IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Security management is the term most commonly used to describe the role of heads of security and other security professionals. In this guide we explore the scope of the roles, training, qualifications and standards of a group also know within the industry as ‘end users’.
Security management: what does it involve?
The role of security management involves the identification of one’s assets – buildings, people, products, information and infrastructure – and the development and implementation of policies, procedures and measures to safeguard these assets.
Methods used to understand what controls might be appropriate to protect assets include information classification, risk assessment, risk analysis, and the rating of system vulnerabilities.
In many workplaces, a security manager is tasked with ensuring physical security in a real world environment – protecting not only products and merchandise but also the personal security of employees, visitors and clients or customers in the workplace. The advance of IT over the last 25 years has also created a role for security managers to ensure the protection of digital information, although the level of knowledge and skills required for this role is likely to involve the appointment of a specialist IT security manager.
The security manager, perhaps in liaison with the health and safety and facilities managers, may be responsible for overseeing the work environment, ensuring employees follow safe work behaviours and ensuring compliance with relevant health and safety, security and fire safety standards and legislation.
Security managers will be expected have up-to-date knowledge of their employer’s key systems and technologies, such as access control, intruder detection, perimeter security and CCTV. Managers who have responsibility for the operation of a CCTV control room must ensure their video surveillance systems are used correctly and conform to the Information Commissioner’s Office’s Public Space Surveillance Standards.
In the event of an incident, they will be expected to liaise, cooperate and coordinate with other internal departments, as well as external agencies, such as emergency services.
The regulator: The Security Industry Authority
In the UK, the main regulator of security practice is the Security Industry Authority (SIA), whose duties involve the mandatory licensing of individuals undertaking activities in the private security industry. Licensing covers manned guarding (eg door supervision, personnel protection, the transit of monies and valuables, public space CCTV surveillance, etc), key management and the immobilisation of vehicles.
To gain a license, security operatives will need to provide evidence of the appropriate knowledge, training and qualifications to carry out their duties.
Training and qualifications are a key focus of the Security Institute, the UK’s largest professional membership body for security professionals. Its vision is for the sector, as a whole, to become recognised and respected for its professionalism by government, business and the public.
In November 2014, the Institute launched its Manifesto for Professional Security. As part its manifesto, it has called on education bodies to help it examine the future development of structured learning programmes to upskill the security workforce.
It has also urged government and its agencies to engage in a meaningful and ongoing dialogue to ensure it develops in a way that is fully consistent with the needs of government and society.
Its portfolio of accredited qualifications, which are offered through the Institute’s education partner, Perpetuity Training, include the Certificate in Security Management, the Diploma in Security Management, and the Advanced Diploma in Security Management.
The certificate is designed for anyone relatively new to security, while the Diploma is aimed at those who are seeking to progress in their careers. The Diploma is formally recognised by three UK universities:
Aimed at addressing issues of shrinkage and internal theft, training organisation Skills for Security has recently introduced a two-day ‘investigative interviewing’ course on carrying out internal investigations – from planning interviews, handling witnesses, taking appropriate notes, and dealing with representatives, through to coming up with suitable questions, conducting an interview, and efficient and effective decision-making.
It should be noted that as a regulated industry, the barriers to entry for training organisations in security are relatively low, so organisations should take care to consider the quality of the professional qualification and learning delivered.
In addition to individual qualifications and learning courses, there is also a security management standard for organisations. Published in July 2015, British Standard 16000 provides a generic security management framework, highlighting the essential principles of security management and demonstrating how security can be embedded in an organisation.
It is designed to help support an organisation’s viability, productivity, reputation, resilience and sustainability. It recognises the following: that security management is an important strategic capability; that effective security management is far more than simply reacting to threats and risks; and that organisations can identify opportunities and gain competitive advantage.
The standard covers guidance on:
developing a security framework;
carrying out a risk assessment;
understanding security in the context of an organisation;
implementing and monitoring a security programme; and
introducing security solutions – physical, technical, information, procedural and personnel.
BS 16000 complements existing management standards relating to areas such as the environment, business continuity and risk, including ISO 27001, ISO 14001, ISO 22301, ISO 22313, ISO 31000 and ISO 9001.
Securing executive buy-in: Using quantitative risk information for evidence-based corporate security management
Exploring how professionals can better quantify security risk with qualitative and quantitative measures to secure buy-in from the c-suite.
Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.
Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.
A security management guide: the role, training, certification, degrees and standardsSecurity management is the term most commonly used to describe the role of heads of security and other security professionals. In […]
IFSEC Insider
IFSEC Insider | Security and Fire News and Resources
Related Topics
Paxton employees raise over £9k for Teenage Cancer Trust
Security benefits of installing mesh networks
The Body Shop boosts operational efficiency with locker solution
