Implementing the aviation Security Management System (SeMS) – generating a positive security culture across the aviation industry.
Background
Aviation Security risks are dynamic and often unique in nature. Those with malicious intent are constantly looking to develop new ways to circumnavigate aviation security measures and mount attacks on aircraft, people and infrastructure. To support the industry in understanding, assessing and managing these security risks it was recognised that the current oversight model needed to be developed to provide greater resilience and proactive management of current and emerging security risks. The United Kingdom Civil Aviation Authority (UK CAA) in conjunction with the Department for Transport embarked on this modernisation in 2015 with the aim of developing a Security Management System (SeMS) that could be rolled out and embedded across the UK aviation industry.
Challenge
The challenge was wide ranging with the UK CAA needing to develop a Security Management System Framework that could be applied consistently across Airports, Air Carriers, Cargo and In-Flight Suppliers and applicable to organisations of differing size and complexity.
It was important to shift the emphasis from adherence of basic compliance to a mature security posture where by the security culture of the organisation was such that industry proactively managed its own security risks, both reducing the likelihood of a risk coming to fruition but should it materialize, reducing the impact and be more able to manage swift recovery – becoming more resilient.
To support this posture, it was crucial that the Industry and the Regulator embarked on a partnership approach and enhanced the transparency of dialogue and information sharing.
Solution
Working closely with the Department for Transport, industry and international governing bodies, the UK CAA has developed a SeMS Framework that encourages the philosophy of a top-to-bottom and bottom to top culture that ensures that all members of an organisation recognise that they have an important part to play in delivering an efficient secure operation. The SeMS framework has harmonised all aviation security assurance requirements across all aviation security sectors creating a positive Security Culture and recognising other areas such as Safety and Cyber.
With its applicability to aviation organisations of varying size and complexity, the framework places accountability where it should sit at the organisational level and actively encourages aviation organisations to proactively manage their own risks, both at a local and national level, identifying and addressing vulnerabilities with a focus on relevant/actual incidents, barriers to risk mitigation and the effectiveness of controls in place.
Whilst the SeMS framework allows an entity to have clear oversight and greater governance, it also places security culture at its centre. In developing the SeMS framework, it became apparent that SeMS would not work unless there was buy-in and a commitment at the top to ensure that all staff, not just those directly involved in security, recognised that they have a stake in the security culture of an organisation and that they can report matters of concern and see them acted upon, as appropriate.
Components of the UK CAA SeMS Framework:
The UK CAA SeMS Team, in close collaboration with industry, has introduced further guidance to assist smaller entities on how to embed a SeMS, with a continued focus on those elements that will impact security. There is also further guidance on Security Culture, where a self-assessment tool has been developed for Industry to proactively utilise.
Outcome
The SeMS Framework has become the UK CAA’s recognised approach to the modernisation of aviation security, being the foundation for Risk Based Oversight (RBO). The SeMS Frameworks proactive approach to security assurance allows organisations to effectively manage their own security risks without compromising aviation security. Guidance and supporting documents on the implementation and delivery of SeMS, has led to wider collaboration both domestically and internationally. By streamlining key processes, the assessment and reporting on security has become more efficient and less time consuming and provides entities with greater assurance that they are managing security effectively. The open and collaborative approach has allowed the UK CAA to see not only the snap shot view of compliance, but the entire security management system including where industry vulnerabilities lay allowing for appropriate mitigation. The proactive approach has encouraged the industry to go above and beyond compliance and actively mature as a sector.
For more information on our Security Management advisory services, please contact Kevin.Sawyer@caa.co.uk
Key Achievements
- Development of Security Management Framework for the UK Aviation industry.
- Enhanced Security Culture providing greater resilience.
- Increased transparency between the regulator and aviation security organisations.
- Increased assessment and reporting efficiency.
- Increasing Security maturity across the sector.
