Skip to content

Personnel Security Maturity Model

Find out how to use the CPNI PerSec maturity model, which has been designed to specifically assess an organisation’s personnel security maturity

Last Updated 06 October 2020


Maturity models are used in a number of industries to allow an organisation to assess their methods and processes according to best practice.

The CPNI PerSec maturity model has been designed to specifically assess an organisation’s personnel security maturity. This is a key factor, in addition to physical and cyber security measures, in strengthening an organisation’s resilience to insider and wider external security threats.

The model is based on comprehensive and robust research into insider acts, and extensive CPNI experience in personnel security mitigations (research and development programmes and close working with the CNI and overseas partners to test, refine and embed personnel security initiatives).

The benefits of using the CPNI model are:

  • A starting point for developing a measurable personnel security improvement programme using the CPNI tools and guidance which are appropriate to the organisation's current level of PerSec maturity.
  • A common and consistent benchmark for personnel security performance across the critical national infrastructure (CNI), which will enable individual organisations to compare themselves with the rest of their sector.

Seven core elements of effective personnel security processes

The maturity model is based on seven core elements of effective personnel security processes, as identified through our insider data study and research and development programme. These are:

  • A. Governance and Leadership
  • B. Insider Risk Assessment
  • C. Pre-Employment Screening
  • D. Ongoing Personnel Security
  • E. Monitoring and Assessment of Employees
  • F. Investigation and Disciplinary Practices (Response)
  • G. Security Culture and Behaviour Change.

Six levels of the CPNI PerSec Maturity Model

These seven core elements are evaluated against the six levels of the CPNI PerSec maturity model:

  • 0. Innocent
  • 1. Aware
  • 2. Developing
  • 3. Competent
  • 4. Effective
  • 5. Excellent

Maturity Questionnaire

The maturity questionnaire seeks evidence across four key areas:

  1. The EXISTENCE of PerSec policies, processes and procedures?
  2. The IMPLEMENTATION of the PerSec programme?
  3. How CONSISTENT is PerSec?
  4. How EFFECTIVE are the PerSec policies etc that are in place?

Critical national infrastructure organisations should contact their CPNI adviser for more information on how to assess their current level of personnel security maturity.

Did you find this page useful? YesNo
Thank you for your feedback. If you have any further suggestions on how this information can be made even more useful to improve your experience, feel free to share details below.
Thank you for your feedback. Sorry to hear that you haven't found this information useful. Please help us improve your experience and share how we can make this information more useful for you.