The Future of Security Professionals

Advancing Security

Professionals A discussion paper to identify the key actions required to advance security professionals and their contribution to

Australia

Produced by the Interim Security Professionals Taskforce

5 March 2008

Your views are sought Your views on the questions in this paper can be forward to the Taskforce via email

or in person at the Consultative Forums around Australia. For details, see www.securityprofessionals.org.au

Dates of Consultative Forums are listed at

www.securityprofessionals.org.au/Your_views.html

The project is supported by the Australian Government Attorney-Generals Department.

Advancing Security Professionals: Discussion Paper www.securityprofessionals.org.au

Page 2

Taskforce information Interim Security Professionals Taskforce Members The members of the Interim Taskforce serve on the taskforce as knowledgeable individuals and not as representatives of particular organisations. Name Email Don Williams [email protected] Brett McCall [email protected] Julian Talbot [email protected] Michael Kinniburgh [email protected] Peter Anderson [email protected] Jason Brown [email protected] Paul Murphy [email protected] . Bruce Howard [email protected] Athol Yates [email protected] Kelly [email protected] Steve Barlow [email protected] Observers Richard Clarke [email protected] Peter Wythes [email protected] Taskforce administration Name Email Telephone Athol Yates [email protected] 02 6161 5143 Consultative Forums dates and locations

Timing Date State Location 4-6pm

Thursday, 27 March Canberra

Conference Room, Australian Homeland Security Research Centre, First Floor, Australian Institute of International Affairs Building, 32 Thesiger Court, Deakin ACT 2600

4-6pm Tuesday, 1 April Melbourne

McCall Security, Unit 3, 484 Graham Street, Port Melbourne

4-6pm Wednesday, 2 April Hobart

Tasmania Division, Engineers Australia, Royal Engineers Building, 2 Davey Street, Hobart

4-6pm Wednesday, 2 April Sydney

ATMAAC International, Level 1, 102 Bennelong Road, Homebush Bay

4-6pm Thursday, 3 April Brisbane

Queensland Division, Engineers Australia, 447 Upper Edward St, Brisbane

4-6pm

Thursday, 17 April Adelaide

Lincoln Rowe Room, South Australia Division, Engineers Australia, 11 Bagot Street, North Adelaide

4-6pm Friday, 18 April Perth

Western Australia Division, Engineers Australia, 712 Murray Street, West Perth

4-6pm

Wednesday, 16 April Darwin

Conference Room, Northern Division, Engineers Australia, Survey House, 14 Shepherd Street, Darwin

Registration is essential for catering and preparation reasons. To register, you can:

Email: [email protected] Tel: 02 6161 5143


Page 3

Contents Taskforce information ................................................................................................. 2

Interim Security Professionals Taskforce Members ............................................... 2Taskforce administration ......................................................................................... 2Consultative Forums dates and locations ............................................................... 2

Overview .................................................................................................................... 41 Background ......................................................................................................... 62 Purpose of this paper .......................................................................................... 83 Defining security professionals ........................................................................... 94 Key standards for professional practice ............................................................ 11

Potential frameworks for professional practice standards ..................................... 115 Improving the status and recognition of security professionals ......................... 136 The minimum standards, competence and continuing professional development requirements for security professionals and their specialisations ............................. 157 A regulation / registration / licensing / accreditation system .............................. 168 Enhancing accountability of the work of security professionals ......................... 179 Advancing the views of security professionals to government, industry, professional associations, the community and the media ........................................ 1810 Feedback ........................................................................................................ 20Annex A Elements of the security continuum ...................................................... 24Annex B Professionalism .................................................................................... 26Annex C Elements of a Profession ...................................................................... 27Annex D Qualification Frameworks ..................................................................... 29Annex E SWOT Analysis .................................................................................... 33Annex F Security and security-related professional and industry associations in Australia 35


Page 4

Overview Security professionals are a group of security practitioners vital to the protection of government, commercial organisations, non-government organisations and the community. If the security continuum is considered as having personnel who work in the tactical, operational and strategic sectors, then this discussion paper predominantly relates to those working at the senior end of the operational sector and those in the strategic sector. These personnel are referred as security professionals in this paper.1 Unfortunately security professionals have not been able to contribute their full potential to the nations security and safety due to a number of reasons including:

a lack of understanding by security users of the difference between the quality and capabilities expected of those providing front-line operational services, such as manpower and technology, and those providing professional services security advice, such as security advisors and security risk managers;

a lack of standards defining the expected knowledge, competency and ethical behaviour of security professionals;

a lack of appropriate licensing, registration, accreditation and assessment of security professionals;

a lack of a unified voice advocating the interests of security professionals. Following the 2007 Security Professionals Congress where the problems were identified, an Interim Security Professionals Taskforce was established to advance the security profession. The Taskforce has produced this paper which summaries the problems, proposes statements for discussion, and asks questions of security stakeholders. The purpose of this paper is to generate discussion on the major questions facing the security professionals, and based on feedback from the paper, propose a way forward that advances security professionals and their contribution to Australia. Views on these proposed actions are sought from stakeholders including:

Security associations Security consultants Security consumers and purchasers Security employers and contractors Security managers Security manpower staff Security policy makers Security regulators

All stakeholders are welcome to submit their views via email to [email protected] or in person at the Consultative Forums listed at www.securityprofessionals.org.au/Your_views.html or on page2. Following the feedback, the Interim Security Professionals Taskforce will prepare the final report that will include draft recommendations for advancing the security profession, and a draft action plan to implement the recommendations. 1 For details of the roles of personnel working in the tactical, operational and strategic sectors, see page 29.


Page 5

This will be refined on the:

25 May 2008, Melbourne, at the Security Professional Association meeting on the day prior to the 2008 Security Professionals Congress

26-27 May 2008, Melbourne, at the 2008 Security Professionals Congress Information at www.securityprofessionalscongress.org.au/. The Congress will debate, select and refine the final recommendations and action plan. A formal Security Professionals Taskforce will be selected at the Congress to implement the recommendations.


6

1 Background Security professions (defined as those working at the senior end of the operational sector and in the strategic sector of the security industry) is a critical group which supports the protection of government, commercial organisations, non-government organisations and the community. Unfortunately it is a group that has not been able to contribute its full potential to the nations security and safety primarily due to the fact that there is no clear understanding of the security profession, and there is no common voice, partly because of the disparate origins of members of the profession. This problem is compounded by the fragmentation within the security profession, lack of relevant qualifications and accreditation, and regulatory confusion between it and the much broader security industry (which includes providers of guards, equipment installers and vendors). Over the last few years there has been increased discussion at meetings, conferences and seminars on the need to define and promote the professional end of the security services continuum. To assist this discussion, a Security Professionals Congress was held in Melbourne in May 2007. The Congress was attended by approximately 150 delegates representing all aspects of the security profession including in-house security managers (from the public and private sectors), consultants, ITC specialists, physical security consultants, security engineers, procedural specialists, facility managers, risk managers, emergency managers, business continuity consultants, academics and educationalists. Organisations participating in the Congress were:

ASIS International ACT, Victoria, NSW & New Zealand Chapters Australian Homeland Security Research Centre Australian Information Security Association Australian Institute of Professional Intelligence Officers Engineers Australia Information Systems Security Australia Institute of Security Executives International Association of Bomb Technicians and Investigators Australian

Chapter Risk Management Institution of Australia SECIA Victorian Security Institute

The Congress was based on a series of presentations by senior security professionals and six workshops where delegates were required to review specific topics related to defining and promoting the security profession and making recommendations on the way ahead. The main concerns identified during the Congress were:

1. Professional standards for practice 2. Qualifications and training 3. Registration system based on competence 4. Status and recognition 5. Accountability based on a code of ethics 6. Commonality and standards across security professional specialisations

It was of interest to note that three common themes emerged from all workshops:

1. a requirement to formalise qualifications, certifications and professional recognition; 2. the need to alter the perception of the security profession; this was portrayed as

differentiating between the security profession and the security industry which provides important services and products, and contains professional members, but is not the security profession;


7

3. the need to establish a group representing the security profession. It was recognised that such a body should provide the forum to address the other two key issues.

On the day prior to the Congress, there was a meeting of professional associations representing security professionals. Representatives of twelve associations attended, representing Australian-based and international organisations, and there were also representatives from New Zealand. This was the first such meeting. The Australian Homeland Security Research Centre (AHSRC) partially funded the attendance of these groups to the meeting. The key topic of the professional associations meeting was the ability to work together to promote the security profession. It was recognised that no one body represents the needs of all security professionals or speaks on behalf of the broader profession. A recommendation from the meeting was the investigation of the feasibility of establishing a peak body. The Australian Homeland Security Research Centre (AHSRC) organised, coordinated and hosted the Congress and the meeting of associations in May. It paid for the accommodation of key representatives of the security professionals to engage them in the activity. The AHSRC has stated that it is not interested in becoming a peak group; however, it strongly supports enhancing the security profession to ensure that it makes a greater contribution to national security and community safety. Don Williams CPP coordinated the Congress program and facilitated the Congress. Funding This project is supported by the Australian Government Attorney-Generals Department.


8

2 Purpose of this paper The purpose of this paper is to generate discussion on the following major questions facing the security professionals.

How are security professionals defined? What are the key standards for professional practice? How can the status and recognition of security professionals be improved? What should be the minimum standards, qualifications and continuing professional

development requirements for security professionals and their specialisations? What is an appropriate regulation/registration/licensing/accreditation system? What are the best ways to enhance accountability for the work of security

professionals? How can the voice of security professionals be best represented to government,

industry, professional associations, the community and the media?


9

3 Defining security professionals People who work in the security industry can be divided into many categories.2 Typical categories include:

Business continuity professionals Crowd controllers Facility managers Intelligence professionals Investigators Security advisors Security equipment installers Security manpower providers Security researchers Security risk managers

However, a category which is not normally identified is security professionals. This term is quite distinct from security professionalism that encapsulates the professional delivery of a security product or service. The term security professional in no way implies that security professionalism is limited to security professionals. A key characteristic of security professionals is that they are required to take responsibility for security projects and programs in the most far-reaching sense. They provide significant input into the shaping of security decisions and the environment in which the security system functions. This requires that they:

understand the requirements of clients and of society as a whole; work to optimise social, environmental and economic outcomes over the lifetime of

the product or program; interact effectively with the other disciplines, professions and people involved; ensure that the security contribution is properly integrated into the totality of the

undertaking. The work of security professionals is predominantly intellectual in nature. Security professionals have a particular responsibility for ensuring that all aspects of their work are soundly based in theory and established practice. One hallmark of a security professional is the capacity to break new ground in an informed and responsible way. Security professionals may lead or manage teams appropriate to these activities, and may establish their own companies or move into senior management roles in security and related enterprises. For the security profession to be considered a profession in its own right, it is required to have, as other professions, the following characteristics:

Distinct body of knowledge Agreed and enforced standards of behaviour/ethics Standards of education Formal requirement for professional development College of peers

2 See Annex A for a list of elements of the security continuum.


10

Statements for discussion A security profession is defined as the group composed of those who provide advice to senior managers as in-house security advisors, security managers or external security consultants, and who have or provide:

the highest standards of professionalism; leadership; up-to-date expertise; quality and safety; independent and quality advice.

In Australia, the characteristics of the security profession are assessed as:

Distinct bodies of knowledge 9 Agreed and enforced standards of behaviour/ethics 8 Standards of education ? Formal requirement for professional development ? College of peers 8

Questions

1. Do you agree with the definition of security profession and if not, how would you define it?

2. Do you agree with the assessment of the characteristics of the security profession?


11

4 Key standards for professional practice Professional practice standards are those standards which security professionals need to comply with in order:

to uphold the public interest; to ensure the integrity of the work for which they are responsible; to discharge their professional obligations.

Standards are concerned both with professional competencies and with working methods, practices and procedures.

Professional practice standards are divided into the following areas: Professional knowledge Professional practice Professional engagement

They should all contribute to the following objectives:

Independence and Objectivity Confidentiality Proficiency Due professional care Maintaining up-to-date expertise Continual improvement Ethical behaviour Responsibility to society and the environment Responsibility to the client or employer

Professional practice standards enable security practitioners to:

assess their own performance; demonstrate professional standing against agreed criteria to their stakeholders; identify areas where improvement is needed; re-assess their performance after changes have been implemented.

Key issues in professional practice standards are:

competence versus quality standards; continuing professional development; development of standards.

Potential frameworks for professional practice standards A number of frameworks exist already for describing the skills, competencies, knowledge and abilities of a given profession or industry. The four key frameworks are:

1. alignment with the Australian Qualifications Framework (AQF); 2. certification levels based on responsibility and competence; 3. role-based requirements framework; 4. alignment with Security Risk Management Body of Knowledge (SRMBOK) Practice

Areas and Activity Areas. These frameworks are outlined in Annex C.


12

Statements for discussion Security professionals require professional practice standards in the following areas:

Professional knowledge Professional practice Professional engagement

Some of these standards already exist but are not sufficiently unified or coherent. The frameworks to create professional practice standards are:

alignment with the Australian Qualifications Framework (AQF); certification levels based on responsibility and competence; role-based requirements framework; alignment with defined and recognised practice areas.

Questions

3. From your specialisation or perspective, what are the key existing professional practice standards in the areas of: professional knowledge; professional practice; professional engagement.

4. What are the best frameworks to create professional practice standards?


13

5 Improving the status and recognition of security professionals

Professionals enjoy a high social status, regard and esteem conferred upon them by society. This status is not an inherent right, but is granted by society. It arises primarily from:

higher social function of their work, regarded as vital to society as a whole and thus of having a special and valuable nature;

existence of technical, specialised and highly-skilled work often referred to as professional expertise;

training involving obtaining specialist education and qualifications; restricted entry to the profession based on competence; training requiring regular updating of skills.

For professionals, maintenance of public status depends on the public's belief that professionals are trustworthy and provide the level of expertise expected of them. Where there is no consensus on how to raise the status of professionals, there appear to be two distinct groups of thought.

A series of actions to raise the status of a profession. No overt action can be effective in raising the status of a profession as recognition of

a professions importance. This will occur naturally if the professional produces unique and valued high quality work, and makes a significant contribution to society.

If action is effective in raising the status and recognition of a profession, below are the key actions that are normally taken.

Increase in positive media coverage of security professionals Introduction of awards for security professionals Increase in remuneration Encourage more women to become security professionals Security professionals featuring in media programs, notably news broadcasts and

documentaries Representation of the concerns of security professionals to politicians Security professionals giving talks to non-security groups Security professionals informing other professional groups (e.g. engineers and

project managers) of the work of security professionals Increase in entry standards for security professionals Increase in the inter-personal skills of security professionals so that they can better

communicate in the workplace, industry and to the community Protection of term security professional Introduction of specific licensing requirement for security professionals Promoting a security professional post nominal Creation of a representative voice for security professionals Inviting non-security practitioners to meetings of security professionals


14

Statements for discussion Security professionals have low status and recognition due to:

a lack of understanding of the specialised knowledge required by security professionals;

confusion in the publics understanding of the difference between security manpower staff and security professionals.

Questions

5. Are you satisfied with the status, trust and recognition of security professionals? 6. Do the levels of professional status, trust and recognition of security professionals

need to be addressed? 7. What are the key initiatives to raise the status, trust and recognition of security

professionals?


15

6 The minimum standards, competence and continuing professional development requirements for security professionals and their specialisations

For some specialisations of security professionals, there are standards, qualifications and continuing professional development requirements. For others there are none. The reasons for the standards, competence and continuing professional development requirements include:

protection of the consumer from poor service and goods; protection of the consumer by providing guidance on the quality of professionals.

The standards, qualifications and continuing professional development requirements specified for security professionals need to conform to the framework selected for professional practice standards as listed in Section 4. That is, the standards can be based on:

educational qualification; competence; experience; roles.

Statements for discussion Referring to Section 4, there are four main frameworks that will drive any requirements for minimum standards, competence and continuing professional development requirements for security professionals and their specialisations. Questions

8. For the security profession as a whole, do you believe that minimum standards, competence and continuing professional development requirements are needed? If so, what should they be?

9. For specialisations, do you believe that minimum standards, competence and continuing professional development requirements are needed? If so, what should they be?


16

7 A regulation / registration / licensing / accreditation system

The regulation/registration/licensing/accreditation systems vary across State and Territory jurisdictions and elements of the security industry. The system for certain elements of the security industry is well developed and targeted in areas such as crowd controllers and installers. However, for security professionals, the systems are mostly irrelevant as they either do not apply to groups of security professionals, or they provide no indication of competence (or other public good benefit). Examples of the former are that the systems do not apply to information security consultants and government security advisors. Examples of the latter are that the systems provide no indication of competence when selecting professionals in security facility design and blast design. Statements for discussion A security regulation/registration/licensing/accreditation system is of value to security professionals, security consumers and society. The existing security regulation/registration/licensing/accreditation systems of the States/Territories are mostly irrelevant to security professionals. Security professionals should not be required to be part of the States/Territories systems. A national system should be developed or alternatively, specialisations of security professionals should fall under existing national schemes. Questions

10. Do you believe that the existing security regulation/registration/licensing/accreditation systems of the States and Territories are irrelevant to security professionals?

11. Can you suggest an ideal system for the regulation of security professionals and specialisation?


17

8 Enhancing accountability of the work of security professionals

Currently, it is difficult to determine how individual practitioners can be held accountable given that there are currently few, if any, minimum standards against which security professionals can be judged. The licensing regimes for consultants in some jurisdictions set standards for qualifications (usually a Cert IV) and for registration as a business, insurance coverage, etc, but these do not directly reflect standards for ethical or professional behaviour. Most of the security-related industry or professional organisations have codes of conduct. A common concern is that disciplining members for codes of conduct breaches is done infrequently by the organisations as it results in members resigning before disciplinary action is finished. Enforcement also results in lost membership fees for the organisation. Some contracts require minimum levels of Professional Indemnity (PI) insurance but the relevance of the insurance cover to the work undertaken is not often verified. PI coverage should reflect that the applicant has demonstrated to the insurance provider that they are an acceptable risk in terms of qualifications, experience and business practices for the work they undertake. Requiring participants to demonstrate PI coverage for the work undertaken would help make them more accountable. Statements for discussion There are poor formal mechanisms for accountability for security professionals as there are few minimum standards against which security professionals can be judged. Existing codes of conduct and enforcement mechanisms are limited in benefit for security consumers to take action against security professionals. Security professionals require either:

a whole-of-profession code of conduct that is enforced by a party that does not depend on membership fees with disciplinary action is linked to licensing, or

existing codes of conduct and enforcement mechanisms are strengthened. Questions

12. Do you believe that formal mechanisms for accountability for security professionals need to be improved?

13. What do you suggest are the best ways to improve accountability?


18

9 Advancing the views of security professionals to government, industry, professional associations, the community and the media

There is no single voice speaking on behalf of security professionals. However, there is a range of industry and professional bodies that represent elements of the security continuum. For example:

ASIAL, ISE, VSI and other security-specific organisations represent elements of the security industry.

ASIS International represents individual security consultants and managers. Other associations represent specific areas of expertise such as ITC security, risk

analysis and bomb security. Non-security associations represent those who also work in related fields such as

Emergency Management, OH&S and Facility Management. The number of security-related organisations makes it difficult to promote a common image. Non-security professional groups, such as Facility Management and Emergency Management, do not have as many representative bodies and hence have a more cohesive set of guidelines, expectations and public information capabilities. Government policy makers and regulators currently have no organisation that they can seek guidance from in relation to the security profession. There are six options for advancing the voice of security professionals to government, industry, professional associations, the community and the media. Below is a table identifying the options. Option Explanation Status quo Continue with the current situation Regular, informal meetings of security professionals

Regular informal meetings of professionals could be held to discuss topics of interest and concern. This could be achieved through an annual congress.

An association of associations

An association of associations could be formed where security-related professional bodies meet and discuss topics of interest and concern, and develop collegiate responses.

Lead association A lead association could be appointed to represent others. This option, while providing a single point of contact, may suffer from extended discussion over which organisation is best suited to lead.

An associated society

An associated society could be created within an existing parent body such as Engineers Australia. The associated society would invite individual members and a prerequisite could be membership of an existing security-related professional body. An associated society would adopt the codes of conduct, compliance and accountability standards of the parent organisation.

A new security professional institute

A new security professional institute could be formed that would require minimum standards for members, possibly including membership of an existing security-related professional body. An institute could have sub-groups/colleges for each specialisation representing the specific requirements of each sector. An institute could attain standing as a recognised professional body with membership being respected by clients and peers.


19

Annex E contains a SWOT (Strengths, Weaknesses, Opportunities and Threats) analysis for each option. Statements for discussion The views of security professionals are not consistently or effectively heard by government, industry, professional associations, the community and the media. Improvements to advancing the views of security professionals need to be made. The key mechanism to advancing the views is to develop a unified voice on topics of concern (which may be different from concerns of other elements of the security continuum). The options are:

Regular, informal meetings of security professionals An association of associations A lead association An associated society A new security professional institute

Questions

14. Do you believe that the views of security professionals are not consistently or effectively heard by government, industry, professional associations, the community and the media?

15. Do you think that a more unified voice of security professionals is required? 16. If so, which option is preferred?


20

10 Feedback Feedback on all aspects of this discussion paper is actively sought, particularly in relation to the Statements for Discussions and the Questions at the end of each section. Feedback can be provided via email to [email protected] or by attending one of the Consultative Forums.

ConsultativeForumsdatesandlocationsTiming Date State Location

4-6pm

Thursday, 27 March Canberra

Conference Room, Australian Homeland Security Research Centre, First Floor, Australian Institute of International Affairs Building, 32 Thesiger Court, Deakin ACT 2600

4-6pm Tuesday, 1 April Melbourne

McCall Security, Unit 3, 484 Graham Street, Port Melbourne

4-6pm Wednesday, 2 April Hobart

Tasmania Division, Engineers Australia, Royal Engineers Building, 2 Davey Street, Hobart

4-6pm Wednesday, 2 April Sydney

ATMAAC International, Level 1, 102 Bennelong Road, Homebush Bay

4-6pm Thursday, 3 April Brisbane

Queensland Division, Engineers Australia, 447 Upper Edward St, Brisbane

4-6pm

Thursday, 17 April Adelaide

Lincoln Rowe Room, South Australia Division, Engineers Australia, 11 Bagot Street, North Adelaide

4-6pm Friday, 18 April Perth

Western Australia Division, Engineers Australia, 712 Murray Street, West Perth

4-6pm

Wednesday, 16 April Darwin

Conference Room, Northern Division, Engineers Australia, Survey House, 14 Shepherd Street, Darwin

Registration is essential for catering and preparation reasons. To register, you can:

Email: [email protected] Tel: 02 6161 5143


21

Feedback Response Table The following table may be used to answer the specific questions raised in this paper. Additional comments and suggestions are sought. Please complete and fax to 02 6161 5144.

Question Response 1 Do you agree with the definition of security

profession and if not, how would you define it?

2 Do you agree with the assessment of the characteristics of the security profession?

3 For your specialisation or perspective, what are the key existing professional practice standards in the areas of

Professional Knowledge

Professional Practice

Professional Engagement

4 What are the best frameworks to create professional practice standards?

5 Are you satisfied with the status, trust and recognition of security professionals?


22

6 Does the level of professional status, trust and recognition of security professionals need to be addressed?

7 What are the key initiatives to raise the status, trust and recognition of security professionals?

8 For the security profession as a whole, do you believe minimum standards, competence and continuing professional development requirements are needed? If so, what should they be?

9 For specialisations, do you believe minimum standards, competence and continuing professional development requirements are need? If so, what should they be?

10 Do you believe that the existing security regulation/registration/licensing/accreditation systems of the States and Territories are irrelevant to security professionals?

11 Can you suggest an ideal system for the regulation of security professionals and specialisation?

12 Do you believe that formal mechanisms for accountability for security professionals need to be improved?


23

13 What do you suggest is the best ways to

improve accountability?

14 Do you believe that the views of security professionals are not consistently or effectively heard by government, industry, professional associations, the community and the media?

15 Do you think that a more unified voice of security professionals is required?

16 If so, which option is preferred?

Additional comments

OPTIONAL - Name and email address: ___________________________________________________ Please complete and fax to 02 6161 5144.


24

Annex A Elements of the security continuum The following is an indicative list of those involved in providing security products and services.

SecurityServices

SecurityManagementServicesAudit & compliance Business continuity management Crisis & emergency management Enterprise security planning & assessment Intelligence planning, provision or analysis Red teaming Risk compliance Risk management Scenario planning Security management benchmarking or gap analysis Security policy, plans, documentation Security project management Security risk management Threat analysis Vulnerability analysis

Physicalsecurityservices Access control system design Alarm system design Architecture Blast modelling CCTV system design Communication system design Correctional and detention facilities design Crime prevention through environmental design Critical asset identification Engineering vulnerability analysis Facility hardening Fire and safety Forensic Perimeter security design Physical security assessments Physical security reviews Security systems design Specification writing Systems integration Technical surveillance counter measures (e.g. de-bugging)

Personnelsecurity Close protection Drug testing Executive and close personnel protection Kidnap, ransom and extortion support Overseas travel security support Personnel screening and vetting Polygraph services Private investigators Surveillance and counter-surveillance Training & education

GuardingArmed guards (uniformed and plain clothed) Bodyguards Casual guarding (eg major event) Crowd controllers Patrol services Security drivers Security guard dog handlers Uniformed security officers

LosspreventionFraud prevention Loss and prevention

Physicalsecurityproducts

GeneralAccess control Alarms Baggage and freight screening Biological detectors Biometrics Cameras CCTV Chemical detectors Detection and control devices Document or product identification Doors and locks EOD and UXO Fencing and perimeter security Gates Guard houses ID systems Incident management software Jammers Locks and hardware Mail screening Safes and record protection Signage Smart cards Surveillance and monitoring systems Turnstiles Vehicle barriers Vehicle ID systems Video intercoms Weapons and munitions


25

PersonnelSystemsandEquipment Body armour Goggles and glasses Hygiene Less-than-lethal weapons Navigation and GPS NBC clothing Night vision Protective clothing Weapons

Communications Command and control Communications security Frequency hopping Hand-held Intercom Mobile internet Satellite Secure communications Tactical Video conferencing Voice Over IP (VoIP)

Medical Decontamination First Aid equipment and supplies Medical services Mobile hospitals Stretchers and litters

InformationsecurityComputer forensics Computer systems security and privacy Encryption IT security policy, plans and documentation IT security contract management IT security management Software engineering System & product design Virus and malware

RelateddisciplinesEmergency management OH&S Facility management Risk management Security academics Human resource management


26

Annex B Professionalism The Shorter Oxford Dictionary defines 'profession' as 'a vocation, a calling, especially one requiring advanced knowledge or training in some branch of learning or science'. Further it describes a professional as 'having or showing the skill of a professional person, competent' and 'professionalism' as 'the body of qualities characteristic of a profession or professional'. Similarly the Macquarie Dictionary defines the noun 'profession' as 'a vocation requiring knowledge of some department of learning or science, especially one of the three vocations of theology, law, and medicine (formerly known specifically as the professions or the learned professions): a lawyer by profession'. Secondarily as 'any vocation, occupation, etc'. Thirdly, as 'the body of persons engaged in an occupation or calling: to be respected by the medical profession'. It further defines professionalism as 'someone belonging to one of the learned or skilled professions'. Similarly the Accounting Professional & Ethical Standards Board identified fundamental principles that must be upheld for a person to be considered a professional accountant. These are:

(a) Integrity (b) Objectivity (c) Professional competence and due care (d) Confidentiality (e) Professional behaviour

The Australian Library and Information Association has developed standards of professional excellence for teacher/librarians. These are: Professional Knowledge, Professional Practice, Professional Commitment. Each of these has four subsets of practice or behaviour that specifically identify the measure of excellence that identifies professional behaviour. The principles embodied in these above definitions appear in various forms throughout the body of literature attempting to define profession or its attributes. In considering these and a multitude of other definitions of 'profession' across such occupations as legal practice, medicine, education and pharmacy, a number of key elements can be identified as necessary to be present for an area of employment to be considered a discrete profession. Another opinion is tha security practitioners support and implement the vision of their communities, employers and clients through advocating and building effective protective security programs that contribute to societal security. A security professional holds recognised security qualifications, defined as eligibility for membership of a security association. Within the broad fields of security and risk management, security professionals are uniquely qualified to select and apply a broad range of protective security measures.


27

Annex C Elements of a Profession Distinct body of knowledge The first principle in determining the existence of an independent profession is having a distinct body of knowledge relevant to the profession. The practice of security in the areas of personnel; physical, electronic, information and communication technology; and security management demonstrate that this body of knowledge exists and is fundamental to good practice. This body of knowledge in any profession is both academic and practical and is supported by research development and application. This is the case for the security profession. Standards In the discussions concerning professionalism the term Standards is used in two contexts: standards as measures of values-based ethical behaviour and standards as a measure of performance or quality of work, process or technology. All the professions surveyed address both types of definition of standards and most have national or internationally articulated quality, process and performance standards. The security profession readily demonstrates adherence to standards in the latter definition. First and foremost are international and domestic process standards or technical standards, provided by the International Standards organisation (ISO) and Standards Australia, which form the backbone around which security professionals practise their profession. Standards Australia and the National Centre for Security Standards has effectively mapped the security and associated quality standards applicable to the security profession. Similarly, ASIS International has an international Standards and Guidelines Commission and is a category A liaison to the ISO. The security profession can readily demonstrate the existence and the fundamental position of standards of this type in the profession. Competence Professionalism in all cases is attested to by the competency of those who claim to practise the profession. Competence in this case is best defined as the demonstrated skills and knowledge to practise the profession. Competence is derived from training, on the job and institutionally, and education, and the demonstrated application of such skill and knowledge to the tasks or challenges of the endeavour. Demonstrating competence is the measure by which most persons will measure the profession. Measures and standards for competence form an integral part of any profession and are partly articulated in some of the education, training and national licensing regimes. Professional competence is also generally a requirement for membership of professional associations. Professional development All professions surveyed consider that ongoing professional development is a prerequisite for considering an individual to be a professional and therefore accepted as member of a profession association. Further, Engineers Australia and the Risk Management Institution of Australasia, amongst many professional bodies, consider it to be a significant criterion for ongoing recognition as a member of such an association.


28

College of peers All professions have as the basis for their recognition of their professional grouping arrangements that link peers together and recognise other practitioners of the discipline as their fellows. The college can be informal or formal, but need to be sufficient delineated so that members recognise each other through the attributes of the profession they practise. A college can generally accept or reject members on grounds of incompetence or poor behaviour and therefore establish standards as described above and as also addressed under Ethics below. Groups such as ASIS International, SecMan and the International Security Managers Association maintain a peer relationship for their members. Ethics In discussing standards above, the behavioural standards that have been adopted by the medical, legal, engineering and accountancy professions provide guidance on how this issue needs to be approached. Rather than adopt any existing Security values, ethics or behavioural standards statements, it is appropriate that this be a matter for considerable discussion and debate.


Page 29

Annex D Qualification Frameworks A: Qualifications-based Table 1 below illustrates the alignment of the Australian Qualifications Framework (AQF) with Security Practice Areas.3 Table 1: Aligning the AQF with security Practice Areas

AQF Qual Physical People Management Information ICT

11 PhD Technical Specialist or Senior Consultant

10 Masters Degree Chief Security Officer (CSO) or Senior Consultant

9 Graduate Diploma Chief Security Officer (CSO) or Senior Consultant

8 Graduate Certificate

Physical Security Consultant

Personnel Security Consultant

Security Risk Management Consultant

Information Specialist

ICT Security Specialist

7 Bachelor Degree

Security Manager

Vetting Manager

Security Manager

Intelligence Manager

ICT Security Manager

6

Advanced Diploma

(Certification e.g. CPP)

Operations Manager

Vetting Manager

Security Manager

Intelligence Analyst

5 Diploma

Agency Security Adviser

Vetting Supervisor Team Leader

Intelligence Collector

ICT Security Adviser

4 Certificate IV Installer

Senior Vetting Officer Supervisor

Intelligence Operative

Security Admin

3 Certificate III

Control Room Operator

Vetting Officer Team Leader

2 Certificate II Guards*

* In Victoria Cert III is the entry level qualification for a security guard.

3 As defined in the Security Risk Management Body of Knowledge (SRMBOK), Risk Management Institute of Australia, 2008


Page 30

B: Certifications-based Professional associations commonly use a certification-based framework based on members reaching certain standards. For example, a three-tiered certification approach has been adopted by the Australian Institute of Project Management. The levels are:

QPP (for those who have been certified at Level 4, Qualified Project Practitioner); RPM (for those who have been certified at Level 5, Registered Project Manager); MPD (for those who have been certified at Level 6; Master Project Director).

The Facility Management Association (FMA) similarly recognises three levels of accredited Facility Manager (AFM). These levels are:

AFM1 (Practice), AFM2 (Manage) and AFM3 (Lead).

Adopting a similar approach in the security area might provide a similar approach as illustrated in Table 2. The example below is provided for illustration and discussion only but it illustrates that there are many pathways to achieving relevant experience and the required professional abilities. The Direct, Manage and Practice levels of the security professional are (in this example) underpinned by a Technician level leading to a four-tiered certification framework.

Points Required

Quals Min in security

Experience Example

Security Director

22 AQF 8+

AQF 5 10 years B SecSc (7) + 15 years experience (15) = 22 pointsor PhD (11) + 11 years experience (11) = 22

Security Manager

15 AQF 7+

AQF 5 5 years B SecSc (7) + 8 years experience (8) = 15or M SecSc (10) + 5 years experience (5) = 15

Security Practitioner

13 AQF 5+

AQF 4 5 years Cert IV security (4) + Cert IV Frontline mgmt (4) + 6 years experience (6) = 14

Security Technician

8 AQF 3+

AQF 3 3 years Cert III security (3) + Trade Certificate (3) + 3 years experience (3) = 9

Table 2: Example of a Tiered Professional Practice Certification Standard


31

C: Role-based Standards Frameworks Role-based standards frameworks are based on the roles and responsibilities of security professionals and how they are categorised into Strategic, Operational or Tactical responsibilities across a number of job requirements.

Chief Security Officer Security Manager

Security Operations Manager Supervisors Shift Leaders Security Staff

1 to 3 year < 12 months < 3 months


32

D: Practice Area-based Framework The work of security professionals can also be categorised and assessed according to the Practice Areas which they are involved in and the phase of security activities (pre-event or post-event) as illustrated below.

Activity AreasActivity AreasINTELLIGENCE

PROTECTIVESECURITY INCIDENT

RESPONSE RECOVERY &CONTINUITY

Activity AreasActivity AreasINTELLIGENCE

PROTECTIVESECURITY INCIDENT

RESPONSE RECOVERY &CONTINUITY

Practice AreasPractice AreasPhysicalPhysicalSecuritySecurity

PeoplePeopleSecuritySecurity

ICTICTSecuritySecurity

Information Information SecuritySecurity

SecuritySecurityManagementManagement

Practice AreasPractice AreasPhysicalPhysicalSecuritySecurity

PeoplePeopleSecuritySecurity

ICTICTSecuritySecurity

Information Information SecuritySecurity

SecuritySecurityManagementManagement

ProjectManagement

RecoverDocuments

Reconstruction

Peer SupportCounselling

NetworkRestoration

IntelligenceProfessionals

Fraud Analysts

Investigators

CustodialOfficers

DecryptionSpecialists

IncidentControl

Public Affairs

Firefighter

First Aid

Emergency Comms

Chief SecurityOfficer

IT Security Advisers

Close PersonalProtection

Vetting Officer

FirewallProgrammer

Figure3: Example of Categorisation of Practice Areas against Activity Areas4

4 Practice Areas and Activity Areas as defined in Security Risk Management Body of Knowledge (SRMBOK)


33

Annex E SWOT Analysis This annex provides a SWOT (Strengths, Weaknesses, Opportunities and Threats) analysis for each option. Status quo Strengths No costs, time or effort in establishing new

structure. No minimum standards for entry of participation

other than those legislated.

Weaknesses No improvement over current situation. Security profession remains fragmented. No minimum standards for entry of

participation other than those legislated. No minimum standards for behaviour or

ethics. No increase in the status of the security

profession. Opportunities Security profession open to any who wish to

join.

Threats Ongoing desire by participants to change the

status quo. Clients not seeing improvement in

professionalism of security practitioners. Regular, informal meetings of security professionals Strengths Opportunity for participants to meet and discuss

issues. Opportunity to present a united front on

discussed issues to government, etc.

Weaknesses Attended only by some of the participants. Only programmed issues discussed. No minimum standards for entry of

participation other than those legislated. No minimum standards for behaviour or

ethics. Opportunities Open to all participants. Not seen as representing a particular

organisation or group.

Threats Cost to attend. Needs coordination and planning by an

interested body (currently AHSRC). Not seen as being truly representative. May be boycotted by an organisation or

sector. An association of associations Strengths Provides focal point for security organisations. Seen as representing wide range of security

participants. Can be a single voice for the profession.

Weaknesses Only reflects members so those

organisations represented. Some start up costs.

Opportunities Identification of issues of mutual concern. May be able to argue for self-governance. Funding from member associations.

Threats Inability to gain agreement on issues. Ability for association representatives to

meet.


34

Lead association Strengths Single point of contact. Seen as representing wide range of security

participants. Can be a single voice for the profession. Minimal start-up costs.

Weaknesses May not been seen as truly representative. Issues for lead association may differ from

the others.

Opportunities May be able to argue for self-governance.

Threats Possible extended discussion over which

organisation is best suited to lead. Other associations not willing to participate.

An associated society Strengths Seen as part of parent body with associated

status. Limited start-up costs.

Weaknesses Need to raise the society for association. Need to convince the parent association to

accept affiliation. Opportunities Parent body able to provide secretarial,

administrative support, etc. Membership and behaviour laid down by parent

body. Adoption of accountability standards of the

parent organisation May be able to argue for self-governance. Could make membership of existing body a

prerequisite as it reflects technical acceptance in a speciality.

Threats May not be acceptable to a parent body. Need to meet parent body requirements for

entry, qualifications, professional development, etc.

A new security professional institute Strengths Can set minimum standards for members,

possibly including membership of an existing security-related professional body.

Can become a recognised and respected professional body.

Can set audit compliance and enforce code of conduct.

Weaknesses Will require the establishment of a permanent

office/staff. Will take some time to establish. Will require costs to run = membership fees.

Opportunities Establish colleges/subgroups to represent

specialisations, e.g. IT, physical, in-house security managers, government security advisors.

Membership can become a mark of professional acceptance.

Can become single point of contact for security professional issues.

Could be aligned to Engineers Australia or similar body.

Could make membership of existing body a prerequisite as it reflects technical acceptance in a speciality.

May be able to argue for self-governance.

Threats Opposition from existing industry

organisations. May meet opposition from existing security

organisations.


35

Annex F Security and security-related professional and industry associations in Australia

Below is a (non-exhaustive) list of security and security related professional bodies and associations in Australia:

ASIS International Australian Information Security Association Australian Institute of Private Detectives Australian Institute of Professional Intelligence Officers Australian Security Industry Association Limited Business Continuity Institute eSecurity Innovation and Awareness (SECIA) Facility Management Association Information Systems Security Australia Institute of Security Executives International Association of Arson Investigators International Association of Bomb Technicians and Investigators International Association of Certified Fraud Examiners International Crime Prevention Through Environmental Design Association National Australian Security Providers Association National Security Association Australia Risk Management Institution of Australasia Security Agents Institute WA Venue Management Association/International Association of Arena Managers Victorian Security Institute

25 - 27 May 2008Melbourne

Information: 02 6161 5143

Register now for early bird discountwww.securityprofessionalscongress.org.au

The Congress will focus on the report of the Interim Security Professionals Taskforce. The Taskforce is supported by the Australian GovernmentsAttorney-Generals Department.

Who should attendSecurity professionals in all industriesRisk, intelligence & business continuity professionalsSecurity policy and regulatory authorities

Advanced NoticeAdvanced NoticeSecurity Professionals Congress 2008Security Professionals Congress 2008

Incorporating Security Incorporating Security Associations Meeting 25 May 2008 Associations Meeting 25 May 2008 Security Professionals Congress 26 & 27 May 2008Security Professionals Congress 26 & 27 May 2008

Key topicsIncreasing the status of the professionSetting minimum competency standardsIdentifying education and articulation pathsForming a representative bodyDrafting a code of ethics and enforcement mechanism

Your views matterThe Congress will provide you with the following opportunities to share your views and knowledge on the future direction of security professionals:

Discussion and debatesWorkshops and small group discussionVoting and ballots