A security management guide: the role, training, certification, degrees and standards

IFSEC Global

Author Bio ▼

IFSEC Global is the online community for the Security and Fire industry. Our market-leading live events span the globe, connecting buyers and sellers.
October 25, 2016

Sign up to free email newsletters


Want a Future-Proof Cyber Security Strategy? Look at Physical Security Now

Security management is the term most commonly used to describe the role of heads of security and other security professionals. In this guide we explore the scope of the roles, training, qualifications and standards of a group also know within the industry as ‘end users’.

Security management: what does it involve?

The role of security management involves the identification of one’s assets – buildings, people, products, information and infrastructure – and the development and implementation of policies, procedures and measures to safeguard these assets.

Methods used to understand what controls might be appropriate to protect assets include information classification, risk assessment, risk analysis, and the rating of system vulnerabilities.

In many workplaces, a security manager is tasked with ensuring physical security in a real world environment – protecting not only products and merchandise but also the personal security of employees, visitors and clients or customers in the workplace. The advance of IT over the last 25 years has also created a role for security managers to ensure the protection of digital information, although the level of knowledge and skills required for this role is likely to involve the appointment of a specialist IT security manager.

The security manager, perhaps in liaison with the health and safety and facilities managers, may be responsible for overseeing the work environment, ensuring employees follow safe work behaviours and ensuring compliance with relevant health and safety, security and fire safety standards and legislation.

Security managers will be expected have up-to-date knowledge of their employer’s key systems and technologies, such as access control, intruder detection, perimeter security and CCTV. Managers who have responsibility for the operation of a CCTV control room must ensure their video surveillance systems are used correctly and conform to the Information Commissioner’s Office’s Public Space Surveillance Standards.

In the event of an incident, they will be expected to liaise, cooperate and coordinate with other internal departments, as well as external agencies, such as emergency services.

The regulator: The Security Industry Authority

In the UK, the main regulator of security practice is the Security Industry Authority (SIA), whose duties involve the mandatory licensing of individuals undertaking activities in the private security industry. Licensing covers manned guarding (eg door supervision, personnel protection, the transit of monies and valuables, public space CCTV surveillance, etc), key management and the immobilisation of vehicles.

To gain a license, security operatives will need to provide evidence of the appropriate knowledge, training and qualifications to carry out their duties.

In 2014 IFSEC Global produced a report in conjunction with the SIA that provided valuable information and insights around the Regulator’s licensing regime.

Training and qualifications

Training and qualifications are a key focus of the Security Institute, the UK’s largest professional membership body for security professionals. Its vision is for the sector, as a whole, to become recognised and respected for its professionalism by government, business and the public.

In November 2014, the Institute launched its Manifesto for Professional Security. As part its manifesto, it has called on education bodies to help it examine the future development of structured learning programmes to upskill the security workforce.

It has also urged government and its agencies to engage in a meaningful and ongoing dialogue to ensure it develops in a way that is fully consistent with the needs of government and society.

Its portfolio of accredited qualifications, which are offered through the Institute’s education partner, Perpetuity Training, include the Certificate in Security Management, the Diploma in Security Management, and the Advanced Diploma in Security Management.

The certificate is designed for anyone relatively new to security, while the Diploma is aimed at those who are seeking to progress in their careers. The Diploma is formally recognised by three UK universities:

  • Bucks New University;
  • the University of Portsmouth; and
  • the University of Leicester.

Perpetuity Training became the first private organisation to launch its masters degree in security management when it introduced International Security and Risk Management at IFSEC 2016 (see video below).

Aimed at addressing issues of shrinkage and internal theft, training organisation Skills for Security has recently introduced a two-day ‘investigative interviewing’ course on carrying out internal investigations – from planning interviews, handling witnesses, taking appropriate notes, and dealing with representatives, through to coming up with suitable questions, conducting an interview, and efficient and effective decision-making.

Security management standards

It should be noted that as a regulated industry, the barriers to entry for training organisations in security are relatively low, so organisations should take care to consider the quality of the professional qualification and learning delivered.

In addition to individual qualifications and learning courses, there is also a security management standard for organisations. Published in July 2015, British Standard 16000 provides a generic security management framework, highlighting the essential principles of security management and demonstrating how security can be embedded in an organisation.

It is designed to help support an organisation’s viability, productivity, reputation, resilience and sustainability. It recognises the following: that security management is an important strategic capability; that effective security management is far more than simply reacting to threats and risks; and that organisations can identify opportunities and gain competitive advantage.

The standard covers guidance on:

  • developing a security framework;
  • carrying out a risk assessment;
  • understanding security in the context of an organisation;
  • implementing and monitoring a security programme; and
  • introducing security solutions – physical, technical, information, procedural and personnel.

BS 16000 complements existing management standards relating to areas such as the environment, business continuity and risk, including ISO 27001, ISO 14001, ISO 22301, ISO 22313, ISO 31000 and ISO 9001.

Related Topics

Leave a Reply

Notify of

Sign up to free email newsletters