Defence Security Profession Competency Framework V 1 0

Defence Security Profession Competency Framework V 1. 0 November 2018

Defence Security Profession Competency Framework

Contents Foreword Our Vision , Our Mission How to use the Framework Part 1 - Security Fundamentals Framework Part 1 - Security Specialisms Competency Framework

Foreword Defence’s key role is to protect UK interests, but we also have to protect ourselves from the threats to Defence. Protecting Defence interests through effective security and resilience policy is vital for delivering success on military operations, safe guarding lives at home and for ensuring that Defence as a “whole force” is managed as efficiently and effectively as possible. Security and resilience is everyone’s responsibility so this Security Functional Competence Framework is therefore applicable to the generalist and security specialist alike. The framework’s purpose is to enable Defence Staff to evaluate their existing knowledge and experience and to provide them with a “handrail” to plan their personal and functional development requirements. It replaces the Specialisation Functional Competences issued in May 2007 and is supported by the Ministry of Defence Guard Service Functional Competence Framework, Nuclear Safety and Security Competency Frameworks and Security Services Group Functional Framework. An accompanying Defence Security Profession Training Catalogue has also been published and is designed to compliment the competence levels described in this framework. Vincent Devine Director of Security & Resilience

The Directorate of Security and Resilience (DSR) Our Vision “A dynamic profession which engages, supports and inspires the existing security community and attracts diverse talent into a security career within Defence” “To support and strengthen the professional security community within the Ministry of Defence” Our Mission

How to Use the Framework

How to use this framework Part 1 details the knowledge that all staff should have to safeguard Defence personnel, information and capabilities. Foundation – “The Fundamentals” Applies to all MOD Staff and is the level of awareness and understanding of security, sufficient to apply technical knowledge successfully in delivery of an activity and/or limited practical experience in the subject area. Part 2 details the knowledge and experience required of those personnel in a security role, against the Security Profession Competency Framework. These levels are weighted to allow individuals to benchmark their current capability and identify areas for development. Specialist – Awareness Demonstrates sufficient knowledge, understanding and practical experience to conduct practical delivery across a range of tasks, both supervised and unsupervised. Specialist - Practitioner Displays detailed knowledge and understanding. Performs with experience and effectiveness in wide activities within different range of work situations unsupervised. Specialist – Expert Displays extensive knowledge, critical understanding and experience to successfully deliver novel and complex activities and are seen as a role model for others.

Part 1: Defence Security Fundamentals Competency Framework

Defence Security Fundamentals Competency Framework Security Fundamentals Knowledge and experience that all MOD Staff should have to help safeguard Defence people, information and capabilities Generalist • Adheres to the principles and objectives of security. Physical & Operational • Mitigates against the generic threats to Defence: • Demonstrates awareness of security culture through integration in working practices. • Terrorism; • Applies the basic concepts of risk ownership and risk appetite through appropriate mitigation. • Subversion; • Carries out individual’s duty and process for security risk reporting and escalation. Underpinning knowledge Personnel Security • • Espionage; • Sabotage • • Serious and Organised Crime. • Implements physical security controls applicable to their business area. • Carries out individual’s duty, and measures necessary, to maintain the confidentiality, integrity and availability of MOD information. • Demonstrates Knowledge of vetting levels within MOD, initiates new vetting applications and can progresses the renewals process appropriately. Can explain the purpose and requirements for security vetting. Implements and upholds, mandated personal security standards. Business Continuity & Resilience • Can explain the impact of threats and disruptions on activities that support the organisation’s critical functions • Can explain Business Continuity and its process. • Implements Business Continuity Planning arrangements. • Understanding of the Joint Services Publications 440 (Defence Manual of Security, Resilience and Business Continuity); 892 (MOD Risk Management Policy); and the HMG Security Policy Framework. • Staff have completed mandatory general security threat briefings and security and business continuity training. • Centre for Protection of National Infrastructure Smart Traveller Guide • MOD Stay Safe Online guide

Part 2 – Defence Security Specialisms Competency Framework

Defence Security Specialisms Competency Framework Competency Generalist Awareness Practitioner • Demonstrates knowledge of the • Provides leadership and direction basic principles of defence in for other security roles. depth. • Can explain how security • Carries out security risk measures achieve different assessments based on threats effects. & vulnerabilities. • Acts as a champion for security Expert • Provides strategic advice, develops pragmatic security policies and procedures, which balance the business needs with the required security effect. Sets strategic direction for security and provides • Plays an active role in crossassurance to risk government security strategy and • Reports potential risk events and business continuity in the owners that the policy decisions. appropriately demonstrating business area’s strategic plan. delivery of desired appreciation of severity of risk. • Able to challenge assumptions security effect and • Determines organisational • Able to recommend effective and identify innovative solutions development needs in line with business processes security measures and policies to resolve security management business needs and strategic are compliant with proportionate to business area. issues. direction. Generates development relevant legislation, • Implements strong Governance • Promotes policies, practices and strategies to achieve required departmental in accordance with effective decisions which recognise the change. policies, and that the security programme current and evolving needs of all requirements; ensuring due the stakeholders. • Drive a holistic security-minded Department care (positive behaviours) and • Develops and maintains effective approach that can be embedded in conforms to the effective Audit/Assurance take an organisation’s operating culture, programmes to improve cultural principles described place to execute due diligence strategic policies and plans. awareness of the need for in JSP 440. (appropriate checks and balances). Underpinning knowledge security measures. • Study of the Joint Services Publications 440 (Defence Manual of Security, Resilience and Business Continuity); 892 (MOD Risk Management Policy); and the HMG Security Policy Framework. Understand

Defence Security Specialisms Competency Framework Competency Physical & Operational Awareness Practitioner • Can explain and implements • Ability to review and investigate • Ability to lead a complex MOD/HMG policy and complex situations and identify programme of physical security legislation relating to Physical vulnerabilities. operations, delivering objectives Operations Security. at pace. • Initiates Operational Requirements • Can explain and implement process planning work effectively. • Ability to plan and lead complex the principles: Deter, Detect, physical security assessments, • Implements appropriate measures Delay, and Detain. investigations and reviews. in response to threats and Leadership, management and delivery of Physical Operations Security; • Can explain Operational vulnerabilities mitigating against Requirements and the risks to assets. a system of policies, principles for operating procedures, property • Demonstrates in-depth knowledge commercial security products. of security products and technology that • Demonstrates knowledge of components and is able to design, reduces the types and merits of build, modify and/or technically vulnerabilities, different physical security integrate security products. safeguards assets, measures and systems • Able to lead, motivate and show a manages risks to integrations. thorough understanding of how staff and promotes a personnel security fits into MOD, safe working Industry and Projects. environment for all. Underpinning knowledge Expert • • • Provides independent assurance to Senior Stakeholders that the organisation is complying with legislation, external regulation, and its own internal regulations and standards. • Effectively analyses emerging threats and countermeasures to assess the impact on current policies and procedures to provide objective solutions. Study of the Joint Services Publications 440 (Defence Manual of Security, Resilience and Business Continuity); and the HMG Security Policy Framework. Training and experience of Centre for Protection of National Infrastructure Physical Security standards Defence risk management principles. Training and experience of Defence Critical Infrastructure Security Surveyor standards. Awareness of PACE legislation and the experience of conducting security incident investigations.

Defence Security Specialisms Competency Framework Competency Personnel Security Awareness • Can explain the principles of security risk management associated with personnel security. • Collaborates effectively at the strategic, national, local and international level to formulate effective security policy. • Develops an effective personnel security culture where security risks are managed. • Develops an effective personnel security culture where security risks are managed, mitigated or exploited to further personnel security aims and objectives. Providing assurance of the delivery of Personnel Security • across the organisation. Ensuring compliance • with Departmental, National, International and local regulations, standards and guidelines. Underpinning knowledge Practitioner Able to provide general security vetting advice. With support, able to conduct effective assessments of risks arising from screening and vetting evidence based on organisational, group and role appetite. Expert • Operates at the strategic, national, local and international level to conduct effective personnel security investigations in support of multiple stakeholders. • Is able to account for organisationally acceptable thresholds and standards relating to levels of personal vulnerability. • Deploys developed and effective • Challenges and reviews extant analytical skills when evaluating and developing policy providing processing information used in assurance that corporate screening and assessing vetting risk. governance, internal controls and risk management relating to • Conducts effective implementation Personnel Security are working of appropriate aftercare measures effectively. when required. • Demonstrates detailed knowledge • Able to make objective and of the legal framework supporting reasoned decision making based on National Security Vetting and preevidence. employment screening. • Study of the Joint Services Publications 440 (Defence Manual of Security, Resilience and Business Continuity); 892 (MOD Risk Management Policy); and the HMG Security Policy Framework. • Knowledge of UK legislation where it underpins personnel security • Analysing and using evidence. • CPNI Personnel Security Training Modules.

Defence Security Specialisms Competency Framework Competency Awareness Business Continuity & Resilience • Effectively supports the data collection, collation and analysis of relevant business continuity Management Information (MI) necessary to substantiate assurance. • Provides advice and guidance on complex matters relating to Business Continuity and its application. Expert • Provides strategic advice and guidance on complex matters relating to Business Continuity and its application. • Contributes to the maintenance and • Represents TLB’s interests to development of Business Continuity the Director of Security and • Ensures resilience progress is policies and processes ensuring Resilience to facilitate delivery reviewed with risk owners and advice and guidance is fit for of effective policy. other stakeholders as purpose. • Is accountable for the applicable, escalating risks as • Supports development, production and maintenance of necessary implementation and continuous Business Continuity Plans in Process and systems for defining and assuring measures necessary to maintain Defence • Seeks confirmation that risks are recognised and critical outputs. considered by senior management • Undertakes assessments of business continuity plans throughout the year. Underpinning knowledge Practitioner • • improvement of all aspects of the Business Continuity Strategy and delivery to protect the interests of the department. • Develops and maintains key documents such as business continuity plans, key contacts lists, contingency guides and input into risk registers. business area(s) of responsibility. • Leads on the production, delivery and management of the Business Continuity Programme. • Leads the implementation of a standardised Business Continuity Management system • Plans for and mitigates against in business area(s) of incidents & disruptions. responsibility (aligned to public standards and good practice). Study of the Joint Services Publications 440 (Defence Manual of Security, Resilience and Business Continuity); Business Continuity Good Practice Guidelines and ISO 22301. IT Disaster Recovery and Business Continuity working together Diploma in Business Continuity from Business Continuity Institute recognised training provider.

V 1. 0 November 2018