The International NGO Safety & Security Association (INSSA) has established a certification process to certify that NGO security risk management professionals possess the necessary competence to do their job safely and effectively. The INSSA Security Risk Management Competency Profile includes four certification levels increasing in responsibility and scope: Country, Regional, Global and Executive.
The exams can be taken by creating a free account on DisasterReady
INSSA has launched its certification program for security risk management professionals (SRMP) at Country and Regional levels (Global and Executive levels will follow) in four langauges.
Certification Requirements
Exam Specifications
The SRMP-Country level and SRMP-Regional level certification exams each consist of approximately 100 questions. The SRMP-Country level exam is based on the competencies outlined in the INSSA Security Risk Management Competency Profile as applied in a single country or project(s) within a single country. The SRMP-Regional level exam is based on the competencies outlined in the INSSA Security Risk Management Competency Profile as applied in multiple countries with greater levels of responsibility.
The exams are offered online for free at DisasterReady.org. To take either exam, individuals must have access to a computer and a reliable internet connection. While the exams will not be supervised, each must be completed in 3-hours. Preparing for the exams is strongly encouraged. Refer to the Prepare for Exam section for more information.
To register for the exam(s), sign up for a free account at DisasterReady.org or log-in if you already have an account.
Policies
Unauthorized disclosure of the questions on the exam or any form of cheating is unethical behavior and shall result in sanctions up to and including a failing mark and the denial of certification.
INSSA certification is voluntary. The INSSA certification credential is awarded to applicants based solely on their attainment of the necessary requirements to achieve the certification credential. The assessment requirements that are part of achieving certification are based on the INSSA Security Risk Management Competency Profile. The competency profile has been built with input from subject matter experts representing the NGO security risk management profession and is designed to indicate the level of performance required for recognition of competence. The guidelines for certification are focused solely on recognizing achievements, and on applied knowledge, rather than on, for example, predicting future job performance. Any use of certification results for any reason other than recognition, or to measure knowledge not explicitly described in the competencies, is not considered valid. Any use of the INSSA certification credential for the granting of a license, selection, promotion, or other non-voluntary purpose is also not valid.
INSSA promotes high standards of ethical, moral, lawful, and civic conduct. Accordingly, members of INSSA, participants in INSSA’s mentoring program, applicants for certification, those issued certifications by INSSA, and all others participating in INSSA’s programs or otherwise with INSSA must abide by such standards. INSSA respects and is committed to protecting all applicants’ personal information. INSSA collects personal information, such as for certification purposes, to keep statistics on its certification program and reporting requirements, and to promote the quality and integrity of INSSA’s programs.
Answer 1
Answer 2
Answer 3
Still have questions? Contact INSSA or DisasterReady for further information.
In partnership with DisasterReady, INSSA is pleased to offer FREE resources to help you prepare for the Security Risk Management Professional – Country (SRMP-C) and Regional (SRMP-R) certification exams. Preparing for the exam(s) is strongly encouraged. Most of the resources are in English with some in French and Spanish. To access the resources, sign up for a free account at DisasterReady.org or log-in if you already have an account.
Prepare for your exam with the SRMP Certification Exam Preparation Resources.
Below are sample questions of the type to be found in the INSSA Security Risk Management Professional – Country Certification exam. Good luck!
Matt is on a tight deadline to submit his risk identification report to his Regional Manager. He is considering conducting the identification process without speaking to any of the stakeholders. What could be the immediate outcome for Matt and his organization if he proceeded with this decision?
A) The security budget is not calculated appropriately.
B) The donors refuse to allow the project to continue.
C) Risk control measures are not properly applied.
D) Potential risks could be overlooked.
Rationale:
Bringing together different levels of expertise ensures that various levels of risk are appropriately identified and included in the risk identification plan.
Reference: ISO 31010 4.3.2
Competency: A1
A program officer and a security manager are planning a focus group discussion with community members on potential risks related to projects on female empowerment in local secondary schools. What is the best approach for them to take to define the context?
A) Identify any increase of risk with the introduction of a female empowerment project.
B) Review the roles of the humanitarian principles in relation to education.
C) Define gender equality in the school environment.
D) Discuss the role of girls and how they are viewed by community members.
Answer: D
Rationale:
Successful risk assessment must begin with defining the context appropriately before you can move on to other steps of identification.
Reference: ISO 31010 4.3.2
Competency: A1
Organizational information systems, information flows, and formal and informal decision-making processes are all a part of establishing which type of context in regard to the organization?
A) External
B) Technological
C) Local
D) Internal
Answer: D
Rationale:
Evaluating the organization’s internal context may include information systems, information flows and decision-making process (both formal and informal)
Reference: ISO 31000 4.3.1
Competency: A2
At what point does a critical incident become a crisis?
A) When families are notified that a security situation has involved a family member.
B) When the incident escalates and requires senior management to lead and oversee coordination.
C) When local authorities are called in to assist.
D) When the organization shuts down operations due to a security incident.
Answer: B
Rationale:
A critical incident or series of such incidents becomes a crisis when its nature, severity or broader consequences for an organization warrant a response beyond the capacity of routine program management mechanisms, i.e. requiring leadership and coordination from senior management level.
Reference: EISF Crisis Management 3. P.5
Competency: D1
Due to the nature of crises, the management of a Crisis Management Team (CMT) usually requires which type of decision making structure?
A) Centralized
B) Networked
C) Bottom-up
D) Consensus-based
Answer: A
Rationale:
Due to the nature of crises, their management usually requires a more centralized decision-making structure than regular operations.
Reference: EISF Crisis Management 5.1
Competency: D1
Cognitive Domain: Knowledge
