Skip to content

8. Create a Strong Security Culture - Soft Measures

Last Updated 24 November 2016

Your organisation’s security culture outlines its approach towards security, and is essential to an effective security regime.

‘Soft measures’ means ensuring information on your organisation’s security policies and practices is clearly and regularly communicated to staff, contractors and suppliers. This includes clarity on incident management and resolving risks.

Questions to address soft measures in developing your security culture:

  • Is there a formal document outlining the security culture of your organisation? Does it set out to staff their security responsibilities?
  • What security training and awareness is given to staff? By whom and how often?
  • What are the key security messages for staff and how are they communicated? Are regular security surveys conducted?
  • Are contractors and suppliers aware of what is required of them on security issues?

NPSA guidance on security culture and other relevant information is available:

There is also a range of campaign toolkits for security managers to use to encourage strong secure behaviours: