8. Create a Strong Security Culture - Soft Measures
Your organisation’s security culture outlines its approach towards security, and is essential to an effective security regime.
‘Soft measures’ means ensuring information on your organisation’s security policies and practices is clearly and regularly communicated to staff, contractors and suppliers. This includes clarity on incident management and resolving risks.
Questions to address soft measures in developing your security culture:
- Is there a formal document outlining the security culture of your organisation? Does it set out to staff their security responsibilities?
- What security training and awareness is given to staff? By whom and how often?
- What are the key security messages for staff and how are they communicated? Are regular security surveys conducted?
- Are contractors and suppliers aware of what is required of them on security issues?
CPNI guidance on security culture and other relevant information is available:
- Security culture tool – help on shaping the strategic direction of your security policies
- Guard force motivation – guidance for security managers including how to run guardforce motivation project
There is also a range of campaign toolkits for security managers to use to encourage strong secure behaviours: