The Security Institute

BS 8549: 2006. SECURITY CONSULTANCY - CODE OF PRACTICE

After discussions within their Working Group GW3, the British Standards Institute has finalised, and proposes to publish, a code of practice giving "recommendations for the management, staffing and operation for the provision of contracted security consultancy services", which they state "might assist those who wish to contract the services of a security consultant", as British Standard 8549: 2006.

It must first be said that The Security Institute applauds and supports initiatives aimed at enhancing professional standards in all areas of the security business, including that of consultancy, and would like to see in place a regime that would bring the highest standards of professionalism, probity and performance to the practice of security consultancy in the UK. However, this British Standard (BS), far from achieving this goal, is likely to make the practice of good consultancy difficult if not impossible, and to send misleading messages to users of security consultancy services.

The Security Institute has within its ranks 92 members who either practice security consultancy as sole traders / SMEs, or who hold senior positions within large security consultancies. It is, thus, one of the largest bodies representing security consultants in the UK. On behalf of those members, the Institute's Council is both disappointed and concerned by the contents of BS 8549, as they believe that the document is, as was its PAS predecessor, seriously-flawed in a number of respects, the major ones of which are outlined below.

In general terms, this BS tries to cross the boundary between being a document that gives advice on how to run a security consultancy business, and the territory now properly-occupied by Skills for Security (SfS) (by setting out occupational standards for security consultants). We consider that it does neither of these things well, and that, in its present form, it conflicts seriously with the National Occupational Standards being published by SfS.

The Security Institute is concerned that the BS mandates attempted legal non-compliance in the areas of Rehabilitation of Offenders legislation, data protection legislation and, in certain circumstances, The Human Rights Act, in a variety of ways, including but not limited to, those of personnel screening and data release, both in respect of the consultant's own personnel, and in respect of companies and personnel to whom the consultant may sub-contract work (the latter being defined as "information, equipment and/or labour which is used in providing the service to the customer"). A more detailed statement of the legal issues involved may be obtained from The Security Institute on request.

Furthermore, the BS attempts unnecessary interference in the conduct of a security consultant's business, by directing minimum standards for insurance, accounting, release of organisational information, disciplinary procedures, office accommodation, report writing, document and data retention and storage and the format of personal identity cards.

While compliance with a British Standard is never a legal requirement, there is a tendency for procurement departments to include in tender documents a demand for compliance with BS publications and, as such, a consultant who did not fully comply with BS 8549 could find him/herself in breach of contract and subject to civil action. This, at its most mundane level, could arise from a situation in which a sole practitioner (a group which probably comprises some 40% of the security consultancy market) fails to comply with Section 5.3 by not issuing himself with an ID card bearing details of his name, address and telephone number, together with his photograph.

However, what is most alarming about the BS are its statements about the competence of security consultants, in which respect it lists 15 "competencies", representing some, but not all consultancy activities, breaking them down into those that are "minimum" standards for consultants (ie, must be possessed - the BS says "able to demonstrate that they have undergone basic training on") and those that are simply "desirable" to be possessed. Reference to the BS (para 5.4.3) will give detailed information on this, but the outcome can be demonstrated by the fact that, under the BS, a consultant whose speciality lies in advising on the hardening of vaults, safes and secure areas must have qualifications in business continuity planning and manned guarding. Likewise, a consultant whose speciality is advising on crisis management training should have qualifications in construction design and management regulations.

In summary, BS 8549 poses a number of dangers to the security profession and its clients. It purports to prescribe the qualities and attributes of a security consultant or consultancy, when it does not: it is a confused and misleading series of statements that will offer little practical help to a client seeking effective consultancy, whilst potentially disqualifying (in the client's mind) many competent and reputable currently-practising consultants.

Moreover, if and when the SIA once more turns its attention to the licensing of security consultants, the pre-existence of a British Standard for this group is likely to lead to a powerful tendency simply to use that BS as the basis for licensing. Indeed,, the Foreword to the BS bears the note: "Attention is drawn to the statutory requirements of the Private Security Act 2001".

Regrettably, even the draft versions of the BS had to be purchased from the BSI - a fact that mitigated against widespread review and comment, and to which The Security Institute objected. Because of that fact, we are not able to make even the draft of the proposals available on the Institute website.

Nonetheless, we urge our members - both consultants and users of consultancy - to review BS 8549 and consider its potential impact on their business. The Council of the Institute will continue its campaign to have this BS in its present form, set aside.

Those with concerns on this subject may wish to contact The Security Institute at info@security-institute.org. For further information from, or comments to, the British Standards Institute, contact can be made via cservices@bsi-global.com.




Bill Wyllie FSyI
Chairman

22nd November 2006