Disclosure LibraryPractitioner guidance for every reporting disclosure
Home Disclosure Library GRI GRI 410 GRI 410-1
GRI 410: Security Practices · 2016
Disclosure GRI 410-1

Security personnel trained in human rights policies or procedures 8

Practical guidance for preparing this disclosure. Use this card to identify datapoints, verify claims and organise supporting evidence. For exact requirements, always refer to the official GRI source.

Dr Ross Kurinko, GRI Certified Trainer
Reviewed by Dr Ross Kurinko · GRI Certified Trainer LRA educational guidance · Not issued or endorsed by GRI
To prepare this disclosure
Disclosure focus

This disclosure asks an organisation to explain how much of its security workforce has been trained on the organisation’s human rights policies or procedures. In practice, the focus is on whether the people providing security understand the human rights expectations that apply to their work, and how widely that training has been delivered across the relevant security personnel.

The practical question is coverage: has training reached all security staff, or only certain teams, sites, or contractors? A useful report will make clear the scope of the security personnel included, whether the training applies across operations or only at selected locations, and how the organisation knows the training has been completed.

This LRA educational guidance supports disclosure preparation. For the exact requirements, always refer to the official GRI source.

Before you start

A quick mental checklist before you prepare this disclosure — tick each as you settle it.

Preparation

Key datapoints to prepare

Datapoint What to capture Evidence hint Owner
Trained security share The share of security staff who have completed formal instruction on the organisation’s human rights policy and the procedures they must follow when providing security. Capture the numerator and denominator used for the percentage, and make sure the population covered is the security workforce for the reporting period. Training attendance records, completion logs, security contractor training records where relevant, and the headcount basis used to calculate the percentage. Security / Human Rights / Learning and Development
Contractor training coverage Whether the same training expectation is extended to outside organisations that supply security personnel. Capture a clear yes/no position based on the organisation’s policy or contract terms, and note whether those third-party providers are included in the training requirement. Security procurement terms, supplier contracts, service agreements, policy statements, and any instructions issued to contracted security providers. Procurement / Security / Legal
+ Show GRI 410-1 sub-elements (LRA working checklist)

How to prepare it

1Set the reporting boundary first: decide which security staff are in scope for the figure, and whether any outsourced security providers are included in the same check.
2Define what you will count as formal training for this topic, using one clear internal rule so the same test is applied to everyone in scope.
3Gather support for the percentage, such as training records, attendance logs, completion certificates, or other internal evidence that shows who has been trained.
4Calculate the share of covered security personnel who meet the training test, and present the result as a percentage with the correct unit.
5State separately whether your training rule also covers external security suppliers, so readers can see if the same expectation applies beyond your own employees.
6Before finalising, compare the draft against the official source, and note any exclusions, boundary changes, or assumptions so the reported figure can be traced and reviewed.
Request the data

Request the security training evidence

Translate the disclosure into an internal business question — then adapt it to your organisation's own language.

What share of our security workforce has completed training on our human rights policy and the related security procedures, and does that training expectation also cover any outsourced security providers?

Use your organisation’s own terms first, then map them to the disclosure. For example, if you call this team ‘site protection’, ‘guarding’, ‘contracted security’ or ‘front-of-house security’, keep that language in the request and only translate it later for reporting.

Weak request

Please provide the GRI 410-1 data showing the percentage of security personnel trained in human rights policies or procedures, and confirm whether third-party security personnel are included.

Why it fails: This uses framework language only, so the owner may not recognise which team, system, or local training record to check. It also does not specify the period, boundary, counting basis, or the organisation’s own names for the training and security groups, so the response may be incomplete or inconsistent.

Better request

Please send the security training evidence for [reporting period]: the number of guards / patrol staff / control-room staff in scope, how many completed the human rights or security conduct module, the percentage calculation, and whether contracted security teams are covered by the same training expectation. Use your own team labels and source system names, and include any exclusions or assumptions.

Formal email template
Subject: Request for security training evidence for [reporting period]

Hi [name],

I’m pulling together the internal evidence pack for our sustainability reporting and need your help with the security training data for [reporting period].

Please could you share:
- the number of security personnel in scope;
- the number who completed the relevant human rights / security conduct training;
- the calculation basis used to derive the percentage;
- whether contracted or outsourced security teams are included in the same training expectation;
- the source file or system extract, plus any notes on exclusions or assumptions.

Please use your team’s own terminology in the response, and I’ll map it for reporting. A possible LRA training template is attached for reference only; please adapt this to your organisation and check the official source before sign-off.

If helpful, you can return the information in the table below or in your usual format.

Thanks,
[preparer name]
Short Teams / Slack version
Hi [name] — could you send over the security training evidence for [period]? I need the headcount in scope, how many completed the human rights / security conduct training, the % calculation, and whether contractor security is covered too. Please use your usual team terms; I’ll map them later. A possible LRA training template is attached for reference only — please adapt this to your organisation and check the official source before sign-off.
Industry examples
Manufacturing

Context. A plant uses in-house site protection plus a contracted guarding firm at gates and loading bays.

Adapted request. Please share the site protection training record for [reporting period]: headcount in scope at the plant, how many completed the human rights and conduct briefing, the percentage, and whether the guarding contractor is included in the same training rule. Use the names your team uses for the module and the contractor record.

Example response. Plant security in scope: 18; completed briefing: 15; completion percentage: 83.3%; contractor guards included: Yes; contractor in scope: 6; contractor completed: 6; source: LMS export and supplier compliance log; notes: one new starter completed after period end and is excluded.

Retail / Logistics

Context. A distribution network has warehouse security staff and outsourced overnight patrols across multiple depots.

Adapted request. Please provide the depot security training summary for [reporting period]: the number of warehouse and patrol security staff in scope, how many finished the human rights / site conduct training, the percentage, and whether the overnight patrol supplier is covered too. Please use your operational terms and the usual tracker or supplier report.

Example response. Warehouse security in scope: 42; completed training: 39; completion percentage: 92.9%; outsourced patrols included: No; reason: supplier training is tracked separately and not yet aligned to the same module; source: training tracker; notes: two staff were on long-term leave and one joined after the cut-off.

Draft your disclosure

Notes that turn data into a disclosure

LRA training templates — adapt them to your organisation, and check the official source before sign-off.

Method note

State how you defined the security workforce, what counted as formal instruction, and whether the figures include only the organisation’s own staff or also contracted providers.

Context note

Explain what the percentage says about how far rights-related training has been embedded across the security function and whether the same expectations extend to external providers.

Fluctuation statement

If the figure changed from the prior period, note whether the movement reflects more people being trained, changes in the security workforce, or a wider use of external security providers.

Content index entry
GRI 410-1 Security personnel trained in human rights policies or procedures 8 — [location / page] / [notes]
Download Centre

Preparation tools & forms

Professional preparation tools for GRI 410-1 — free with an LRA Community membership. Register once (it's free) and every download unlocks, together with the Disclosure Library, templates and the LRA AI-assistant.

Free · Community members
Assurance readiness

For each claim, check the evidence

ClaimRiskEvidence to check
I have calculated the coverage figure from the security staff we treated as in scope for the reporting period, and I can show how that headcount was built up and why any exclusions were made.An assurer will check whether the denominator and exclusions were chosen consistently, whether the in-scope population is complete, and whether the percentage could be overstated by leaving out relevant personnel.Scope note for the security workforce count; payroll, contractor and site rosters; inclusion/exclusion criteria; reconciliation showing the in-scope total; working paper for the percentage calculation; management review sign-off.
I have used a clear rule on whether people supplied by outside security firms were included in the training coverage, and that rule was applied consistently across the disclosed operations.An assurer will probe whether third-party guards were treated the same way as direct employees, whether the boundary was applied consistently, and whether the reported figure omits a material part of the security workforce.Contractor scope policy; supplier contracts or service schedules; list of third-party security providers; evidence of how contractor personnel were counted; site-level consolidation file; exception log for any sites or providers treated differently.
I have kept evidence that the training content covered the organisation’s human-rights expectations and the practical steps security staff were meant to follow, and I can trace completion back to named individuals.An assurer will test whether the training actually covered the stated subject matter, whether completion records are reliable, and whether the evidence supports the reported percentage rather than a generic attendance count.Training materials and agenda; policy or procedure referenced in the course; attendance/completion records; learning management system export; trainer records; sample checks linking named personnel to completion dates; version control for the course content.
Before publication, I checked the underlying data for duplicates, missing records and obvious errors, and I reconciled the final figure to the source lists used in the calculation.An assurer will look for data-quality weaknesses such as double counting, incomplete records, outdated source files or arithmetic errors that could affect the reported percentage.Data validation checklist; duplicate and exception reports; reconciliation between source lists and final workbook; calculation file with formulas; review notes from the preparer and reviewer; evidence of corrections made before sign-off.
I have retained the working papers and source records needed to explain how the figure was prepared, so the calculation can be re-performed from the same evidence set.An assurer will assess whether the audit trail is sufficient to reperform the calculation, whether documents are complete and retained, and whether the evidence set matches the published number.Final calculation pack; source documents supporting the numerator and denominator; version history; approval trail; retention location and access controls; evidence that the published number matches the final approved file.

Evidence pack to prepare

Common reporting gaps

A percentage is stated without the underlying counts (numerator and denominator).The denominator — what the figure is a share of — is not explained.Partial scope is reported as if it were complete coverage.One-off activities are counted as if they were ongoing programmes.Boundary or period changes that move the figure are not flagged.Exclusions from the reported scope are not listed or explained.
Common gaps

Mistakes to avoid when collecting the data

Wrong data owner
The request goes to the wrong team, so the people who hold the training records and contractor lists are never asked for the source data.
Framework language only
The ask is written in disclosure jargon instead of the organisation’s own terms, and the operational team cannot map it to their training logs or security roster.
Scope left vague
No one states which security workers are in scope, so site staff, head-office guards, and outsourced teams get mixed together by mistake.
Wrong time basis
The count is pulled from a different period than the one being reported, so the training status no longer matches the reporting window.
Mixed counting method
Some records are counted as individual people while others are counted as training events, which makes the percentage unusable.
Source labels stripped out
The original tags from the training system and contractor files are lost during extraction, so the team cannot trace each figure back to its source.
Populations merged too early
Employees and third-party guards are combined before checking whether the same training rule applies to both groups, which hides a real difference in coverage.
Evidence trail incomplete
The file set has numbers but no supporting metadata, so dates, version history, and document origin cannot be checked later.
No review sign-off
The draft is passed on without a named reviewer confirming the figures, so there is no clear trail showing who checked the data before disclosure.

Where judgement is often needed

Set the population before calculating the percentage
Decide which security staff sit in scope for the period, then calculate the share trained from that same defined group and explain any exclusions, such as people who joined or left during the year.
State how contractors are treated
If outside security providers are included in your training rule, say so clearly and use the same treatment in the percentage and the yes/no answer; if they are not included, explain that boundary.
Use one country rule where local definitions differ
Where local law or internal practice uses different labels for security roles or training content, map those differences to one organisation-wide approach and disclose the basis used.
Be clear on timing for new starters and leavers
Choose whether the figure reflects training completed by the reporting date, during the year, or another cut-off, and explain how people who were hired, transferred, or exited are handled.
Explain whether the figure is exact or estimated
If the percentage is built from system records, manual logs, sampling, or a mix of sources, say which method was used and note any estimate or judgement behind the result.
Round consistently and keep the yes/no answer aligned
Apply one rounding rule to the percentage and make sure the separate answer on third-party security providers matches the same scope used for the numeric figure.
Protect personal data when the team is small
If naming or breaking down trained security staff could identify individuals, aggregate the data and explain the privacy-driven grouping while keeping the percentage internally consistent.
Explain changes after acquisitions, disposals, or outsourcing
If the security workforce changed because sites, teams, or contracts were added or removed, disclose the boundary used for the period and whether prior-year figures were restated or left as reported.
Examples

Illustrative examples

Synthetic, written by LRA — not from a company report, not text from any standard.

Illustrative (synthetic) example — Utilities

*Synthetic illustration only.* We trained 184 of our 200 security staff on our human rights rules and the site-level steps they must follow when working on access control, patrols, and incident response, which is **92%**. - The same training requirement also covers the 3 external security providers we use; all 24 of their guards assigned to our sites completed the same programme. - We treat this as a group-wide rule for both our own personnel and contracted security teams, and we check completion before deployment and during refresher cycles.

This example shows how to report the share of security staff who have completed relevant human rights training, and whether the same expectation is extended to contracted security providers.

Illustrative (synthetic) example — Food manufacturing

*Synthetic illustration only.* In our factories and distribution centres, 57 of 60 in-house security officers finished training on our human rights policy and the practical instructions for applying it in day-to-day security work, giving a result of **95%**. - The training rule also applies to outside guarding firms: 18 of 20 contracted guards working for us were required to complete it, and 18 did so. - We apply the same onboarding check to both internal and external security teams before they are allowed to work on our sites.

This example shows how to disclose the proportion of security personnel trained in relevant human rights policies or procedures, and whether third-party security suppliers are included in the training requirement.

Company reports

How companies report GRI 410-1

Real reports where this topic is disclosed. These are report practice, not exact disclosure templates to copy.

Companhia Paranaense de Energia - COPEL
Electric Utilities / IPP / Energy Traders · Brazil · 2024
Open report →
Companhia Paranaense de Energia - COPEL’s 2024 Integrated Report provides specific data on whistleblowing, noting 434 reports registered in 2024 through a third-party company ensuring anonymity (p.97). The report also mentions responsibility for disseminating information to contracted companies in relation to security personnel training on human rights policies (p.265). However, details on the percentage of security personnel trained or further specifics on training programs related to human rights are not clearly provided.
Firstsource Solutions Limited
Professional Services · India · 2025
Open report →
Firstsource Solutions Limited’s ESG Report FY 2024-25 includes a reported percentage value related to security topics on page 247, indicating some quantitative disclosure (p.247). The report provides partial narrative context on cybersecurity threats and training, noting annual training programs for privacy and cybersecurity on page 69 and security briefings with reporting protocols on page 67, but lacks a clear headline value or comprehensive narrative on overall cybersecurity performance (p.59, p.67, p.69). Notably, the report does not clearly present detailed metrics or outcomes related to cybersecurity effectiveness, leaving some aspects of the disclosure incomplete or unclear.
Sumitomo Forestry Co., Ltd.
Home Building · Japan · 2025
Open report →
Sumitomo Forestry Co., Ltd.'s Sustainability Report 2025 includes a specific percentage value related to security personnel trained in human rights policies or procedures, as noted on page 536. The report also provides narrative information about relevant training and the revision and enforcement of fire prevention management procedures on page 344. However, details on the scope of personal information management and broader human rights policies are mentioned but not clearly quantified or elaborated, such as on pages 73 and 398.
✓ LRA AI Assistant · Human-in-the-loop
Dr Ross Kurinko
Ask Study Studio AI assistant about this disclosure
Get a practical answer for your reporting context. Your first answer is free — create a free account to continue the conversation.
TryHow do I prepare GRI 410-1?What data do I need to collect?Where can I see a real-report example?What mistakes should I avoid?
1 free answer
Check your understanding

Scenarios to work through

A warehouse operator uses in-house guards at the main gate and a contractor team at the night entrance. The HR team has records showing that 18 of 20 guards completed the organisation’s human rights briefing and the site search procedure, while the contractor’s supervisor says their staff were briefed but has no attendance log.

QHow should you decide whether the percentage and the yes/no point can be supported for this site?
Reveal model answer →

A logistics depot has 12 security staff. Ten completed an online module on human rights and use-of-force guidance, one completed a classroom session on the same topics, and one new starter is booked onto training next month but has not yet attended.

QDo you include the new starter in the trained percentage, and what is the right way to treat the other 11 people?
Reveal model answer →

A retail chain has 40 guards across five stores. The central compliance team has a spreadsheet showing 34 completed the annual human rights refresher, but two stores use a local guarding firm and the spreadsheet does not say whether those guards were included in the training programme.

QWhat should you check before using the 34 out of 40 figure in the disclosure?
Reveal model answer →

A manufacturing site has a training matrix showing 15 security officers completed a session on respectful search procedures and escalation rules. The site manager wants to report 100% because all officers attended a toolbox talk, even though only 15 of 18 have formal training records and the remaining 3 only signed a daily briefing sheet.

QWhich attendance evidence is enough, and what figure should be used?
Reveal model answer →
Framework references

Related framework references

How this disclosure maps across the major reporting frameworks.

GRI
GRI 410-1
within GRI 410: Security Practices
Open official source →
Primary
Related & explore
FAQ

Questions this page answers

For GRI 410-1 Security Practices, what data do I need to collect before I start drafting the disclosure?+
How do I use the step-by-step 'how to prepare' section for GRI 410-1 Security Practices?+
Who should own the GRI 410-1 Security Practices data in practice?+
What evidence should I keep for GRI 410-1 Security Practices to be assurance-ready?+
What are the common mistakes to avoid when reporting GRI 410-1 Security Practices?+
How do I turn the GRI 410-1 Security Practices data into a draft disclosure?+
Can I use the synthetic example on the GRI 410-1 Security Practices page as a template for my own disclosure?+
What does the GRI 410-1 Security Practices workbook help me do?+
What is the printable Library Card for GRI 410-1 Security Practices used for?+
Does the GRI 410-1 Security Practices page give an ESRS, CSRD or ISSB mapping I can rely on?+
More questions this page can help with