HTTPS where available. For online browsing that must remain private, the traveller might also use:
Standard 9. Secure communications
The traveller should only use end-to-end encrypted communication tools for sensitive or confidential conversations during their deployment.
Examples of recommended end-to-end encrypted communications tools at this time include:
Signal for chat and voice and video calls
FaceTime for video conferencing on Apple devices
ProtonMail for email
Note that end-to-end encryption only prevents the content of communications from being exposed; metadata, including sender and recipient information and the dates and times when messages are sent and received, is much more difficult to hide, and can reveal much about social networks and communication patterns.
Standard 10. Correct paperwork and permissions
The traveller should ensure that they have the correct visas, permits and other travel permissions prior to travel.
Violation of immigration, work and residence laws can result in severe penalties, including imprisonment, fines, deportation, a travel ban and/or an exclusion order, for example. This can present an immediate threat to the traveller, and also undermine the viability of the current assignment and the organisation’s ongoing work in the country.
However, there may be times when obtaining a business visa, for example, would draw unwanted attention from authorities and increase the risk to the traveller and/or local partners. On the basis of a risk assessment, it may therefore sometimes be necessary to travel on a tourist visa, for example.
The traveller should note that their travel insurance policy may not cover being detained for having incorrect visas or permits. The traveller should discuss this with their insurer, and take out an alternative policy that does cover covert travel if required.
Standard 11. Risk assessment
The traveller should complete a travel risk assessment using their organisation’s standard risk assessment form.
The assessment should cover threats to their safety, security and health, including:
Surveillance and monitoring
Wellbeing and mental health
The traveller can use the Security Risk Assessment Tool (SRAT) from Open Briefing if their organisation does not have a standard form.
Standard 12. Contingency plans
The traveller should create primary and alternative hibernation, relocation and evacuation plans.
Hibernation is a shelter-in-place plan; relocation is a move to a safer location within the same country; evacuation is a move across an international border. The traveller should ensure that their primary and alternative options for each do not rely on the same transport mode or hub (e.g. road travel or international airport).
The traveller can use the travel contingency plans template from Open Briefing if their organisation does not have a standard form.
Standard 13. Personal security training
The traveller should have completed in the last three years, or will complete prior to deployment, personal security training with a reputable provider that is appropriate and proportionate to the threats present in the operating environment.
Travellers can complete different levels of security training dependent on the threat rating of the country that they are deploying to:
Medium: Personal/travel security (2-3 days)
High: Hostile environment awareness training (HEAT, 4-5 days)
While syllabuses vary from provider to provider, all levels of security training should include sessions on:
Civil unrest and demonstrations
Building security (office, residence and/or hotel)
Sexual harassment and assault
Wellbeing and resilience
Basic first aid, including basic life support
HEAT training should include the modules set out above, plus additional training on:
Official and unofficial checkpoints/roadblocks
Direct and indirect fire
Kidnap and hostage survival
Conflict de-escalation and self-defence
Intermediate first aid, including catastrophic bleeding
For remote and/or violent environments where pre-hospital emergency care is not readily available, travellers should complete a separate advanced first aid training course (5 days) to FREC 3/FPOS-I standard or higher.
Standard 14. Crisis response insurance
The traveller should obtain suitable crisis response insurance from a reputable provider.
A response consultant with sector-specific experience
Unlimited consultant fees and expenses
The ransom cover required by the organisation’s policy on ransom payments
Standard 15. Individual trauma kit
The traveller should take an individual trauma kit and know how to use the contents.
The individual trauma kit should include at a minimum:
Catastrophic bleed kit (C-A-T tourniquet, haemostatic gauze, Celox Applicator, emergency bandage – aka ‘Israel dressing’)
Nasopharyngeal and oropharyngeal airways
Paramedic shears, examination gloves, resuscitation face shield
Standard 16. Wellbeing and resilience strategies
The traveller should adopt proactive wellbeing and resilience strategies before, during and after their deployment.
Operating in insecure and violent environments can increase the risks of stress and trauma, potentially leading to mental health problems, inappropriate coping mechanisms, poor decision making and burnout.
The key is for travellers to design their own personal resilience plans for how they will maintain their mental wellbeing before, during and after their deployment. Travellers should consider steps to achieve the following:
Maintain good sleep hygiene, including establishing a regular nightly routine and a pleasant sleep environment, if possible.
Eat regular meals and follow a healthy diet.
Exercise or play sport.
Practice mindfulness, meditation or yoga.
Seek appropriate help, including from friends, family, colleagues or health professionals, if health or wellbeing is deteriorating.
Keep in touch with friends and family.
For optimal resilience, travellers should try to avoid:
Using drugs or alcohol as a way of coping.
Failing to address physical illness or injury.
Taking unnecessary risks.
Withdrawing from people that could provide support.
Employers should also have formal wellbeing and resilience procedures in place, including details of any counselling support and Psychological First Aid training that will be offered to staff and line managers.
Standard 17. Reconsider travel
The traveller should not deploy if the risk assessment determines that the level of risk to the traveller sits above the organisation’s risk threshold.
The organisation should have a clearly articulated risk threshold that sets out what is, and is not, an acceptable level of risk to their staff. If it is determined that the risk to the traveller in-country is above this threshold, then the traveller should not deploy, unless the risk statement includes provision for accepting higher levels of risk under certain circumstances. If such an exception is in place and the circumstances are met, then the traveller will need to provide their informed consent and adopt further mitigation measures prior to deployment.
Standard 18. Sat phone
The traveller should take a sat phone on a satellite network that provides coverage of the country to be visited.
The traveller should check the network coverage of the areas to be visited. Note that while satellite phone networks encrypt voice traffic, the two main encryption algorithms used in sat phones are vulnerable to attacks that may allow eavesdropping on calls; therefore, sat phones should not be used for secure communications.
The traveller should note that sat phones are banned or restricted in some countries.
Standard 19. GPS tracker
The traveller should take a GPS personal tracker (and vehicle tracker if relevant to the deployment).
The traveller should be aware that while all trackers use GPS (and potentially GLONASS) to locate the user, some devices then use GSM (mobile/cell) to communicate that location to the online tracking platform while others use one of several satellite networks. The technology used will dictate whether the tracker will work effectively in the expected operating environment, as GSM will only work where there is cell coverage (so will be better suited to urban environments) and satellite communication may be poor indoors or in built-up environments (so will be better suited to rural locations).
Note that some trackers (e.g. the NAL Shout GSM) can communicate location data via both GSM and the Iridium network, but are considerably more expensive than GSM-only options.
Another factor to consider is that some devices and apps can geolocate and communicate with the tracking platform via wifi, and so may be more effective in compounds and residences/hotels, for example, than trackers without wifi capability.
Standard 20. Body armour
The traveller should wear a ballistic helmet and body armour configured for their mission and proportionate to the ballistic threat present in the operating environment.
The traveller will need an overt and/or a covert cover that contains soft armour panels, which are designed to protect against most handguns and small arms ammunition. If protection against high-calibre and armour-piercing rounds is required, the traveller will also need hard armour plates, which can be worn in pockets on the front and back of the cover or in a separate plate carrier. Hard armour plates tend to work in conjunction with the soft armour panels to achieve the desired level of ballistic protection.
The US National Institute of Justice (NIJ) body armour performance standards are:
Level IIA: 9mm FMJ RN; .40 S&W FMJ
Level II: 9mm FMJ RN; .357Magnum JSP
Level IIIa: .357 SIGFMJ FN; .44 Magnum SJHP
Level III: 7.62mm FMJ (M80)
Level IV: .30 Cal AP (M2 AP) (Rifle)
For reference, soft armour panels rated at NIJ Level IIIa are designed to provide protection against most handgun rounds, submachinegun rounds and 12-gauge shotgun shells. With the addition of hard armour plates rated at NIJ Level III, the wearer should be protected against the 7.62mm rounds used in the ubiquitous AK-47 type assault rifles as well as against US military M80 rounds. Note that ballistic helmets tend to be rated to NIJ Level IIIa.
Note that some countries impose import restrictions or licensing requirements on body armour, as it may be treated as military equipment.
First published: 30 April 2020
This version: 30 April 2020