Implement security processes within the organisation

URN: SFSSCM4
Business Sectors (Suites): Security Management
Developed by: Skills for Security
Approved on: 2017

Overview

​This NOS sets out the skills, knowledge and understanding for you to oversee the implementation of security processes taking account of working to agreed specifications whilst maintaining compliance with current legal and regulatory requirements.


This NOS is aimed at security managers and those who are involved in the provision of security advice.

This NOS covers the following activities:

1. Plan and implement change within the context of the security function
2. Research and maintain compliance with current legal and regulatory requirements during implementation of security processes
3. Manage the implementation of security processes in accordance with the client's security requirements
4. Co-ordinate implementation of security processes in accordance with agreed project plans
5. Assess the effectiveness of the implementation of the security process


Performance criteria

You must be able to:

Plan and implement change within the context of the security function *


1. identify the procedures, systems, structures and roles that need to be changed
2. determine the rationale and priorities for change with appropriate stakeholders
3. develop strategies and plans that set out the way forward
4. design new work processes and procedures to achieve change
5. assess the risks and benefits associated with change and develop contingency arrangements
6. set timescales and prioritise objectives for change
7. monitor, document and communicate progress to all involved
8. identify, assess and deal with issues and barriers to change
9. make sure change is effective and meets the requirements of the client
10. overcome resistance to change within the client organisation

Research and maintain compliance with current legal and regulatory requirements during implementation of security processes 

11. obtain current legal and regulatory requirements from relevant sources
12. confirm with appropriate stakeholders their legal and regulatory responsibilities before implementation work starts
13. agree arrangements with appropriate stakeholders for monitoring compliance with legal and regulatory requirements
14. agree arrangements with appropriate stakeholders for monitoring compliance with relevant industry standards
15. identify situations which do not meet legal and regulatory requirements and take appropriate action
16. identify situations which do not meet relevant industry standards and take appropriate action
17. identify any new legal and regulatory requirements which may impact on the project and provide this information to the appropriate persons
18. complete required documentation accurately and within agreed timescale
19. maintain the security and confidentiality of relevant information

Manage the implementation of security processes in accordance with the client's security requirements 

20. confirm that people responsible for implementation understand the requirements of relevant specifications before work is started
21. confirm with appropriate stakeholders the responsibilities which individuals have for meeting design requirements and specifications
22. agree with appropriate stakeholders arrangements for monitoring the quality of work and recording the outcomes
23. ensure at agreed intervals that work meets the design requirements and specifications
24. identify work which fails to meet the recommended specifications and agree corrective action
25. inform the client promptly about significant variations from design requirements and specifications, and suggest remedial actions when necessary
26. identify potential improvements and recommend to the client, highlighting benefits of the improvements
27. negotiate and agree amendments to security contract specifications with the client and accurately record relevant details
28. maintain the security and confidentiality of information relevant to the client and their security objectives

Co-ordinate implementation of security processes in accordance with agreed project plans

29. agree arrangements with appropriate stakeholders to monitor and record the progress against agreed project plans
30. identify and determine the implications of any deviations from the project plan 
31. agree with the appropriate stakeholders and implement any action necessary to prevent disruption to the implementation of the project plans
32. inform the appropriate stakeholders at agreed intervals about progress, changes to the operational programme or resource needs and suggest any actions that could improve the implementation of security processes
33. complete required documentation accurately and within agreed timescale
34. maintain the security and confidentiality of relevant information 
35. manage security requirements in accordance with contractual obligations

Assess the effectiveness of the implementation of the security process *

36. monitor the effectiveness of the implementation of the security processes
37. investigate any deviation from the security process, and agree remedial action with responsible persons or appropriate stakeholders 
38. identify potential improvements to security processes and recommend them to the client, emphasising the benefits of the improvements
39. maintain the security of assets whilst implementing new arrangements
40. maintain the security and confidentiality of information relevant to the client and their security objectives


Knowledge and Understanding

You need to know and understand:

Legal and organisational requirements


1. current relevant legislation, regulations, codes of practice, standards and guidelines relating to implementation of security processes

Plan and implement change within the context of the security function *

2. how and why you need to identify areas of change and determine the reasons
3. why change is important to the client
4. the impact of change and how to manage this to achieve a positive outcome
5. the different issues that may arise during the process of change and how to respond to these
6. business critical activities and interdependencies
7. how and why it is important to communicate progress to appropriate stakeholders
8. the rationale for change, the risks and expected benefits
9. the client’s current position relevant to the change programme
10. understand reasons for and causes of resistance to change within the client organisation

Research and maintain compliance with current legal and regulatory requirements during implementation of security processes

11. how and from where to obtain legal and regulatory requirements
12. how and why it is important to confirm the legal and regulatory responsibilities with the appropriate persons
13. how to identify situations which do not meet legal or regulatory requirements and take appropriate action
14. how and why it is important to identify new legal and regulatory requirements which may impact on projects
15. how and why it is important to confirm the relevant industry standards with the appropriate persons
16. how to identify situations which do not meet relevant industry standard requirements and take appropriate action
17. how and why it is important to identify new relevant industry standard requirements which may impact on projects
18. how and why you should complete documentation accurately and within agreed timescale

Manage the implementation of security processes in accordance with the client's security requirements 

19. how and from where to obtain specifications relevant to contracts
20. how and why it is important to confirm the responsibilities for meeting specifications to appropriate persons
21. how and why it is important to discuss with appropriate stakeholders significant variations in project implementation and to provide advice to assist decision making
22. how to identify and recommend potential improvements to the security contract specification to the appropriate stakeholders
23. how and why it is important to identify work which fails to meet specifications and to advise on corrective actions
24. how to ensure work conforms to design requirements and quality standards

Co-ordinate implementation of security processes in accordance with agreed project plans

25. how to identify and measure any deviations from project plan
26. how to evaluate the implications of deviations from project plans
27. how and why you should identify deviations which may disrupt the project and agree and implement any necessary action
28. how to identify resource needs and how to identify alternative resources
29. how to identify and recommend improvements to the stakeholders
30. how and why it is important to manage security requirements in accordance with procurement and contractual obligation

Assess the effectiveness of the implementation of the security process 

31. how to investigate any deviation from the security process and implement appropriate action 
32. how to identify realistic opportunities for improving security processes and recommend them to the client
33. why it is important to maintain the security of assets when implementing new arrangements

Confidentiality of information*

34. how and why you should maintain the security and confidentiality of information


Scope/range


Scope Performance


Scope Knowledge


Values


Behaviours


Skills


Glossary

​In these National Occupational Standards;


appropriate persons: someone who may wish to be informed and includes but not exclusive to; clients, contractors, consultants, sub-contractors, suppliers, staff, client's press officer, senior manager

assets: anything with value, tangible or intangible, in need of protection can include but not exclusive to; people, information, property and reputation

impact: the effect of expected damage, harm or loss

responsible person: someone who will be required to take specific action having been informed and includes but not exclusive to; manager, director, partner, stakeholder, board

risk: the likelihood of an event occurring presenting the potential to affect any person, property or other asset entailing a degree of damage, harm or loss

specification: the specific detail contained within an clients processes or design requirements

stakeholder: an organisation or individual which may include client, contractor, consultant, sub-contractor, suppliers, workforce, agent, management


Links To Other NOS


External Links


Version Number

2

Indicative Review Date

2020

Validity

Current

Status

Original

Originating Organisation

Skills for Security

Original URN

SFS SCM 4

Relevant Occupations

Elementary Occupations, Elementary Sales Occupations, Security Managers

SOC Code


Keywords

Compliance; effectiveness; implementation; legal; management; plans, processes; regulatory; security