• The CAA and DfT have jointly published two SeMS guidance documents; a SeMS Framework and a separate note for Accountable Managers. This guidance sets out how organisations in the aviation sector should develop their security management systems.

    Having considered the responses to an industry consultation, the Government concluded in June 2012 that the development and roll-out of Security Management Systems (SeMS) was the right first step to take towards the delivery of a more flexible regulatory approach. Any future discretion could be granted to organisations only when there was assurance that security risks, which remain substantial, were being appropriately managed by the organisations themselves.

    The concept of Security Management Systems is based on safety management systems, so will be familiar to those in the aviation sector. The idea is that:

    • security risks should be managed at the right level, overseen by company boards;
    • activities should be measured to provide management information on security performance;
    • there should be people in the organisation who are accountable for maintaining rigorous security standards, using the management information; and
    • there should be a culture that promotes high security standards throughout the company.

    A SeMS achieves this by providing an organised, systematic approach to managing security which embeds security management into the day-to-day activities of the organisation and its people.

    The SeMS Framework

    We believe that organisations will recognise that by developing a SeMS in line with the Framework they will gain an effective security quality management system which will meet the quality control requirements of articles 12, 13 and 14 of EC 300/2008 and allow them to manage risks more effectively and efficiently.

    In addition to an organisation’s own security assurance, SeMS implemented consistently across industry will bring each organisation further benefits. It will provide assurance of the security performance of those suppliers and partners who have a SeMS, and it will facilitate meaningful benchmarking and trend analysis, enabling an organisation to understand how well its own performance compares to the performance in its sector generally.

    Consistency with the Framework will also enable the CAA to understand an organisation’s security performance. Without this the CAA will have no option but to maintain its current compliance regime.

    Implementing SeMS

    We believe practical implementation of SeMS to be fairly straightforward. For airports, as an example, Threat Image Projection (TIP) data is likely to be the first set of readily available performance metrics. An airport will be able to use TIP data to measure its performance, as envisaged in the SeMS Framework, albeit initially in only the sphere of cabin baggage screening.

    For the CAA to be able to rely on an organisation’s SeMS data, we would expect the first priority to be the establishing of governance arrangements and appointment or confirmation of the accountable manager, as the framework describes. Without these, we cannot place any reliance on the SeMS outputs.

    The CAA is supporting the industry’s implementation of SeMS, and in order to ensure implementation is both manageable and dynamic to individual needs, our support will be measured in its approach with initially only a small number of organisations receiving specific focussed support.

    This approach will also permit additional learning to be collated and disseminated to the wider industry to both inform and assist in the SeMS journey. It will be important to maintain this steady measured approach to ensure that we can generate and build on success. This approach will maximise the benefits both to the individual organisation and to the industry as a whole.

    For further information see Implementing Security Management Systems: An Outline.

    Performance Based Regulation (PBR)

    SeMS is a necessary pre-cursor for extending the CAA’s Performance Based Regulation programme into the security arena. Assurance of security performance through SeMS is essential if we are to build an evidence base supporting the changes to regulations, including those cast at the EU level, needed to permit PBR.

    Developing an effective SeMS in line with the Framework should, in time, offer an organisation the prospect of less intrusive regulatory control and inspection as the consistent evidence it will provide is a pre-requisite of a PBR regime.

    Guidance material

    Contact us

    Email: sems@caa.gsi.gov.uk