Manage the effectiveness of security provision within the organisation

URN: SFSSCM5
Business Sectors (Suites): Security Management
Developed by: Skills for Security
Approved on: 01 Jan 2017

Overview

​This NOS sets out the skills, knowledge and understanding for you to determine the effectiveness of security processes and encourages you to determine the quality and relevance of security provision against given criteria.


This NOS is aimed at security managers and those who are involved in the provision of security advice.

This NOS covers the following activities:

1. Determine the quality and relevance of security provision
2. Identify, report and rectify weakness in security provision
3. Maintain effective arrangements for security provision


Performance criteria

You must be able to:

Determine the quality and relevance of security provision


1. collate and take account of relevant information sufficient to determine the effectiveness of current security arrangements
2. carry out sufficient and appropriate actions to verify the effectiveness of current security arrangements
3. obtain other specialist help and advice when needed
4. compare capabilities of current security measures against agreed security aims and objectives or criteria
5. inform the client promptly of situations where there are significant risks to assets
6. identify and record accurate details of any limitations or restrictions in the effectiveness of current security arrangements
7. produce reports in a style and format that assists the client and other relevant persons understand the effectiveness and limitations of current security provision
8. maintain the security and confidentiality of information relating to security provision 

Identify, report and rectify weakness in security provision

9. collate and analyse relevant information from different sources to identify weaknesses in security provision
10. identify limitations or restrictions that affect the security provision
11. categorise weaknesses to determine potential processes
12. present details of weaknesses in a presentation to the responsible person in a style that assists others to understand the potential weaknesses in current security provision
13. inform the client immediately of situations where there is a critical weakness in security provision
14. maintain the security and confidentiality of information relating to security provision
15. rectify identified weaknesses in security provision

Maintain effective arrangements for security provision

16. monitor and review the security policies and the effectiveness of the processes in the client organisation 
17. monitor the resources required to maintain a standard of service in line with the organisational policies and procedures
18. manage information security processes as required by the client
19. manage and communicate objectives during periods of disruption
20. provide suitable resources to ensure asset, personnel and information security
21. manage and respond appropriately to incidents and events which disrupt business activities 
22. facilitate Continuous Professional Development of your team
23. assess the need and obtain other specialist help and advice as appropriate
24. manage capabilities to meet variable demands against agreed security aims and objectives
25. manage and control expenditure within agreed limits
26. produce reports in a style and format that assists the client and other relevant persons to understand the effectiveness and limitations of current security provision
27. maintain the security and confidentiality of information relating to security provision
28. collate all relevant incident information to facilitate the post incident debriefing process. 
29. carry out audit and risk assessments reviewing current procedures and working practice as appropriate


Knowledge and Understanding

You need to know and understand:

Legal and organisational requirements


1. current relevant legislation, regulations, codes of practice, standards and guidelines relating to the security policies of the client 
2. current relevant legislation, regulations, codes of practice, standards and guidelines relating to whom you should present your findings
3. the basic principles of information security policies and processes as required by the client

Determine the quality and relevance of security provision

4. how to identify and take account of the limitations or restrictions in the effectiveness of security processes and arrangements
5. how and why it is important to balance security options against aims and objectives 
6. how to compare security arrangements against given security objectives
7. how to produce reports in a clear and concise manner and in different formats

Identify, report and rectify weakness in security provision

8. how and why it is important to use different sources to identify weaknesses in security provision
9. how and why it is important to consider the limitations or restrictions that may be a potential weakness to current security provision
10. how to categorise weaknesses and determine potential processes
11. who to present your findings to
12. how and why it is important to rectify and identify the weaknesses in security provision

Maintain effective arrangements for security provision

13. how to identify and legislate for the limitations or restrictions in the effectiveness of security processes and arrangements
14. how to manage and control financial expenditure within agreed budgets
15. how to adapt to changing circumstances
16. how to effectively respond to internal and external incidents and threats that may have implications for the client
17. how to evaluate security arrangements against the clients security objectives
18. how and why it is important to ensure accurate and complete note taking during events and Incidents as part of the information and evidence gathering process 

Confidentiality of information

19. how and why you should maintain the security and confidentiality of information relating to security provision within the client organisation 


Scope/range


Scope Performance


Scope Knowledge


Values


Behaviours


Skills


Glossary

​In these National Occupational Standards;


assets: anything with value, tangible or intangible, in need of protection can include but not exclusive to; people, information, property and reputation

incidents: a spontaneous event which is likely to be the result of but not exclusive to; an accident, attack, threatening behaviour, breach of security, criminal activity, fire, flood, natural disaster, death or injury, crime, breaches of civil law, breaches of company rules and procedures

policies and procedures: a set of written instructions and processes which may include but not exclusive to; Assignment Instructions, Standard Operating Procedures, Operational Requirements, Memorandum Of Understanding and Service Level Agreements

relevant persons: someone who may be required to be informed and includes but not exclusive to; stakeholders, managers, workforce, suppliers, contractors, partners, agencies supervisor, manager, client, law enforcement agencies, statutory bodies, agencies

responsible person: someone who will be required to take specific action having been informed and includes but not exclusive to; manager, director, partner, stakeholder, board

risk: the likelihood of an event occurring presenting the potential to affect any person, property or other asset entailing a degree of damage, harm or loss

threat: an indication of the potential for damage, harm or loss


Links To Other NOS


External Links


Version Number

2

Indicative Review Date

01 Jan 2020

Validity

Current

Status

Original

Originating Organisation

Skills for Security

Original URN

SFS SCM 5

Relevant Occupations

Elementary Occupations, Elementary Security Occupations, Security Manager

SOC Code


Keywords

Effectiveness; management; processes; provisions; security