Provide security solutions to mitigate risks to the business

URN: SFSSCM3
Business Sectors (Suites): Security Management
Developed by: Skills for Security
Approved on: 01 Jan 2017

Overview

​This NOS sets out the skills, knowledge and understanding for you to research relevant data to meet the client's objectives, determine outline costs and provide recommended security solutions to meet the client's business objectives.


This NOS is aimed at security managers and those who are involved in the provision of security advice.

This NOS covers the following activities:

1. Research options to meet the security objectives
2. Determine potential costs, benefits and effectiveness of security solutions
3. Make recommendations for meeting the security objectives 
4. Develop and implement operational plans to meet your security objectives


Performance criteria

You must be able to:

Research options to meet the security objectives


1. confirm that you have complete and accurate details of and understand the security objectives
2. research relevant information required to meet the security objectives based on the evaluation of assets, threats, vulnerabilities and security risks
3. consider and recommend options that are appropriate
4. identify and record details of constraints that may have an impact on the business and security options
5. maintain the security and confidentiality of information relating to the security objectives

Determine potential costs, benefits and effectiveness of security solutions 

6. confirm you have sufficient accurate information on which to determine potential costs, benefits and effectiveness of recommended security solutions
7. identify and determine the outline of costs for a proposed business case, based on valid information
8. identify and determine the cost, potential benefits, and effectiveness of recommended security solutions, based on valid assumptions, considerations and information, including possible constraints
9. identify, assess and record the details of any areas of concern affecting the potential effectiveness of recommended security solutions
10. maintain the security and confidentiality of information relating to your recommendations

Make recommendations for meeting the security objectives

11. prepare recommendations that have the potential to meet the security objectives of the client
12. provide details of costs, benefits, effectiveness, limitations and constraints of recommendations
13. provide clear statements of operational requirements for solutions
14. provide recommendations of security solutions in an agreed format to the responsible person within agreed timescales
15. provide sufficient details and supporting information to the client to enable them to make informed decisions about your recommendations
16. provide the client with considered advice on the implications of accepting, modifying or rejecting security recommendations
17. provide the client with objective information
18. take account of the client’s values, culture and nature of business
19. maintain the security and confidentiality of information relating to your client and recommendations

Develop and implement operational plans to meet your security objectives

20. develop an operational plan to meet the security objectives, values and culture of the client 
21. communicate the operational plans with supportive security objectives to appropriate persons
22. make sure your plans are consistent with the security objectives of your area of responsibility
23. develop and assign responsibilities to appropriate persons together with the associated resources
24. monitor and manage your plan so that it achieves its overall security objectives


Knowledge and Understanding

You need to know and understand:

Legal and organisational requirements


1. current relevant legislation, regulations, codes of practice, standards and guidelines relating to security provision
2. why it is important to take account of the client’s values, culture and nature of business
3. legal, regulatory and ethical requirements of the client
4. the overall vision of the client and the security objectives you are responsible for achieving

Research options to meet the security objectives

5. how and why it is important to determine relevant information requirements when researching options to meet the security objectives
6. how to search and find information relating to the client’s needs and requirements
7. how and why it is important to identify and record details of constraints that may impact on the recommended security options

Determine potential costs, benefits and effectiveness of security solutions

8. how and why it is important to confirm you have sufficient information to determine potential costs, benefits and effectiveness of security solutions
9. how and why it is important to identify the expected costs and resources needed to meet the security provision 
10. how and why it is important to identify and assess the impact of any areas of concern affecting the recommended security solutions
11. how and why it is important to take into account constraints when identifying security solutions
12. how and why it is important to identify life cycle costs of security solutions

Make recommendations for meeting the security objectives

13. how and why it is important to consider the expected costs and resources needed to meet the security provision 
14. how to record and store information in a suitable format
15. how and why it is important to present your recommendations in a clear and precise manner
16. how and why it is important to provide information which is objective
17. how and why it is important to provide operational requirements

Develop and implement operational plans to meet your security objectives

18. how and why is important to assign security objectives which are Specific, Measureable, Achievable, Relevant and Timed (SMART)
19. how and why you should monitor and manage operational plans to achieve your security objective
20. how and why it is appropriate to communicate your operational plans effectively
21. how and why it is important to use resources effectively to achieve your security objectives

Confidentiality of information

22. how and why you should maintain the security and confidentiality of information
23. how and why it is important to maintain the security and confidentiality relating to your recommendations
24. how to record and store information in a suitable format


Scope/range


Scope Performance


Scope Knowledge


Values


Behaviours


Skills


Glossary

​In these National Occupational Standards;


appropriate persons: someone who may wish to be informed and includes but not exclusive to; clients, contractors, consultants, sub-contractors, suppliers, staff, client's press officer, senior manager

assets: anything with value, tangible or intangible, in need of protection can include but not exclusive to; people, information, property and reputation

impact: the effect of expected damage, harm or loss

responsible person: someone who will be required to take specific action having been informed and includes but not exclusive to; manager, director, partner, stakeholder, board

risk: the likelihood of an event occurring presenting the potential to affect any person, property or other asset entailing a degree of damage, harm or loss

threat: an indication of the potential for damage, harm or loss

vulnerabilities: a weakness that could be exploited to damage or harm an asset or to cause loss


Links To Other NOS


External Links


Version Number

2

Indicative Review Date

01 Jan 2020

Validity

Current

Status

Original

Originating Organisation

Skills for Security

Original URN

SFS SCM 3

Relevant Occupations

Elementary Occupations, Elementary Security Occupations, Security Manager

SOC Code


Keywords

Benefits; costs, effectiveness, operational plans, security, solutions