Skip to content

Personnel Security Maturity Model

Find out how to use the NPSA PerSec maturity model, which has been designed to specifically assess an organisation's personnel security maturity

Last Updated 06 October 2020


Maturity models are used in a number of industries to allow an organisation to assess their methods and processes according to best practice.

The NPSA PerSec maturity model has been designed to specifically assess an organisation's personnel security maturity. This is a key factor, in addition to physical and cyber security measures, in strengthening an organisation's resilience to insider and wider external security threats.

The model is based on comprehensive and robust research into insider acts, and extensive NPSA experience in personnel security mitigations (research and development programmes and close working with the CNI and overseas partners to test, refine and embed personnel security initiatives).

The benefits of using the NPSA model are:

  • A starting point for developing a measurable personnel security improvement programme using the NPSA tools and guidance which are appropriate to the organisation's current level of PerSec maturity.
  • A common and consistent benchmark for personnel security performance across the critical national infrastructure (CNI), which will enable individual organisations to compare themselves with the rest of their sector.

Seven core elements of effective personnel security processes

The maturity model is based on seven core elements of effective personnel security processes, as identified through our insider data study and research and development programme. These are:

  • A. Governance and Leadership
  • B. Insider Risk Assessment
  • C. Pre-Employment Screening
  • D. Ongoing Personnel Security
  • E. Monitoring and Assessment of Employees
  • F. Investigation and Disciplinary Practices (Response)
  • G. Security Culture and Behaviour Change.

Six levels of the NPSA PerSec Maturity Model

These seven core elements are evaluated against the six levels of the NPSA PerSec maturity model:

  • 0. Innocent
  • 1. Aware
  • 2. Developing
  • 3. Competent
  • 4. Effective
  • 5. Excellent

Maturity Questionnaire

The maturity questionnaire seeks evidence across four key areas:

  1. The EXISTENCE of PerSec policies, processes and procedures?
  2. The IMPLEMENTATION of the PerSec programme?
  3. How CONSISTENT is PerSec?
  4. How EFFECTIVE are the PerSec policies etc that are in place?

Critical national infrastructure organisations should contact their NPSA adviser for more information on how to assess their current level of personnel security maturity.

Did you find this page useful? Yes No