A Security Management System (SeMS) provides an entity with a framework of operating principles and guidance which enable it to enhance security performance by proactively managing risks, threats, and areas where there are gaps and vulnerabilities which may have a negative impact on that performance.
SeMS is:
- based on a risk-driven framework designed to embed security within your operations and culture
- suitable for any entity within the aviation sector, regardless of size or operation
- an enabler for the UK Civil Aviation Authority (CAA) as it develops a flexible, risk-based oversight regime
- an enabler for entities required to meet quality control provisions of articles 12, 13 and 14 of Baseline Security Measures as currently retained in UK law and replicated in UK regulation.
- strengthened by the integration of Human Factors, recognising that security performance is shaped by how people interact with systems, environments, and procedures - supporting both individual performance and wellbeing as well as organisational resilience
The UK CAA remains aligned with ICAO, ECAC, IATA, and other regulatory bodies in the move towards modernising aviation security and SeMS is key in achieving this.
Our SeMS mission statement
The CAA is committed to sustaining and improving public confidence in air travel through continuous industry self-assurance and responsible management of risk, supported by a focused and adaptive regulatory approach.
A SeMS enables organisations to proactively identify and manage their own security risks, with a strong and positive security culture as its foundation. SeMS provides top-down assurance that the measures taken to manage those risks are effective, based on the principles that:
- Security risks are managed at the appropriate level;
- There is clear accountability for maintaining security standards;
- Security performance is monitored and assessed with effective oversight;
- A positive security culture is embedded across the organisation;
- Human Factors are actively considered to support individual wellbeing and performance as well as enhance system resilience.
We will work alongside organisations as they develop and mature their SeMS, helping them to harness the insights and efficiencies it delivers. The resulting assurance data will inform our adaptive, risk-based oversight regime and support the transition to smarter, more resilient aviation security.
Our SeMS Strategy
Our SeMS Strategy sets out our vision for SeMS until 2030.
Understanding Human Factors in Aviation Security
Human Factors concerns the application of knowledge about human beings, their abilities, characteristics, and limitations, to the design of equipment they use, environments in which they function and jobs they perform. Within the context of a Security Management System (SeMS), Human Factors play a vital role in shaping decision-making, performance, and resilience across all levels of an organisation. By acknowledging the human contribution to security outcomes, entities can better design roles, environments, and procedures that support effective and accountable performance.
Integrating Human Factors into SeMS helps foster a proactive security culture—one where individuals are empowered, residual risks and mitigations are assessed realistically, and errors are understood not just as failures, but as opportunities for learning and improvement. From automation challenges to stress, fatigue, and communication breakdowns, Human Factors provide a lens through which organisations can anticipate vulnerabilities and strengthen their operational integrity.
Implementing SeMS
The implementation of SeMS is straightforward:
- we encourage organisations to incorporate or develop existing governance arrangements, systems and processes wherever possible
- we do not prescribe additional or specific IT systems or platforms
- we are committed to providing support to Industry partners to ensure they may exploit the opportunities and efficiencies a mature SeMS offers
Further information is available on implementing a SeMS.
The phases of SeMS development
Growing numbers of organisations across all modes are actively developing their Security Management System (SeMS).
We are leading the way in making SeMS a reality for the wider aviation industry and continue to support the ever-increasing numbers of entities making use of the advantages of implementing a robust and effective SeMS.
Gap Analysis
The entity completes a Gap Analysis to identify which areas of their operation are already in line with the SeMS Framework, and which will require further development to meet Framework requirements.
Phase 1
The Civil Aviation Authority (CAA) will conduct a Phase 1 assessment to verify if the SeMS is present and suitable. This assessment comprises:
- an evidential assessment of key SeMS processes
- a meeting between a CAA Manager and the entity's Accountable Manager
Phase 2
Once sufficient time has elapsed for the entity's SeMS to mature, the CAA conducts a Phase 2 assessment to establish if the SeMS is operating and effective.
This assessment comprises:
- an evidential assessment of documented processes
- an interview conducted by CAA Senior Managers with the entity's Accountable Manager
- operational assessments conducted across the entity's site or sites
Phase 2B
At Phase 2B, the entity provides continued assurance of its SeMS.
This comprises:
- quarterly submissions of SeMS Performance Data to the CAA
- an Assurance Assessment to verify that the SeMS continues to be operating and effective
- operational assessments conducted across the entity's site or sites
Growing numbers of organisations across all modes are actively developing their SeMS.
We are leading the way in making SeMS a reality for the wider aviation industry and continue to support the ever-increasing numbers of entities making use of the advantages of implementing a robust and effective SeMS.
Risk Based Oversight
Risk-based Oversight enables a regulator to take a risk-led approach to its compliance monitoring activity, based on quality performance data and the current threat landscape.
UK CAA will utilise security performance data, including SeMS oversight data, to take a more evidence-based approach to determining the level of compliance oversight we apply to a specific entity. In practise, this means that we may adjust the frequency of our compliance monitoring visits to ensure we allocate our resource in line with risk and an industry member’s current and historic security performance.
RBO will:
- Provide the CAA with a more robust framework, which documents the rationale for adjustments to the frequency of our routine compliance visits at a specific organisation.
- Mature our oversight regime by providing the CAA with a more agile and flexible approach to compliance oversight. This will support enhanced management of risk and provide greater means of supporting industry partners in the evolving aviation security landscape.
We are currently developing our RBO approach alongside Industry and SeMS has been identified as an essential precursor for the CAA to achieve this.
Training
Training is available on a variety of Aviation Security topics, including SeMS, and is particularly relevant for SeMS Managers and Accountable Managers.
Our training provides a great opportunity to meet with the Regulator and Industry colleagues, share best practice, and find out more about implementing a successful SeMS.
SeMS guidance material
- CAP 1223 SeMS Framework Document
- CAP 1273 Implementing Security Management Systems: an outline
- CAP 1224 Note for Accountable Managers
- CAP 1297 Security Management System (SeMS) : Frequently Asked Questions
- CAP 1997 Guidance for Small Organisations
- SeMS entity self-assessment questionnaire – Gap Analysis
- Security culture self-assessment tool
Contact us
For more information contact the SeMS team at Sems@caa.co.uk.