Skip to content

Assessing Personnel Security Maturity

Find out how to use the NPSA PerSec maturity model, which has been designed to specifically assess an organisation's personnel security maturity

Last Updated 07 November 2024

Introduction

Maturity models and tools are used in many industries to allow an organisation to assess their methods and processes according to best practice.

The NPSA self-service Personnel Security Maturity Assessment (PSMA) is designed to specifically assess an organisation's personnel security maturity. This is a key factor, in addition to physical and cyber security measures, in strengthening an organisation's resilience to insider and wider external security threats.

The PSMA is based on comprehensive and robust research into insider acts, and extensive NPSA experience in personnel security mitigations.

people looking at clipboard

The benefits of using the PSMA are:

  • A starting point for developing a personnel security improvement programme using the NPSA tools and guidance which are appropriate to the organisation's current level of Personnel Security maturity.
  • A consistent benchmark for personnel security performance which will enable organisations to monitor their own improvement programmes.

Seven core elements of effective personnel security processes

The PSMA is based on seven core elements of effective personnel security processes, as identified through our insider data study and research and development programme. These are:

  • A. Governance and Leadership
  • B. Insider Risk Assessment
  • C. Pre-Employment Screening
  • D. Ongoing Personnel Security
  • E. Monitoring and Assessment of Employees
  • F. Investigation and Disciplinary Practices (Response)
  • G. Security Culture and Behaviour Change.

Six levels of NPSA Personnel Security Maturity

These seven core elements are evaluated against the six levels of the NPSA Personnel Security maturity scoring matrix:

  • 0. Innocent
  • 1. Aware
  • 2. Developing
  • 3. Competent
  • 4. Effective
  • 5. Excellent

Maturity Assessment

The maturity assessment within the PSMA tests the existence, implementation , consistency and effectiveness of your personnel security processes and procedures. 

All UK organisations should begin by using the self-service PSMA. This is a simple and high-level assessment tool providing an organisation with the ability to quickly assess their own personnel security maturity. This tool will provide recommendations for improvement and links to supporting guidance.  When completed the PSMA will give a UK-based organisation the information required to develop a proportionate personnel security programme and measure their own improvement in the maturity of that programme. 

The PSMA is available only to users in the UK.

The NPSA Advisor-led assessment using the Personnel Security Maturity Model remains available for NPSA’s priority customers. This assessment enables advisors to obtain a rich picture of an organisations personnel security maturity whereby a report is written and shared with the customer. 

Did you find this page useful? Yes No