Introduction
Maturity models and tools are used in many industries to allow an organisation to assess their methods and processes according to best practice.
The NPSA self-service Personnel Security Maturity Assessment (PSMA) is designed to specifically assess an organisation's personnel security maturity. This is a key factor, in addition to physical and cyber security measures, in strengthening an organisation's resilience to insider and wider external security threats.
The PSMA is based on comprehensive and robust research into insider acts, and extensive NPSA experience in personnel security mitigations.
The benefits of using the PSMA are:
- A starting point for developing a personnel security improvement programme using the NPSA tools and guidance which are appropriate to the organisation's current level of Personnel Security maturity.
- A consistent benchmark for personnel security performance which will enable organisations to monitor their own improvement programmes.
Seven core elements of effective personnel security processes
The PSMA is based on seven core elements of effective personnel security processes, as identified through our insider data study and research and development programme. These are:
- A. Governance and Leadership
- B. Insider Risk Assessment
- C. Pre-Employment Screening
- D. Ongoing Personnel Security
- E. Monitoring and Assessment of Employees
- F. Investigation and Disciplinary Practices (Response)
- G. Security Culture and Behaviour Change.
Six levels of NPSA Personnel Security Maturity
These seven core elements are evaluated against the six levels of the NPSA Personnel Security maturity scoring matrix:
- 0. Innocent
- 1. Aware
- 2. Developing
- 3. Competent
- 4. Effective
- 5. Excellent
Maturity Assessment
The maturity assessment within the PSMA tests the existence, implementation , consistency and effectiveness of your personnel security processes and procedures.
All UK organisations should begin by using the self-service PSMA. This is a simple and high-level assessment tool providing an organisation with the ability to quickly assess their own personnel security maturity. This tool will provide recommendations for improvement and links to supporting guidance. When completed the PSMA will give a UK-based organisation the information required to develop a proportionate personnel security programme and measure their own improvement in the maturity of that programme.
The PSMA is available only to users in the UK.
The NPSA Advisor-led assessment using the Personnel Security Maturity Model remains available for NPSA’s priority customers. This assessment enables advisors to obtain a rich picture of an organisations personnel security maturity whereby a report is written and shared with the customer.
Guidance
- PSMM Executive Summary09-05-2019Download
- PSMM Guidance Booklet09-05-2019Download
- Metrics for Personnel Security Maturity03-09-2024Download