The CAA and DfT have jointly published two SeMS guidance documents; a SeMS
Framework and a separate note for Accountable Managers. This guidance sets
out how organisations in the aviation sector should develop their security management systems.
Having considered the responses to an industry consultation, the Government concluded in June 2012 that the
development and roll-out of Security Management Systems (SeMS) was the right first step to take towards the delivery of
a more flexible regulatory approach. Any future discretion could be granted to organisations only when there was
assurance that security risks, which remain substantial, were being appropriately managed by the organisations
themselves.
The concept of Security Management Systems is based on safety management systems, so will be familiar to those in
the aviation sector. The idea is that:
- security risks should be managed at the right level, overseen by company boards;
- activities should be measured to provide management information on security performance;
- there should be people in the organisation who are accountable for maintaining rigorous security standards, using
the management information; and
- there should be a culture that promotes high security standards throughout the company.
A SeMS achieves this by providing an organised, systematic approach to managing security which embeds security
management into the day-to-day activities of the organisation and its people.
The SeMS Framework
We believe that organisations will recognise that by developing a SeMS in line with the Framework they will gain an effective security quality management system which will meet the quality control requirements of articles 12, 13 and 14 of EC 300/2008 and allow them to manage risks more effectively and efficiently.
In addition to an organisation’s own security assurance, SeMS implemented consistently across industry will bring
each organisation further benefits. It will provide assurance of the security performance of those suppliers and
partners who have a SeMS, and it will facilitate meaningful benchmarking and trend analysis, enabling an organisation
to understand how well its own performance compares to the performance in its sector generally.
Consistency with the Framework will also enable the CAA to understand an organisation’s security performance.
Without this the CAA will have no option but to maintain its current compliance regime.
Implementing SeMS
We believe practical implementation of SeMS to be fairly straightforward. For airports, as an example, Threat Image
Projection (TIP) data is likely to be the first set of readily available performance metrics. An airport will be
able to use TIP data to measure its performance, as envisaged in the SeMS Framework, albeit initially in only the
sphere of cabin baggage screening.
For the CAA to be able to rely on an organisation’s SeMS data, we would expect the first priority to be the
establishing of governance arrangements and appointment or confirmation of the accountable manager, as the framework
describes. Without these, we cannot place any reliance on the SeMS outputs.
The CAA is supporting the industry’s implementation of SeMS, and in order to ensure implementation is both
manageable and dynamic to individual needs, our support will be measured in its approach with initially only a small
number of organisations receiving specific focussed support.
This approach will also permit additional learning to be collated and disseminated to the wider industry to both
inform and assist in the SeMS journey. It will be important to maintain this steady measured approach to ensure that we
can generate and build on success. This approach will maximise the benefits both to the individual organisation and to
the industry as a whole.
For further information see Implementing Security Management Systems: An
Outline.
Performance Based Regulation (PBR)
SeMS is a necessary pre-cursor for extending the CAA’s Performance Based Regulation programme into the security
arena. Assurance of security performance through SeMS is essential if we are to build an evidence base supporting the
changes to regulations, including those cast at the EU level, needed to permit PBR.
Developing an effective SeMS in line with the Framework should, in time, offer an organisation the prospect of less
intrusive regulatory control and inspection as the consistent evidence it will provide is a pre-requisite of a PBR
regime.
Training
We have developed a two day Security Management Systems training course that provides the fundamentals of how to develop and maintain an effective SeMS. Course dates and booking details are available from CAAi, our technical cooperation, consulting and aviation training arm.
Security Management Systems training: 23 - 24 September 2019, Gatwick, UK
Guidance material
Contact us
Email: sems@avsec.caa.co.uk