main, Press Room, Reports

Hajj Mismanagement by Saudi Arabian authority: A purview


Hajj is the mandatory karma of Islam. Every Muslim wishes to perform Hajj. This also shows his deep affection for Islam. But ever since the institution of Saudi Arabia came to light, it is not only discriminating against the Hajis continuously but also the frequent incidents in history are enough to establish that the Government of Saudi Arabia cannot manage the management of Hajj.

Hajj is an Islamic pilgrimage to Mecca and the largest gathering of Muslim people in the world every year. It is one of the five pillars of Islam, and a religious duty which must be carried out by every able-bodied Muslim who can afford to do so at least once in his or her lifetime. Hajj is a unique gathering of its kind and poses a challenge to its organisers. Management of the annual pilgrimage to Mecca known as Hajj is a very complex task.

Recently many types of identification and sensor devices, including RFID tags, have been developed. Such technologies, together with the use of database can be extremely useful in improving the Hajj management. Information leakage is a real and growing problem. Every month, news about another organization leaking confidential information becomes public. These are the known cases that have a visible impact.

Many similar incidents occur daily and the vast majority of information leaks are accidental: it is not solely the result of intentional, harmful actions. Unintentional data loss is perhaps more dangerous because those affected are not necessarily aware of, or able to act on, the problem. Aside from any other impact, information loss may represent a very high cost for organizations. Information loss as both direct and indirect costs: the intellectual property or industrial information itself together with the cost of handling the consequences of its loss. Indirect costs include: loss of credibility, erosion of competitive advantage and regulatory transgressions.

Failure in Mass Gathering Management during Hajj

Annually, millions of Muslims embark on a religious pilgrimage called the “Hajj” to Mecca in Saudi Arabia. Management of Hajj activities is a very complex task for Saudi Arabian authorities and Hajj organizers due to the large number of pilgrims, short period of Hajj and the specific geographical area for the movement of pilgrims. The mass migration during the Hajj is unparalleled in scale, and pilgrims face numerous problems. Including RFID tags there are many types of identification and sensor devices developed for efficient use. Such technologies can be used together with the database systems and can be extremely useful in improving the Hajj management. The information provided by the pilgrims can be organized in the Hajj database and can be used to effectively identify individuals. The current system of data management is mostly manual, leading to various leaks. As more of the sensitive data gets exposed to a variety of health care providers, merchants, social sites, employers and so on, there is a higher chance of risk. An adversary can “connect the dots” and piece together the information, leading to even more loss of privacy. Risk assessment is currently used as a key technique for managing Information Security. Every organization is implementing the risk management methods. Risk assessment is a part of this superset, Risk Management. While security risk assessment is an important step in the security risk management process, this paper will focus only on the Risk assessment. An adversary can “connect the dots” and piece together the information, leading to even more loss of privacy. Risk assessment is currently used as a key technique for managing Information Security. Every organization is implementing the risk management methods. Risk assessment is a part of this superset, Risk Management. While security risk assessment is an important step in the security risk management process, this paper will focus only on the Risk assessment. An adversary can “connect the dots” and piece together the information, leading to even more loss of privacy. Risk assessment is currently used as a key technique for managing Information Security. Every organization is implementing the risk management methods. Risk assessment is a part of this superset, Risk Management. While security risk assessment is an important step in the security risk management process, this paper will focus only on the Risk assessment.

Hajj is performed every year by pilgrims from 150 countries, but the database that is available in respect of these pilgrims is still in its simplest forms. Hence, there is a dire need for expanding and extending the available data, which would enable the Ministry to improve its performance in dealing with the special circumstances of the pilgrims of each country and to raise the standard of its service plans. The Ministry is seeking to realize that through the establishment of an information centre as part of its set up and to design programs for benefiting from information programs and banks connected with pilgrims in the countries of origin and in international organizations. This also applies in respect to Umrah performers and visitors to the Prophet’s (saw) Mosque.

It will realize that also through sending a number of its staff to specialize in what is known as “Area Studies” so that they may supervise the flow and modernization of information regarding the main areas of the world from which pilgrims arrive, the nature of the societal and political forces that are connected with the movement of pilgrims, the personalities that have an impact on them, the position of pilgrims in the stages pertaining to the adoption of political decisions in the countries concerned, its weight in relation to the ties of each country with the Kingdom, and the history of Hajj in those areas, in its cultural, literary, creative and religious dimensions.

To manage an event like Hajj, organisers need to employ the best available technology to ensure the wellbeing of its participants. Current Hajj management system, based on partly computerised files, is insufficient to manage the large number of pilgrims. There should be a new Framework that uses sensor and RFID networks to track pilgrims during the extended period of Hajj. The new framework would store the data of the pilgrims within the central database, which would be linked to the sensor and RFID networks. This would not only provide a framework for storing and retrieving pilgrim information but also be able to track and identify lost or dead pilgrims. As discussed, the current system is incapable to track, in real time, the pilgrims that are lost, injured or dead. Most of the current management problems can be solved through integrating a Centralised Hajj Database together with suitable Sensor & RFID networks. In the proposed system, the Hajj database will be used for storing and retrieving the pilgrim information. This with the Sensor network may be used to track or identify pilgrims within the designated Hajj areas. The development of the Hajj Management System will require a detailed analysis of the current processes for managing the workflow of pilgrims during the pilgrimage of Hajj using different modelling techniques to determine requirements and be able to develop appropriate solutions. This will enable the swift integration of technologies and the incorporation of any changes throughout the phases, such as the ability to track lost pilgrims during Hajj, if this was identified as a requirement.

Poor Risk Management during Hajj

The current administration and management of pilgrims of Hajj is largely manual, except for using some computerised file systems. Some government departments use their own management systems but their information is not integrated with the current administration and management of the Hajj. Data is often stored in files of different formats for different departments. Many of these files use their own means of identification, which would make it difficult to someone wanting to link the individual databases. Since there is no centralised database system for the overall management of information, there are many problems when attempting to compile personal information, which is scattered across several incompatible filing systems.

During the current registration process, pilgrims are provided with identifying wrist bands; these wrist tags provide only limited information about the pilgrim’s identity. In cases where these bands are damaged or lost there can be major problems in identifying the pilgrim, especially when the pilgrim is lost and is unable to communicate. This may lead the identification to be impossible.

The current system has no provision in place for collecting medical details of the pilgrims before issuing them with a visa. This puts other pilgrims at risk of catching communicable diseases, carried by affected pilgrims. Currently, each pilgrim is required to undergo certain immunisations before a visa can be granted. However, immunisations differ from country to country and no records are kept of individuals’ immunisations. The pilgrims from the third world countries are most likely not to fully implement the immunisation process.

When so many people are gathered in one place it is inevitable that people will get sick and that there will be some deaths. In order to deal with such eminent situations, hospitals require medical and personal information about their patients. Hospital staff can have difficulty in identifying pilgrims especially those who come from other countries. In cases when a patient dies without leaving any visible information, the hospital may not be able to inform the Maulim about the fate of the pilgrim. Even if the wrist band was found with the body, it may take considerable time, sometimes up to days, to identify the body. In some cases, especially when the tag is missing, the body may never be identified. The police and the morgue suffer the same problem. They may also be unable to identify a pilgrim who has been arrested or has died.


Maulim is useless in Hajj Management

The Maulim is responsible for managing all the pilgrims in their group and looking after them. The pilgrimage encompasses many places and the number of pilgrims usually is between four to six million. This exacerbates the problems of looking after a group of people. If a problem occurs with one of the pilgrims, that is if they are lost or injured, the Maulim may not be able to find them and may not know that they are in trouble; since tracking is impossible.

Passport handling is a big issue. When pilgrims reach at the airport, their passports are given to and held by the groups Maulim. From that time until the pilgrims return to the airport, at the end of pilgrimage, the passports remain in the custody of the Maulim. When pilgrims move from one city to another, the Maulim carries the passports and produces them at the various checkpoints along the journey. At the end of the journey, the passports are returned to the office of the Maulim. In this process, some passports can be lost, since they are being carried throughout the pilgrimage. Moreover, it can be difficult to expedite journeys in emergencies.

Hajj Fraudsters: Muslims shopping around for the best deal on a trip to Mecca, both in their local community and increasingly online, are attracted by packages flights, accommodation, visas which appear to offer good value for money. Some operators advertise large reductions. Individuals are asked to pay in cash or make a direct bank transfer prior to their trip and are told they will receive their tickets and travel documents nearer to the departure date. For some they never arrive.

Poor Risk Assessment during Hajj

Risk assessment is an important step in protecting people/workers in project, event, and business. For most, that means simple, cheap and effective measures to ensure your most valuable asset your workforce are protected. A risk assessment is simply a careful examination of what, in your work, could cause harm to people as complying with the law. It helps you focus on the risks that really matter in your workplace the ones with the potential to cause harm. In many instances, straightforward measures can readily control risk, so that you can weigh up whether you have taken enough precautions or should do more to prevent harm. Workers and others have a right to be protected from harm caused by a failure to take reasonable control measures. Accidents and ill health can ruin lives and affect your business too if output is lost, machinery is damaged, insurance costs increase or you have to go to court. You are legally required to assess the risks in your workplace so that you put in place a plan to control the risks. A risk assessment should be carried out for a proposed event considering all of the hazards, the nature and extent of the risks, and the action required to control them. This will be a legal requirement in many circumstances.



There are 4 steps to completing the risk assessment form:

  1. Identify hazards
  2. Identify who could be harmed
  3. Assessing the risk
  4. Action to control the risk.
  5. Identifying the hazards

A hazard is something with the potential to cause harm. Examples of things that should be taken into account include:

  • Any slipping, tripping or falling hazards
  • Hazards relating to fire risks or fire evacuation procedures
  • Any chemicals or other substances hazardous to health e.g. dust or fumes
  • Any vehicles on site
  • Electrical safety e.g. use of any portable electrical appliances
  • Manual handling activities
  • High noise levels
  • Poor lighting, heating or ventilation
  • Any possible risk from specific demonstrations or activities
  • Crowd intensity and pinch points
  1. Identifying those at risk

After hazard identification has been done, all groups of people who may be affected are specified for instance: Hajj managers, pilgrims, airport officers, immigration fellows, security people; those taking part in road users; members of the public (including children, elderly persons, expectant mothers, disabled persons), local residents and potential trespassers.



  1. Assessing the risk

The extent of the risk arising from the hazards identified must be evaluated and the existing control measures taken into account. The risk is the likelihood of the harm arising from the hazard. For each hazard note down the severity number and the likelihood number using the Risk assessment Matrix.  This process will produce a risk rating of HIGH, MEDIUM, or LOW.

  1. Action to control the risk

For each risk consider whether or not it can be eliminated completely. If it cannot, then decide what must be done to reduce it to an acceptable level. Only use personal protective equipment as a last resort when there is nothing else you can reasonably do. Consider the following:

  • Remove the hazard
  • Prevent access to the hazard eg by guarding dangerous parts of machinery
  • Implement procedures to reduce exposure to the hazard
  • The use of personal protective equipment
  • Find a substitute for that activity / machine, etc.

The residual risk is the portion of risk remaining after control measures have been implemented gives suggested actions for the three different levels of residual risk.



Reply your comment

Your email address will not be published. Required fields are marked*