Protect Duty: Role of the Security Consultant
The Protect Duty will establish requirements for security professionals to carry out risk assessments and proportionate mitigation measures for Publicly Accessible Locations. But how do we identify who is a suitably qualified security professional to carry out this role? And which public or professional organisation should carry it out?
Bill Nelson CSyP MSyI, who runs his own security consulting practice, lays out his views on the matter. The opinions expressed are those of the author. They do not represent the views of the individuals and organisations mentioned in the article.
Who would design a new building without employing a Fire Engineer or an HSE Consultant? Sadly, security has never enjoyed that same regulated status as Fire or HSE and is often overlooked or added as an afterthought – and then a few cameras are ‘thrown in’ and job done. The time is right to rectify this.
It is only now, in the wake of the Manchester Arena bombing and the subsequent Saunders Report, along with the tireless efforts of Figen Murray OBE, whose son Martyn Hett was killed that night, that the Protect Duty has been introduced, and hopefully it will go through Parliament later this year. Although not yet fully promulgated, it is understood that the intent of the new law is to require Owners and Operators of designated Publicly Accessible Locations (PALs) to conduct Counterterrorist Risk Assessments and implement ‘proportionate’ mitigation measures.
This article, however, is not about the Protect Duty per se. It is about how we establish the requirements for the individuals who will conduct these Counterterrorist Risk Assessments and design the ‘proportionate’ mitigation measures.
The Saunders Report was damming of the Risk Assessments carried out at the Manchester Arena – both generally and for the Ariana Grande concert itself – and of the lack of measures in place to counter the threat from a suicide bomber.
‘It was inadequate; it failed to adopt a rigorous approach to the assessment of the risk of terrorist attack and did not identify what steps should be taken to reduce the risk.’
‘It was inadequate: it did not identify the threat from terrorism as a potential hazard and had descended into a box ticking exercise.’
Yet these assessments and plans were drawn up by so called security ‘professionals’. My question is – what constitutes a ‘Security Professional’?
To me, it seems ironic that even the most newly appointed security guard must, by law, be trained and licensed by the Security Industry Authority (SIA), yet the individuals who are responsible for the overall planning of security at large PALs or major events, under current law require no security qualification or experience whatsoever. Anyone can call themselves a Security Manager or a Security Consultant.
It is clear that this situation cannot continue. However, what is not clear is how change can be planned and implemented. That is probably why it has not been addressed before now – it has fallen into the ‘too difficult’ category. One of the issues is in defining what a Security Consultant is: there are many types of individuals who advise on many types of security – Security Design, Security Operations, Security Management, Close Protection, Maritime Security, Airport Security, HNW Individual Security etc. etc. – they can all be termed Security Consultants.
It is the same for Security Managers – there are many different types for many different functions and locations. So how can we possibly ensure that everyone has the right qualifications and experience? As at today, we cannot; therefore, we must establish priorities.
Those who consult with or manage PALs should be the first priority for being regulated – since these are the spaces which will be governed by the Protect Duty in the first instance and where the consequence of terrorist attack can be catastrophic. NaCTSO has stated that there are 93,000 PALs in the UK.
Clearly, not all will employ a Security Manager or require the services of a Security Consultant. Hopefully this will be defined and specified in the Duty when it is published.
For PALS that will require security consultancy, my proposals for how the requirements could be categorised are as follows:
Proposals for Requirements for Managers of PALs
|Type of PAL||Manager Requirement|
|Entry Level Qualification + min 2 years’ experience.|
|Medium Venues||Intermediate Level Qualification + min 5 years’ experience|
|Large/Multi-Site Venues||Advanced Level Qualification/Chartership + more than 5 years’ experience|
Proposals Requirements for Consultants of PALs
|Type of PAL||Consultant Requirements|
|Entry Level Qualification + min 2 years’ experience. Work overseen / approved by Intermediate or Advanced Level Consultant|
|Medium Venues||Intermediate Level Qualification + min 5 years’ experience. Work approved by Advanced Level Consultant|
|Large/Multi-Site Venues||Advanced Level Qualification / Chartership + more than 5 years’ experience|
I also propose that all qualification requirements from entry level through to advanced level should be determined by NaCTSO in consultation with other agencies.
This is very broad brush and requires much refinement, but as they say ‘the longest journey starts with the first step’, and I believe this could be a viable first step.
Agencies to consult
On the consultation front, with NaCTSO in the driving seat, the most appropriate bodies to be included in the consultation process are:
- The Security Institute – as the principal professional body in the UK. Its recent move to administer the SABRE programme reinforces its importance.
- The Register of Security Engineers and Specialists – from which in-depth technical counterterrorism expertise is provided.
- ASIS UK
- The Association of Security Consultants
- The Security Industry Authority – which has the experience of implementing current security legislation.
Administering the System
Having established the requirements for Security Managers and Security Consultants dealing with PALs, the next issue will be how to administer the system. Which body will manage the process?
The SIA currently is the Licensing Authority, but at the moment it does not have the organic expertise or capacity to assess the qualifications and experience of literally thousands of potential applicants. NaCTSO certainly has the required expertise, but probably not the capacity. Therefore, it may be appropriate perhaps to follow the example of SABRE, where the Security Institute will be responsible for dealing with applications for licensing and listing of companies and individual Assessors / Professionals, whilst BRE remains the scheme’s certification body.
Under my proposal, the Security Institute would assume the responsibility for assessing the qualifications and experience of candidates for their suitability as Security Managers or Consultants for PALs, under the guidance and auspices of NaCTSO, while NaCTSO itself retains certification and licensing authority, possibly in conjunction with SIA.
The scale of this undertaking cannot be overestimated. The requirement to categorise individual PALs, set the relevant standards and process the large numbers of applicants will be both resource and time-consuming. But it must be done. Otherwise, the efforts of Figen Murray and all the others who pushed for so long to get Martyn’s Law introduced as the Protect Duty, will have been in vain. Without properly qualified and experienced individuals in these key roles, the Duty may become another box-ticking exercise, with another Manchester Arena as a result. This cannot be allowed to happen.
Bill Nelson CSyP MSyI
Managing partner, Rose Associates International Ltd.
Read article: Figen Murray responds to the Protect Duty consultation
Read article: Martyn’s Law and the Security Sector