Skip to content

9. Create a Strong Security Culture - Hard Measures

Last Updated 24 November 2016

Just as ‘soft’ security measures require clear communication of your organisation’s security culture, ‘hard’ measures require establishing clear procedures to address any failures to adhere to security policy.

This sends out a clear message that your organisation takes security matters seriously and will act as a deterrent to poor security behaviour. You need to know:

  • What are your organisation’s procedures for dealing with poor security behaviour?
  • Are the procedures for dealing with poor security behaviour clearly communicated to staff?
  • How is non-compliance addressed?

NPSA guidance on security culture and other relevant information is available:

There is also a range of campaign toolkits for security managers to use to encourage strong secure behaviours: