Anne Hayes

BSI, the business standards company, has revised its guidance standard for information security management systems, BS 7799-3 ‘guidelines for information security risk management.’ BS 7799-3 specifically assists organizations regarding the risks and opportunities aspects in the internationally recognized ISO 27001 information technology, security techniques, information security management systems and requirements. BS 7799-3 provides guidance on defining, applying, maintaining and evaluating risk management processes in the information security context. The standard is relevant to organizations which have, or are intending to have, an information security management system which conforms to ISO 27001. BS 7799-3 identifies two widely recognized approaches to risk identification and risk analysis: the scenario-based approach, where risks are identified and assessed, through a consideration of events and their consequence; and the asset-threat-vulnerability approach, where risk identification takes into account the value of information assets and identifies applicable threats. Reliable Organizational Security Data The standard recommends that for an organization to increase the reliability of estimating the likelihood of a security event occurring, they should consider using team assessments rather than individual assessments; employing external sources, such as information security breaches reports; unambiguous targets, such as ‘two a year’, rather than vague targets and timings; and using scales with at least five categories to ascertain risk, from ‘very low’ to ‘very high’. "Recognizing that no two organizations have identical security concerns, BS 7799-3 is applicable for all organizations" BS 7799-3 accounts for risks as diverse as whether the influences of a foreign actor are a threat to the organization; technology failure; influences of domestic crime, including fraud; and the probable skill of an attacker, and the resources available to them. The standard includes dedicated sections for information security risk treatment, with guidance on how an organization can monitor and measure their risk identification plan. Enhanced Information Security Management Recognizing that no two organizations have identical security concerns, BS 7799-3 is applicable for all organizations – regardless of type, size or nature. Notable changes between the revised BS 7799-3 and its predecessor include conformity to the latest version of ISO 27001; the term ‘risk owner’ replaces ‘risk asset owner’; and the effectiveness of the risk treatment plan is now regarded as being more important than the controls. Anne Hayes, Head of Market Development for Governance and Resilience at BSI, said: “Information security is the central nervous system of any organization. When it fails, the financial and reputational impact can be devastating for small and large organizations alike. Unsurprisingly, businesses routinely cite information security as their number one concern.” “BS 7799-3 was revised to work hand-in-hand with ISO 27001 in assisting organizations in evaluating their risk management processes. If ISO 27001 is the bread and butter of an organization’s information security management system, BS 7799-3 is the knife to spread the butter.” BS 7799-3 is applicable for any organization, but will be of particular interest to governance, risk and compliance personnel; security managers; operational managers; auditors; and anyone responsible for implementing the requirements of the General Data Protection Regulation in their organization.

BS 7960:2016 was revised to accommodate changes in the legal requirements for door security staff British Standards Institution, the business standards company, has revised BS 7960 Door Supervision – Code of Practice. The updated standard gives recommendations for the organization and management of companies providing door supervision services, whether contracted or in-house, to licenses premises or events. Fulfilling Legal Requirements BS 7960:2016 was revised to accommodate changes in the legal requirements for door security staff. A ‘response to emergencies’ section replaces the previous ‘contingency plan for security’, and a new threat level provides guidance for door security personnel on how to handle emergencies as divergent as performing first aid to a vulnerable person to responding appropriately to a terrorist attack or other large-scale emergency. The revised standard has new requirements to identify and implement violence reduction measures, and that Security Industry Authority (SIA) licenses are checked against SIA records at least once a month. There are additional guidance notes regarding the Data Protection Act and SIA License requirements when CCTV or other data recording devices are used. Door Security Personnel To reflect the changing face of the labor market, BS 7960 now refers to the deployment rather than the employment of door security personnel, as the individual may be under instruction of the company but paid by a third party. A new clause has also been added to ensure that the requirements of the standard are still met when the door security personnel is working for a subcontractor. “Professional door supervisors fulfill a crucial role not only in providing security for premises but in upholding the safety and wellbeing of individuals on their premises” As well as public and private organizations requiring the use of door supervisors, the standard is expected to be particularly relevant to the Association of Security Consultants, the Institute of Professional Investigators, Ex-Police in Industry and Commerce, and the National Association of Security Dog Users. Ensuring Safety Of Individuals Anne Hayes, Head of Market Development for Governance and Resilience at BSI, said: “Professional door supervisors fulfill a crucial role not only in providing security for premises but in upholding the safety and wellbeing of individuals on their premises. In developing BS 7960, we worked closely with private security firms to ascertain what door security personnel need to do their job as safely and effectively as possible.” BS 7960 now accommodates the 2013 legal requirement that all door security staff secure an SIA Level 2 Award for Up-Skilling. In common with the standard it replaces, the private security industry was heavily involved in the development of BS 7960:2016. Organizations involved in the development of the standard include the British Security Industry Association; National Security Inspectorate; Security Industry Authority; and the Proof of Age Standards Scheme (PASS).

BSI’s BS 8517 recommends how to handle security dogs, while complying with existing government legislation BSI, the business standards company, has launched BS 8517-1, Code of practice for the use of general security dogs and BS 8517-2, Code of practice for the use of detection dogs, to provide guidelines for organizations and individuals who use dogs as a security measure. BSI convened a diverse group of individuals and organizations who use security dogs, such as construction site managers, police officers, and the MoD to develop the standard. The National Police Chiefs’ Council (NPCC) classifies security dogs as second only to firearms in ‘use of force’, demonstrating a critical safety need for a standard that provides comprehensive advice for professional dog handlers. Recommendations And Government Legislation Approximately 5000 security dogs are employed in the UK security sector. The new standards provide recommendations on how dog handlers should professionally handle a dog on a day-to-day basis, and give detailed advice on how to comply with existing government legislation, such as The Guard Dogs Act 1975, The Dangerous Dogs Act 1991, and the latest Animal Control Bill 2015. The standards were designed to provide comprehensive guidance for the many varied uses of security dogs, including in high-security environments were dogs trained in bomb detection must be expertly handled. Building and construction site employees who require a security dog on a mobile basis can also use the standard. Security dogs are sought by construction managers not only to protect a building site but to protect the handler or other staff, as they act as a visual deterrent. "BS 8517-1 and -2 weredesigned to simplify the patchwork of lawssecurity dog handlersmust abide by" General Welfare Of Security Dogs Anne Hayes, Head of Market Development for Governance and Resilience at BSI, said, “BS 8517-1 and -2 were designed to simplify the patchwork of laws security dog handlers must abide by. It is essential that both the handler and the security patrol dog have been fully trained and work in partnership so that the dogs are safe when taken out amongst members of the public, but can also defend the handler should the need arise.” BS 8517-1, Code of practice for the use of general security dogs, covers all aspects concerning the general welfare of the dog, including kenneling and veterinary guidance. Recommendations in the standard take into account recent changes in dog breeds and the requirement for compulsory micro-chipping in security dogs. The need for dog handlers to obtain specific insurance and equipment – including the use of correction collars – are also covered in the standard. Code Of Practice For The Use Of Detection Dogs BS 8517-2, Code of practice for the use of detection dogs, was developed for more advanced users of security dogs, such as those who require dogs in the detection of drugs, firearms, munitions and explosives. Part 2 also includes issues relating to the welfare of the animal covered by Part 1 of the standard, and recommendations for procuring security dog services to ensure the service meets the unique requirements of dog handlers. Organizations also involved in the development of this standard include the National Security Industry Authority, The Royal Army Veterinary, the National Association of Security Dog Users, the National Police Chiefs’ Council and the Battersea Dogs and Cats Home. Save

The changes take into account introduction of CCTV Code of Practice issued by SCC as required by Freedoms of Information Act 2012 BSI, the business standards company, revised BS 7958:2015 Closed circuit television (CCTV) – Management and operation – Code of practice. The changes take into account the introduction of the CCTV Code of Practice issued by the Surveillance Camera Commissioner (SCC) as required by the Freedoms of Information Act 2012. Closed circuit television (CCTV) schemes provide the public with added reassurance that the environment in which they have the ‘right to visit’ is safe and protected. However it is crucial for them to have confidence that surveillance cameras are being used to protect and support them, rather than spy on them. The government considers that wherever overt surveillance in public places is used it shall be in pursuit of a legitimate aim and meets a pressing need. CCTV schemes are set up in public places such as: Areas where the public are encouraged to enter, such as town centers, shopping malls, public transport, educational and health establishments, etc. Schemes that overlook a public place, such as public footpaths, roads, bridle-ways for traffic monitoring and traffic enforcement schemes. Private schemes where a camera view includes a partial view of a public place. CCTV schemes that process personal data are obliged to conform to certain legislation such as the Data Protection Act 1998 (DPA), the Human Rights Act 1998 (HRA), the Freedom of Information Act 2000, the Protection of Freedoms Act 2012 and the Regulation of Investigatory Powers Act 2000. BS 7958 is designed to supplement this legislation and aims to ensure fairness, purpose and responsibility. For a public space CCTV system to be in use a Security Industry Authority (SIA) license is required. Although monitoring for traffic offences does not require a SIA License. The Surveillance Camera Commissioner has already endorsed the use of this suite of CCTV standards for systems which need to follow the Surveillance Camera Code of Practice Anne Hayes, Head of Market Development for Governance & Risk at BSI said: “The Surveillance Camera Commissioner has already endorsed the use of this suite of CCTV standards for systems which need to follow the Surveillance Camera Code of Practice. This type of unity across standards can only provide the best reassurance and peace of mind for the public who rely on Video Surveillance Systems and CCTV to be operating optimally, should they need to be accessed at a later date.” BS 7958 will be part of the best practice guidance for all local authority monitoring centers, police CCTV control rooms and all private industry CCTV control rooms. What BS 7958 Does: Provides a set of a code of practice for public space CCTV systems, taking due regard of the 12 principles of the Surveillance Camera Code of Practice. Gives recommendations for the management and operation of CCTV within a controlled environment, where data that might be offered as evidence is received, stored, reviewed or analyzed. Offers advice on best practice to assist owners in obtaining reliable information that can be used as evidence. It applies to the monitoring and management of public spaces, including automatic number plate recognition (ANPR) and traffic enforcement cameras. Includes the operation and management of body worn cameras. Pays attention to the Private Security Industry Act 2001, which contains provisions for regulating the private security industry. Some of the organizations that have been involved in the collaborative consensus-based development process include: British Security Industry Association, Home Office Science, IQ Verify, ITS UK Security and Resilience Interest Group, National Security Inspectorate, SSAIB, Security Industry Authority, Security Monitoring Centres Ltd and Scottish CCTV & Executive.