General Security Guidance

 

Threat Vulnerability and Risk Assessment

Summary of the steps involved in conducting a TVRA:

1. Gather Information: Collect information about the building, its location, occupancy, and other relevant data. This includes the building layout, access points, critical systems, and any previous security incidents.

2. Identify Threats: Analyze the building and its surroundings to identify potential threats, including natural disasters, criminal activity, and terrorism.

3. Evaluate Vulnerabilities: Evaluate the building’s physical and operational vulnerabilities, including its access control systems, communication systems, and critical infrastructure.

4. Assess Risks: Assess the likelihood and potential impact of each threat and vulnerability, taking into account factors such as the building’s location, occupancy, and security measures in place.

5. Recommend Mitigation Measures: Based on the results of the TVRA, recommend mitigation measures to reduce the risks identified. This can include installing security systems, implementing security protocols, and conducting staff training.

6. Monitoring and Review: Regularly review and update the TVRA to account for changes in the building, its surroundings, and the threat environment.

It is important to note that a TVRA is a complex process that requires expertise and experience in security engineering and assessment. It is recommended to engage a qualified RSES security consultant or engineer to conduct a comprehensive and accurate TVRA.

Protect UK

In the last decade the threat of terrorism has evolved. The threat is very real, and can affect anyone, in any place, at any time.

When looking at the evolution of the type of threats the nation faces, we have seen that it has become less target focused, with recent attack methodology evolving from directed, large scale attacks, to low sophistication attacks.

This change of threat and approach means that we have to adapt the way in which we help to prepare and protect the UK. Everyone has the ability to help to counter terrorism, and through awareness and knowledge, you too can help to keep people safe.

Partnership is at the core of NPSA’s work, and supporting NPSA with their goal to further protect the UK, is the Counter Terrorism Alliance, a joint partnership between the National Counter Terrorism Security Office, the Home Office and Pool Reinsurance, a terrorism risk insurance company.

ProtectUK is the new, free to use counter terrorism and security hub, offering on demand access to authoritative guidance, advice and much more in one central location.

ProtectUK has incorporated the award winning ACT Awareness e-Learning onto the platform. Businesses have often signposted the ACT products as a key educational tool that has helped their staff be aware and react to potential threats at their locations, showing just how important it is for business and their staff to increase their awareness of counter terrorism best practice, and to ensure that they are security minded in all that they do.

Preparation is a key element to help protect a business. CPNI have developed a Risk Management Model, taking businesses through the 7 key stages that should be taken into account to help manage and mitigate the risks of terrorism. Included in the Risk Management Model are tailored examples of risk assessments, helping you to ensure that you and members of staff are following the correct internal checks to a high standard.

ProtectUK is an ever evolving platform, and one that requires your support to help shape its future. Through the platform you can share your feedback directly with the team, send suggestions for additional content and make requests for further guidance that you feel would benefit your business.

There are a range of assets available on the ProtectUK platform via our Digital Toolkit to support the promotion of the platform. To access the toolkit please visit https://www.protectuk.police.uk/news-views/protectuk-digital-toolkit

Insider Threat

An insider threat refers to a security risk that originates from within an organization. This type of threat can take many forms, such as a malicious employee, a careless mistake by a trusted staff member, or a vendor with access to sensitive information. Insider threats can be particularly damaging because the individuals involved often have authorized access to critical systems and data.

Insider threats can cause harm to an organization in many ways, including theft of sensitive information, sabotage of systems, and unauthorized access to confidential records. To mitigate the risk of an insider threat, organizations must have effective security measures in place, such as employee background checks, regular security awareness training, and strict access controls. Additionally, organizations should have processes in place to detect and respond to potential insider threats quickly and efficiently.

It’s important to understand that insider threats can come from any level of the organization, and they can be intentional or unintentional. By taking proactive steps to prevent and detect insider threats, organizations can protect their assets, data, and reputation.

For more information on the Insider Threat please visit  Insider Risk | CPNI  

Protection from Blast

Explosives are used by terrorists to target people, buildings and other infrastructure and to generate fear and publicity. Mostly, terrorists will construct improvised weapons, known as Improvised Explosive Devices (IEDs). The design (size, type of explosives, use of fragmentation, means of initiation etc) and deployment (targeting, tactics etc) of IEDs will vary greatly between terrorist groups, their geographic location/operating environment and the effect they seek on an intended target. 

When developing any requirements for blast protection, it is important to decide which weapons and delivery method need to be addressed.  These include for example:

  • Person Borne Improvised Explosive Devices (PBIED)
  • Vehicle Borne Improvised Explosive Devices (VBIED)
  • Hand Delivered Improvised Explosive Devices (HDIED)
  • Under Vehicle Improvised Explosive Devices (UVIED)
  • Postal/mail delivered Improvised Explosive Devices
  • Grenades (including improvised)
  • Shaped charges
  • Mortars and improvised mortars (both direct and indirect fire)
  • Rockets
  • Improvised Incendiary Devices (technically these are incendiary devices rather than blast weapons)

Guidance on the likelihood and tactical use of the above against a given target should be sought from your local police Counter Terrorism Security Adviser.

When developing physical protection and/or mitigation from such weapons, it is important to maximise stand-off distance, as this is likely to produce the lowest cost solution and greatest risk reduction. Further measures that can be taken to reduce harm to individuals or damage to the assets, include:

  • Use of search and screening to detect weapons
  • Use of hostile vehicle mitigation to enforce stand-off from VBIEDs
  • Designing facility/building entry points to minimise the impact of an attack 
  • Use of blast resistant glass to protect occupants from hazardous glass fragments
  • Designing the structural frame against progressive collapse
  • Use of blast resistant doors and walls, to protect the most important assets or protected spaces
  • Design of mail screening facilities to minimise the impact of an attack
  • Designing local infrastructure to be more resilient to attack
  • Use of blast resistant litter bins
  • Further information on each of these areas is available via the page links.

Where a facility/asset requires protection from a range of threats, including for example firearms, forced entry etc, then these multiple requirements should be determined from the outset, as it is common for these to cause conflicting protection needs.

It is recommended that if your site/facility requires blast protection, that you employ a Register of Security Engineers and Specialists for more information – RSES-Company-Competence-List.pdf (ice.org.uk)