Provide security solutions to mitigate risks to the business
URN: SFSSCM3
Business Sectors (Suites): Security Management
Developed by: Skills for Security
Approved on:
01 Jan 2017
Overview
This NOS sets out the skills, knowledge and understanding for you to research relevant data to meet the client's objectives, determine outline costs and provide recommended security solutions to meet the client's business objectives.
This NOS is aimed at security managers and those who are involved in the provision of security advice.
This NOS covers the following activities:
1. Research options to meet the security objectives
2. Determine potential costs, benefits and effectiveness of security solutions
3. Make recommendations for meeting the security objectives
4. Develop and implement operational plans to meet your security objectives
Performance criteria
You must be able to:
Research options to meet the security objectives
1. confirm that you have complete and accurate details of and understand the security objectives
2. research relevant information required to meet the security objectives based on the evaluation of assets, threats, vulnerabilities and security risks
3. consider and recommend options that are appropriate
4. identify and record details of constraints that may have an impact on the business and security options
5. maintain the security and confidentiality of information relating to the security objectives
Determine potential costs, benefits and effectiveness of security solutions
6. confirm you have sufficient accurate information on which to determine potential costs, benefits and effectiveness of recommended security solutions
7. identify and determine the outline of costs for a proposed business case, based on valid information
8. identify and determine the cost, potential benefits, and effectiveness of recommended security solutions, based on valid assumptions, considerations and information, including possible constraints
9. identify, assess and record the details of any areas of concern affecting the potential effectiveness of recommended security solutions
10. maintain the security and confidentiality of information relating to your recommendations
Make recommendations for meeting the security objectives
11. prepare recommendations that have the potential to meet the security objectives of the client
12. provide details of costs, benefits, effectiveness, limitations and constraints of recommendations
13. provide clear statements of operational requirements for solutions
14. provide recommendations of security solutions in an agreed format to the responsible person within agreed timescales
15. provide sufficient details and supporting information to the client to enable them to make informed decisions about your recommendations
16. provide the client with considered advice on the implications of accepting, modifying or rejecting security recommendations
17. provide the client with objective information
18. take account of the client’s values, culture and nature of business
19. maintain the security and confidentiality of information relating to your client and recommendations
Develop and implement operational plans to meet your security objectives
20. develop an operational plan to meet the security objectives, values and culture of the client
21. communicate the operational plans with supportive security objectives to appropriate persons
22. make sure your plans are consistent with the security objectives of your area of responsibility
23. develop and assign responsibilities to appropriate persons together with the associated resources
24. monitor and manage your plan so that it achieves its overall security objectives
Knowledge and Understanding
You need to know and understand:
Legal and organisational requirements
1. current relevant legislation, regulations, codes of practice, standards and guidelines relating to security provision
2. why it is important to take account of the client’s values, culture and nature of business
3. legal, regulatory and ethical requirements of the client
4. the overall vision of the client and the security objectives you are responsible for achieving
Research options to meet the security objectives
5. how and why it is important to determine relevant information requirements when researching options to meet the security objectives
6. how to search and find information relating to the client’s needs and requirements
7. how and why it is important to identify and record details of constraints that may impact on the recommended security options
Determine potential costs, benefits and effectiveness of security solutions
8. how and why it is important to confirm you have sufficient information to determine potential costs, benefits and effectiveness of security solutions
9. how and why it is important to identify the expected costs and resources needed to meet the security provision
10. how and why it is important to identify and assess the impact of any areas of concern affecting the recommended security solutions
11. how and why it is important to take into account constraints when identifying security solutions
12. how and why it is important to identify life cycle costs of security solutions
Make recommendations for meeting the security objectives
13. how and why it is important to consider the expected costs and resources needed to meet the security provision
14. how to record and store information in a suitable format
15. how and why it is important to present your recommendations in a clear and precise manner
16. how and why it is important to provide information which is objective
17. how and why it is important to provide operational requirements
Develop and implement operational plans to meet your security objectives
18. how and why is important to assign security objectives which are Specific, Measureable, Achievable, Relevant and Timed (SMART)
19. how and why you should monitor and manage operational plans to achieve your security objective
20. how and why it is appropriate to communicate your operational plans effectively
21. how and why it is important to use resources effectively to achieve your security objectives
Confidentiality of information
22. how and why you should maintain the security and confidentiality of information
23. how and why it is important to maintain the security and confidentiality relating to your recommendations
24. how to record and store information in a suitable format
Scope/range
Scope Performance
Scope Knowledge
Values
Behaviours
Skills
Glossary
In these National Occupational Standards;
appropriate persons: someone who may wish to be informed and includes but not exclusive to; clients, contractors, consultants, sub-contractors, suppliers, staff, client's press officer, senior manager
assets: anything with value, tangible or intangible, in need of protection can include but not exclusive to; people, information, property and reputation
impact: the effect of expected damage, harm or loss
responsible person: someone who will be required to take specific action having been informed and includes but not exclusive to; manager, director, partner, stakeholder, board
risk: the likelihood of an event occurring presenting the potential to affect any person, property or other asset entailing a degree of damage, harm or loss
threat: an indication of the potential for damage, harm or loss
vulnerabilities: a weakness that could be exploited to damage or harm an asset or to cause loss
Links To Other NOS
External Links
Version Number
2
Indicative Review Date
01 Jan 2020
Validity
Current
Status
Original
Originating Organisation
Skills for Security
Original URN
SFS SCM 3
Relevant Occupations
Elementary Occupations, Elementary Security Occupations, Security Manager
SOC Code
Keywords
Benefits; costs, effectiveness, operational plans, security, solutions