Research & Intelligence partnered with Global Crisis Management to create a survey and gather intelligence on travel risk management. The survey seeks to explore the topic of travel risk management (TRM) and looks at the travel buyers’ experiences creating and managing their organizations’ TRM programs, including measures that may improve the health, safety and security of business travelers on the road.
BCD’s Global Crisis Management team not only provides an operational service by monitoring world events and distributing reports of potentially affected bookings following an incident but are subject matter experts of travel risk management. Through their expertise in assessing various organizations’ TRM programs through the Traveler Security Program Assessment , GCM believes that an ideal TRM program is comprised of three elements: plan, support and review. This survey addresses an organization’s competency in each of those areas by looking at relevant program components through the lens of the ISO 31030:2021, Travel risk management – Guidance for organizations.
By combining the knowledge of Research & Intelligence with the expertise of Global Crisis Management, the Travel Risk Management travel buyer survey was created.
The importance of the ISO 31030:2021
In 2021, the International Organization for Standardization created ISO 31031:2021, which is the first standard specific to travel risk management. It is available for purchase through the ISO website.
With this new standard in place, now is a great time to see what travel buyers have to say about their organizations’ TRM programs, as well as bring awareness to areas that could be improved upon by using advice from ISO 31030:2021. For more information, please see this video series for brief overviews of each section of ISO 31030:2021, presented by the Global Crisis Management team.
ISO 31030:2021 is a standard that provides a general framework, but organizations are not yet able to earn ISO 31030:2021 certification. However, BCD Travel’s Traveler Security Program Assessment is aligned with the guidance of ISO 31030:2021 and can assist organizations with assessing their current TRM program to ensure they are aligned with the industry’s latest advice.
We surveyed travel buyers to gauge their familiarity with ISO 31030:2021, and you can see that only 14% have read it, and 11% are somewhat familiar. With three-quarters of travel buyers having little to no knowledge of the new guidance, organizations could potentially be missing important components of their TRM program.
Survey participants at a glance
A total of 96 travel buyers completed the survey.
Travel risk management program stakeholders
Multiple areas of the organization must have a stake in the TRM program due to the complexity of travel risk and all the areas that can potentially be affected. According to section 5.3 in ISO 31030:2021, top management within an organization is fully responsible no matter where responsibilities have been entrusted, so it’s promising to see 58% of travel buyers surveyed state that the C-Suite / Executive Team are their programs’ decision makers. Travel is the most used leader of the TRM program at 29%, with the top contributor being HR at 63%.
Planning the travel risk management program for success
Policy and compliance
What organizations consider when assessing travel risks
Risk mitigation
Source of destination intelligence
Policy and compliance
Percentage of companies with a TRM policy
Whether the TRM measures are part of the travel policy or in a standalone TRM policy, the organization must communicate the policy and any updates to their travelers. Creating a culture of safety and encouraging “duty of loyalty” through codes of conduct and acknowledgement of communications will ensure employees are managing their personal safety while considering the controls set in place by the organization.
How organizations encourage compliance with TRM initiatives
Promote employee responsibility for personal safety while traveling
56%
Require employee acknowledgement of communications sent
42%
Communicate the importance of employee’s duty to comply with security measures
63%
A company code of conduct to follow while traveling
42%
Don’t know
4%
None
8%
What organizations consider when assessing travel risks
94%
Travel destination
71%
Mode of transportation
59%
Quality/availability of medical services
58%
Potential impact of the company
55%
Unique risks associated with traveler
44%
Cybercrime
6%
Other
4%
Don’t know
1%
Nothing is considered
Every trip can have a different risk profile, not just associated with the destination and mode of transportation but also with available infrastructure and the varying risk profile of each traveler. For example, travel to a destination with high air pollution could be considered high-risk for an asthmatic person but lower-risk otherwise.
Risk mitigation
Once the risks have been assessed and to ensure business resiliency, organizations may need to use multiple risk treatments to mitigate the risk to a more tolerable level, according to section 7.1 in ISO 31030:2021.
The chart illustrates that providing destination information and alerts as well as pre-trip approvals, appropriate medical interventions, and education are frequently used among organizations.
Travelers say…
• 67% are likely to usetravel security training • 45% don’t know if their organization offers training • 26% state their organization does not offer training
Source: TRM Traveler Survey published November 2022
Source of destination intelligence
Destination intelligence plays a crucial role in travel risk management, as it supplies destination briefings, travel alerts, and medical & security requirements. This information needs to be from a trusted source that is both timely and reliable. Almost three-quarters of organizations source their intelligence from a third-party provider, with 58% who also use their travel management company (TMC) to provide destination intelligence.
BCD Travel offers the COVID-19 Information Hub to help you make informed, confident and safe travel decisions.
Supporting business travelers during their trip
The frequency security and health incidents are addressed by organizations
Where companies may be falling short in offering the measures travelers need to feel safe
Emergency contact for travelers
Safety measures provided for travel to high-risk destinations
Location awareness
Travelers’ opinions on tracking via Internet-connected devices
Measures to reduce the impact of security or health incidents
Support for blended travel
Post-trip support
The frequency security and health incidents are addressed by organizations
This chart would’ve looked much different prior to COVID-19 when most public health emergencies were typically isolated to certain regions (e.g., Zika, Ebola, avian flu, etc.). The pandemic shifted the short-term focus to public health, and as illustrated in the chart below, will remain there as pandemic / public health emergency is now the most regularly addressed type of incident. Next are natural disasters, with an increase in catastrophic weather events due to the impacts of climate change, followed closely by cybercrime, which has also increased since the start of COVID-19 as cybercriminals target a rapidly expanded remote workforce.
Where companies may be falling short in offering the measures travelers need to feel safe
The data illustrates a noticeable gap between some of the measures that travelers indicated make them feel safe and what organizations are offering. In addition to receiving destination information, travelers want instructions on what to do and whom to contact in an emergency. They also want their organization to be able to contact their next of kin.
Not knowing what to do in an emergency adds stress to an already stressful situation and could further jeopardize the employee, company assets, reputation and business resiliency. Empowering travelers to make smart and informed decisions is a win for everyone.
Emergency contact for travelers
How do employees know who to contact?
Information available on internet
80%
Noted on all travel itineraries
52%
Listed in travel policy
51%
Information provided during onboarding
25%
Listed on mobile app
49%
Employees provided a card
40%
Providing contact information on the intranet and travel policy is great, however, in an emergency, travelers need to access this information quickly. Another consideration during large-scale security incidents or in rural areas, is a traveler's ability to remotely access the intranet. These are both excellent reasons to provide emergency contacts on a card or hard copy of some kind as suggested by section 8.2 in ISO 31030:2021.
Safety measures provided for travel to high-risk destinations
There are some discrepancies when comparing traveler preference to what the organization provides. Most travelers don’t know what their organization offers which could indicate lack of engagement by the employer. It is also interesting to note that 27% of travelers prefer additional safety tools for the hotel, such as doorstops, travel locks, etc., however only 5% of organizations provide that to their travelers.
Travelers say…
• 36% don’t know what their organization offers for travel to high-risk destinations • 33% prefer destination briefings • 27% prefer additional safety tools for the hotel
Source: TRM Traveler Survey published November 2022
According to ISO 31030:2021, travelers need to be given trustworthy advice about the safety and health conditions of accommodations in preparation for travel to a high-risk destination. Having locally-sourced and trusted advice is also advised.
ISO 31030:2021, Annex F
Location awareness
Knowing where traveling employees are is an important component of travel risk management. There are a variety of methods for tracking or location awareness, and deciding which type to use should coincide with the size and capability of the organization. Using passenger name record (PNR) data appears to be the most common means of determining traveler location with awareness by global positioning system (GPS) being the second most used method. However, some travelers feel that GPS tracking infringes on their privacy. See travelers’ opinions on using internet connected devices below.
Methods used by organizations
79%
Booking/PNR data
24%
Mobile/GPS
21%
App check-in
12%
Credit card data
11%
None
6%
Other
5%
Don’t know
3%
Wearable or handheld device
Travelers’ opinions on tracking via internet-connected devices
Circumstances travelers would consider tracking by employer
27%
While in high-risk destinations
16%
With ability to “check-in”
16%
With possibility to turn off tracking
11%
During business hours
79%
Booking/PNR data
24%
Mobile/GPS
21%
App check-in
12%
Credit card data
Measures to reduce the impact of security or health incidents
The purpose of travel risk management is not always to eliminate risk but to enable employees to travel with known risks that are acceptable to the organization’s risk appetite. The organization should have systems and processes designed to reduce the impact on the organization should those risks become a reality. For this reason, insurance is widely used, with a variety of coverage available, such as comprehensive travel, medical and kidnap and ransom. Crisis response teams and evacuation coverage are used by almost half of respondents. Lastly, employee well-being offerings, used by about one-third of organizations, can reduce the impact to the travelers’ mental and physical health through fitness center subsidies, healthy eating options, subscriptions to virtual wellness providers, health tracking, etc.
Support for blended travel
Bleisure or blended travel seems to be one of the more confusing areas for travel risk management. When asked if support for blended travel is provided by the organization, 47% of travel buyers state there is none, while 64% of travelers don’t know if they are supported or not. Guidance in ISO 31030:2021 doesn’t stipulate whether support should be provided but indicates it should be clarified in the policy and communicated to employees.
Blended travel is here to stay with a market value of $497.5 billion in 2022, according to Future Market Insights and GBTA. With 2 out of 5 employees requesting blended trips, providing support can be a valuable tool in attracting and retaining top talent, which supports business resiliency and a strong company culture.
Post-trip support
Travel Buyers
Travelers
Source: TRM Traveler Survey published November 2022
Crossing multiple time zones, loss of sleep, change in eating habits, involvement in a security incident, personal health emergencies, service disruption, poor vendor experiences, and the list goes on of what could happen during a trip. Part of an organization’s duty of care is to ensure travelers have the necessary support for any type of trauma or stress experienced while traveling. The effects don’t stop once a trip is over and can have a long-lasting impact on both a traveler’s physical and mental health.
ISO 31030:2021 addresses traveler recovery, stating the organization should regard how travel may affect the health of their employees. It goes on to say that organizations should allow the proper “rest and recuperation” depending on the circumstances of the trip and communicate to travelers what they are allowed.
ISO 31030:2021, section 7.4.9.2
Continually reviewing the program for effectiveness and relevance
Audit and review of the program
Program updates communicated and accessible company-wide
Review high-risk destination list
Conduct tabletop crisis simulations to test program and response
Audit and review of the program
It’s best practice to document all TRM policies and processes for a variety of reasons, one of which is to have the capability to audit the program regularly. Changes to the organization, new third-party providers, and updates to the program provide an opportunity to review the program to ensure there are no issues. A breakdown in any of the processes within the TRM program could result in an organization not fulfilling their duty of care. Section 9.1 in ISO 31030:2021 states, the organization should assess, audit and analyze the various procedures within the TRM program to make sure they are working efficiently. The fact that the majority of respondents indicate they don’t know if their program is audited and reviewed could indicate it hasn’t been considered as a necessary process. 30% review their program annually which is what the standard recommends.
ISO 31030:2021 advises to fully review and audit the TRM program at least once per year, but there are circumstances that warrant an additional review.
ISO 31030:2021, section 9.1
Program updates communicated and accessible company-wide
It’s promising to see that 61% of organizations communicate and make program updates accessible across the organization. By keeping all stakeholders informed, the TRM program will work more efficiently. One notable piece of advice according to section 8.1 in ISO 31030:2021 is the TRM program shouldn’t only be communicated but also acknowledged by their employees. Know that efforts at engaging employees with important information is not being ignored by requiring an acknowledgement from the employee.
23%
No
61%
Yes
16%
Don’t know
Review high-risk destination list
Travel to high-risk destinations can mean a more aggressive approach to managing risk, which indicates a greater need to be aware of a destination’s risk rating. Considering the volatility of the world today, stemming from geo-political instability due to economic hardships, distrust of government, scarce resources, and regional conflicts, the risk profile of a destination can change quickly. Organizations should consider this when determining how often to review their high-risk destination list in proportion to their operational needs.
Conduct tabletop crisis simulations to test program and response
More than half of organizations surveyed don’t know if tabletop crisis simulations are conducted to test their program and response. Without testing these processes, organizations may not discover any issues until there is an active incident that requires activation of their incident management plan and could result in catastrophic losses. Hope for the best but plan for the worst.
ISO 31030:2021 recommends organizations should check their capability to respond to a crisis, including evacuation, by incorporating simulated exercises on a regular basis combined with timed practice responses.
ISO 31030:2021, section 7.4.11
Areas for improvement
Key findings from the survey
When conducting a risk assessment, consider more than travel destination and mode of transportation
Provide travel security training, both general (all travel) and destination-specific (high-risk travel)
Provide clear instructions to employees on what to do in an emergency
Communicate all emergency contact details to employees both digitally and in print
Have locally sourced intelligence and support in high-risk destinations
Create a policy around blended travel and communicate it to employees
Offer post-trip support
Audit and review the program regularly, especially when there are changes to providers or the organization
Create a consistent process for review of the high-risk destination list
Don’t wait until it’s too late to conduct crisis simulations
Mandy Jolley Crisis Program Manager, Global Crisis Management Kentucky, USA [email protected]
