Skip to content

Security Considerations Assessment

The Security Considerations Assessment (SCA) process ensures security-related vulnerabilities are considered across a range of activities and processes within an organisation. This includes physical, personnel, cyber and cross-cutting security measures

Last Updated 21 February 2022

The Security Considerations Assessment (SCA) process ensures security-related vulnerabilities are considered across a range of activities and processes within an organisation. This includes physical, personnel, cyber and cross-cutting security measures.

Implementing the SCA should lead to fewer security-related changes being required at a later stage. It also reduces the chance of repeating mistakes that may have compromised security in the past.

The SCA process should be used by those who are accountable and responsible for actions across the built environment. These includes activities such as planning, design, construction and manufacturing. It is also for organisations who wish to embed security-mindedness, or protect their commercial information, personal data and intellectual property.

What is a SCA and when do you need one?

A SCA is a Security Considerations Assessment

They’re a structured process in which you ensure that potential security related vulnerabilities have been taken into considerations in activities you carry out and that measures to safeguard against risks are consistently and properly implemented.

A SCA is not a technical check of the actual personnel, physical and/or cyber security measures implemented. 

In other words, the SCA looks at the WHY and not the WHAT.

There are two main reasons we carry out a SCA.

The first is to protect the public, organisations and services from harm. A SCA is designed to help us make sure we’ve considered and where necessary implemented reasonable security measures to safeguard the public, organisations and services from those with malicious intent. they are an effective way for us to learn from past security breaches and implement measures and reduce the chance of them happening again as well as understand the combination of factors that could be expected to lead to security issues in the future.

The second reason is to protect you. If there is a security breach in an activity your responsible for, you and your team may be asked to explain the decisions you made surrounding the security of that activity. It is possible these questions could be asked at a formal enquiry. In either of those situations, you’ll want to demonstrate that you made appropriate and proportionate effort to safeguard against security breaches while you were managing that activity.

Conducting a SCA allows you to be confident and demonstrate through a fully documented process that potential security related vulnerabilities have been identified, assessed, and where necessary addressed.

To find out how to carry out a SCA for an activity you are responsible for, click the relevant link below this video.

You’ll be taking to a step by step guide for how to conduct a SCA for that activity, including who needs to run it and the relevant documentation you’ll need to fulfil the SCA’s requirements. 

Did you find this page useful? YesNo
Thank you for your feedback. If you have any further suggestions on how this information can be made even more useful to improve your experience, feel free to share details below.
Thank you for your feedback. Sorry to hear that you haven't found this information useful. Please help us improve your experience and share how we can make this information more useful for you.