Implementing the SCA should lead to fewer security-related changes being required at a later stage. It also reduces the chance of repeating mistakes that may have compromised security in the past.
The SCA process should be used by those who are accountable and responsible for actions across the built environment. These includes activities such as planning, design, construction and manufacturing. It can also be used by organisations who wish to embed security-mindedness, or protect their commercial information, personal data and intellectual property.
What is a SCA and when do you need one?
A SCA is a Security Considerations Assessment
They’re a structured process in which you ensure that potential security related vulnerabilities have been taken into considerations in activities you carry out and that measures to safeguard against risks are consistently and properly implemented.
A SCA is not a technical check of the actual personnel, physical and/or cyber security measures implemented.
In other words, the SCA looks at the WHY and not the WHAT.
There are two main reasons we carry out a SCA.
The first is to protect the public, organisations and services from harm. A SCA is designed to help us make sure we’ve considered and where necessary implemented reasonable security measures to safeguard the public, organisations and services from those with malicious intent. they are an effective way for us to learn from past security breaches and implement measures and reduce the chance of them happening again as well as understand the combination of factors that could be expected to lead to security issues in the future.
The second reason is to protect you. If there is a security breach in an activity your responsible for, you and your team may be asked to explain the decisions you made surrounding the security of that activity. It is possible these questions could be asked at a formal enquiry. In either of those situations, you’ll want to demonstrate that you made appropriate and proportionate effort to safeguard against security breaches while you were managing that activity.
Conducting a SCA allows you to be confident and demonstrate through a fully documented process that potential security related vulnerabilities have been identified, assessed, and where necessary addressed.
To find out how to carry out a SCA for an activity you are responsible for, click the relevant link below this video.
You’ll be taking to a step by step guide for how to conduct a SCA for that activity, including who needs to run it and the relevant documentation you’ll need to fulfil the SCA’s requirements.
Guidance
- Security Considerations Assessment21-02-2022Download
- Undertaking a Security Considerations Assessment21-02-2022Download
- SCA - Organisational security mindedness21-02-2022Download
- SCA - New Built Assets21-02-2022Download
- SCA - Ongoing operation management and maintenance - existing built asset21-02-2022Download
- SCA - Modification or improvement - existing built asset21-02-2022Download
- SCA - End of life of a built asset21-02-2022Download
- SCA - New Public Spaces21-02-2022Download
- SCA - Ongoing operation management and maintenance - existing public space21-02-2022Download
- SCA - Modification or improvement - existing public space21-02-2022Download
- SCA - End of life of a public space21-02-2022Download
- SCA - Planning for, and implementation of, connected, smart and autonomous assets21-02-2022Download
- SCA - Ongoing operation management and maintenance - existing smart assets21-02-2022Download
- SCA - Data analysis and optimisation project21-02-2022Download
- SCA - Research and development project21-02-2022Download