Although many aspects of Private Security Contractor (PSC) provision will be similar to static scenarios, the temporary nature of events mean there will be specific considerations to take into account. This guidance outlines the actions you should consider at each stage: when procuring the PSC service, during the event, and when the event has finished.
Stage 1 - Prior to procuring a Private Security Contractor
A key activity that you should consider at this stage include completing a Threat, Vulnerability, and Risk Assessment (TVRA). This assesses relevant threats (including theft, vandalism, terrorism, espionage etc), vulnerabilities and how best the threats can be mitigated. For the PSC to be effective, they must understand the output from the TVRA. NPSA’s guidance on Protective Security Risk Management provides further information.
PSC contracts typically cover a range of different roles, which need to be understood and combined in a complementary manner to meet the specific needs of the particular event. The TVRA will help you understand what is required of the security officers and what their roles are, which will allow you to draft the PSC contract for tender.
If you need assistance because you do not have the necessary expertise you should procure the services of a competent person. NPSA recommends using the Register of Security Engineers and Specialists (RSES) or a Chartered Security Professional. Some sites or events may be able to obtain advice from a CTSA (Counter Terrorism Police Advisor) or NPSA advisor.
The tender documentation should cover the following areas:
- The scope of the contract/service. NPSA’s advice is that it is preferable to specify the level of capability required in areas such as video surveillance, hostile vehicle mitigation, security-minded communications, access control and search & screening, rather than the level of resource in numbers of officers. The PSC should be required to explain how they will deliver these services effectively and how they are integrated and support each other. NPSA advise that provision is also made for a cadre of security officers that can be moved around the venue as and when needed to deal with any unexpected events that may arise. Additionally, officers should be used to interact with people; greeting them, answering questions and being visible and friendly so that the public know where to report anything they see that they feel is suspicious. This can also have a deterrent effect on the potential hostiles.
- Selection of staff. Ensure that there is a blend of experienced security officers, supervisors, and managers that are interspersed with newer staff and evenly distributed around the venue. Appropriate male/female ratios must be specified if a search regime is required as part of the contract to allow for gender appropriate searching.
- Training/level of competence needed. You must specify the relevant training and experience required of the PSC’s staff. Security Industry Authority (SIA) licences will be compulsory for some roles, for example door supervisor or CCTV operators. They denote certification for specific capabilities and are not interchangeable: you should consider this when specifying numbers and types of SIA licensed staff you may require. NPSA have produced a summary SIA licenses. Further information is available from the SIA website.
It is recommended by NPSA that an event organiser mandates the completion of SCaN (and/or ACT) learning by all staff working at an event. For more information on ACT visit ProtectUK website.
- SIA licensing alone may be insufficient. PCS staff may not have experience of the site being used for the event, or specific equipment and processes being used. Provision must be made in the contract for providing this site-specific training in advance of the event. This should include, but is not limited to, reporting mechanisms and agreed communication channels. The PSC should demonstrate how they record details of licences held and training undertaken.
- The security contract should be established and the security force mobilised as far in advance of the event as possible. It is essential to allow the security team time to familiarise themselves with the venue. They need to know the layout of the facility and naming conventions/landmarks/reference points so that it is second nature. The security force also needs to be familiar with their personal equipment including radios, and the security equipment they may be required to operate such as search and screening technology and gates. The operation of this equipment could vary between steady state and in the event of emergency or incidents. This could include use of override features, duress alarms etc.
- The PSC should be required to provide indicative Post Orders. These are clearly defined duties which are specific to each physical location, as each location will have its own vulnerabilities.
- What assurance processes and procedures you expect from the PSC to ensure successful delivery of the contract. This will include the governance arrangements and who is responsible and accountable for security operations. Ensure your contract provides a level of supervision by suitably experienced/trained staff that reduces the potential vulnerability of a low level trained/experienced general workforce. Requirements for assurance checks by supervisors will also reduce these risks.
- PSC to indicate how lessons learned from rehearsals, exercises etc will be incorporated into their Standard Operational Procedures (SOP’s).
- The contract owner to specify which uniforms will be worn. Guard force uniforms are recommended to enable easy identification of the security team. The event organiser should ensure that they are content with the uniform design as this will affect the presentation of the event to attendees and the general public.
- The contract should define the level of vetting/background checks required for PSC staff. Certain positions may require additional sensitive role checks. NPSA recommend employment screening should follow BS7858.
- The kind of equipment that the security officers need, for example radios and Personal Protective Equipment (PPE). Guard forces should be equipped with appropriate equipment to allow them to discharge their roles: this is likely to include sufficient contractor provided handheld radios/phones to ensure control can be maintained by supervisors, and incidents reported quickly. Use of personal communications equipment is discouraged as it may present a risk of security information being shared with the public.
Concurrently with conducting the tendering process, organisations should also consider:
- If you are responsible for multiple events you should consider the merits of a long-term PSC contract. For example, having a long-term contract might allow you to build a stronger partnership and increase security, as the PSC will become more familiar with your location and your security needs. However, you might find that there is more flexibility in a short-term contract.
- Your incident response plan in certain situations, such as suspected hostile reconnaissance, a terrorist attack, marauding terrorist attack, multi-layered attack, fire and first aid response. Who will oversee the response and who would manage it? You will need to engage with the Police and other emergency services to allow plans to be developed. You will then need to understand what duties this may place on the PSC.
- If the contractor does provide a Security Control Room (SCR) consider making this a joint police/agencies/guard force control room, if appropriate, as a way of promoting cooperation and sharing between security stakeholders. If this is not possible, then you will need to carefully consider how communication and cooperation can be achieved. This will establish a good line of communication between all involved.
- SCR planning should focus on times of highest demand and pressure on staff. It is likely that planning will be focused on steady-state operations. When a surge in activity is required to respond to a terrorist attack or another major incident the planning will not be effective, and the actions of the SCR will have less impact on saving lives. Have Command & Control procedures and systems been exercised, and any lessons/findings acted upon? Have interdependencies been checked, such as communications with neighbours, tenants, police etc?
- You need to put in place mechanisms to allow early identification of changes in the event that may affect guarding provision. If the contract is found to no longer be fit for purpose as a result this will allow mitigations such as varying the contract to be put in place in sufficient time.
- If the PSC is deploying their own security equipment under the contract, you should be aware that NPSA experience is that frequently insufficient consideration has been given to integration with other security systems and technology, as well as the specific requirements of the location. You should make sure that the PSC provides sufficient detail of how the equipment and technology they intend to deploy will work together to achieve the desired security outcome.
- You need to consider what happens at the limit of your guarding contract scope: are other dependent stakeholders aware of the limitations and/or expectations of them? You should consider establishing a working group, or other communication channel, with neighbours and other partners who are essential to the delivery of security at your event.
Stage 2 - During the contract period
NPSA have advised that the contract period should provide for a mobilisation period, immediately before the event starts. You should facilitate the PSC in undertaking the following activities in this period:
- Site familiarisation checks should be conducted. This might be done by doing knowledge check on the security team to make sure they understand the important characteristics of the venue.
- Creating a security-minded communications plan for all the communications before and during the event. This should include anyone who will be publishing information related to the event, including recruitment adverts, planning applications, social media posts etc.
- A check of technical equipment. This should ensure that any issues with equipment are spotted and addressed – especially if the system will integrate with already existing systems. Run equipment checks making sure things are running as they are supposed to. For example, radios, security equipment, communications, PPE etc. Is all equipment and systems working properly and have any faults/issues been rectified? Are there any deficiencies that need to be covered by additional tasks for security officers?
- If you require the PSC to search visitors or vehicles, it is essential that they understand what the detection priorities are at the event (some venues primarily use search for revenue protection and/or crowd safety, e.g. to prevent people brining alcohol in, but it can also be used to deter potential hostiles if delivered effectively). NPSA would advocate a CT focus to any searching.
While the event is in progress the PSC should include the following checks:
- Checks need to be made of the area at various stages such as prior to arrival of visitors, during the event and during the load out (after the event).
- Organising shifts (and breaks within shifts) to meet event(s) needs. For example, shift changes and breaks should be organised so that they don’t clash with operational peaks, such as the start or end of different phases in your event.
- It is crucial that the PSC undertakes handovers/debriefing/briefing before and after every shift, and that any issues arising are resolved. Equipment should be signed in and confirmed to be fully functioning.
- Rotating security officers should have objectives and clear roles and responsibilities, and within those they should rotate locations. This will help make sure they are not moved to isolation.
- Communications with partners such as the police and others are working smoothly as part of a combined security-minded communication approach.
Stage 3 - After the event(s)
As the customer security lead for the event, you should carry out a debrief/lessons learnt process after the event, with input from the PSC and other security partners. This is important in understanding how things went, and what if any problems arose. The lessons learnt should be shared with the procurement team so that any necessary enhancements can be incorporated into revised/new contracts for guarding services.
NPSA, in collaboration with ACT, is proud to announce the publication of Recognising Terrorist Threats a guide for the security professional.
How to develop and maintain a professional, motivated, and attentive guard force and CCTV team.
A well-run control room can provide the fundamental principles of Deter, Detect and Delay.
People are an organisation’s biggest asset but in some cases they can also pose an insider risk.