We built safeguarding to protect people. Too often it has quietly become a system that protects us from the people we failed.
There are two promises folded into this work, and they belong together. The first is the protection of the communities we serve, especially the people with the least power in the room. The second is the care we owe the staff who carry the work, who absorb the stress of crisis and the weight of what they witness. Both promises are about the same thing: that no one is harmed by their proximity to us. We tend to manage them as separate files, on separate desks, measured by separate forms. The harm does not respect that separation.
This is not a piece about a failure of values. The people who write our safeguarding policies care deeply, and many of those policies are good on the page. The problem is structural, shared across the sector, and because it is structural it is ours to redesign together.
How protection becomes paperwork
Watch what a safeguarding system optimizes for over time, and a quiet drift appears. The measures that get counted are the ones that are easy to count: the policy signed, the training completed, the code of conduct on file, the annual figure reported upward. Each began as a sensible way to show the work was being done. But what is countable slowly becomes what is real, and the harder, slower work of actually protecting a person has no clean box on the form.
The incentive underneath is the one to name. A system reviewed mainly by funders and auditors learns to produce evidence that reassures funders and auditors. Reputation becomes the asset we instinctively defend, because a reputational hit can end a grant while an unheard complaint rarely does. So the machinery tilts, without anyone deciding it should, toward protecting the organization from exposure rather than the person from harm. We end up rigorous about documentation and strangely quiet about whether anyone is safer.
When that tilt sets in, the cost lands where we can least afford it. A person who comes forward meets a process built to manage risk to the institution, and they feel it. A staff member who raises a concern learns whether honesty is genuinely wanted here, or merely filed. The signal travels fast, and the next person stays silent. The harm does not disappear when it goes unreported. It simply stops reaching the people who could act on it.
A safeguarding system reviewed mainly by funders learns to reassure funders. The person it was built to protect is standing somewhere else.
What real protection looks like
The fix is not a thicker policy or another mandatory module. It is a shift in who the system is built to serve, and it is work we can begin now.
Measure the experience, not only the activity. A signed policy tells us a document exists. It does not tell us whether a person who needed help could find a safe way to ask, was treated with dignity when they did, and saw something change. Track that, ask the people closest to the harm directly, and let their answer carry the same weight as the audit figure. What we measure is what we end up protecting.
Make the channel safe and make it answer. A reporting line that routes through the person a concern is about, or that disappears into silence, teaches everyone to stop using it. Build routes that do not depend on the goodwill of the implicated, protect the person who comes forward in practice and not only in policy, and close the loop in plain view so people see that speaking up moved something real. Care and protection share this wiring. A team that cannot safely say a workload is breaking them is a team that cannot safely report a harm either.
Fund care as part of the work, not as a favor. Duty of care to staff is not the comfort we add once the budget is settled. It is protection of judgment. People who are depleted miss the early signal, and the early signal is precisely what keeps both staff and communities from being hurt. Honest workloads, protected recovery after hard stretches, and real support after exposure to distressing events are not soft extras. They are how a protective system stays awake.
Separate the two questions we keep merging. When something goes wrong, we tend to ask first how to limit the damage to us. The prior question, asked out loud and answered first, is how to make the affected person safe and supported. Naming that order, and holding to it on the day it is inconvenient, is most of the reform. The reputation we are tempted to guard is, in the end, better protected by an organization that visibly puts people first.
None of this asks us to abandon rigor. It asks rigor to point the right way. Funders share this interest, not against it, because a system that genuinely protects people is also the one that holds up under the hardest scrutiny. We can build the joint standards, the shared and trusted reporting routes, and the funded duty of care together, at the same table.
So here is the test worth holding ourselves to. When the next hard case arrives, watch who the system moves to protect first. If the honest answer is the institution, we have built compliance, and we can choose, deliberately and starting now, to build protection instead. The people who trust us with their safety, and the people who carry that trust on our behalf, deserve nothing less than a system that was built for them.