Scribd
Upload
12 views7 pages

Sems Key Information

A Security Management System (SeMS) is a framework that enhances security performance by managing risks and vulnerabilities within an organization. It promotes accountability, resource optimization, and a positive security culture, while being integrated into daily operations rather than treated as a standalone document. SeMS is adaptable for any entity and encourages collaboration and continuous improvement in security practices.

Uploaded by

shan zehra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
12 views7 pages

Sems Key Information

A Security Management System (SeMS) is a framework that enhances security performance by managing risks and vulnerabilities within an organization. It promotes accountability, resource optimization, and a positive security culture, while being integrated into daily operations rather than treated as a standalone document. SeMS is adaptable for any entity and encourages collaboration and continuous improvement in security practices.

Uploaded by

shan zehra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Security Management Systems (SeMS)

Key Information for Industry


‘A Security Management System (SeMS) should be formulated
through and incorporated within an organisations holistic
approach to security to generate maximum awareness, buy-in
and real-world benefit across all levels of the organization.’

‘SeMS provides an entity with a framework of operating


principles and guidance which enable it to enhance security
performance by proactively managing risks, threats, and areas
where there are gaps and vulnerabilities which may have a
negative impact on that performance.’

‘SeMS should not be isolated or separated from daily


operations, regular risk assessments or other safety, security
or corporate culture initiatives or activities’

Non-attributable SeMS commentaries


Demystifying a Security Management System?

What it does: What it is not:


• Creates Board / Senior level • It is not a set of documents you
accountability for security put on a shelf
• Encourages transparent and • It does not have to cost a
verifiable security fortune!
• Delivers greater visibility of • It is not an IT system
compliance assurance • It is not a one size fits all solution
• Enables more effective use of • It is not a rigid process
existing resources, tools and • It does not replace the need to
systems comply with security regulations
• Encourages collaborative • It is not defined by a single set of
approaches terminologies, structures or
• Empowers and promotes pro- approaches
active reporting
• Drives a more assurance-based
regime
ICAO perspective – Key components include:

✓ Management commitment and


accountability;
✓ Resources (including third-party
service providers);
✓ Threat and risk management;
✓ Performance monitoring, reporting
and continuous improvement;
✓ Incident response;
✓ SeMS training programme;
✓ Communication
ICAO Doc 8973

Other SeMS variants exist (there is no one clearly defined set of metrics or
terminologies) but on the whole all should draw from and/or expand upon these ICAO
baseline elements
What are the advantages of a SeMS?
✓ It is suitable for any entity regardless of size or operation

✓ Allows for enhanced security performance driven by risk-based decision making

✓ Enables more effective use of existing resources, tools and systems

✓ Ensures accountability is set at the correct level within your organisation and appropriate
funding is provided

✓ Supports the development of a positive Security Culture where security is everyone’s


responsibility

✓ Encourages the discussion and sharing of new ideas and best practice

✓ Draws parallels with SMS (Safety Management Systems) and follows a similar structure,
(many processes may already exist within your organisation)

✓ It allows organisation to adopt and present a holistic approach to security management and
delivery
SeMS Development: Advice & Guidance…
✓ Complete a Gap Analysis to determine processes and procedures that currently exist within
your organization – do not look to reinvent the wheel

✓ Incorporate and build upon existing governance, internal QA (quality assurance) and Risk
Management processes – use what you already have to best advantage

✓ Optimise existing systems, processes, metrics and resources - there is no specific


requirement for additional software (SeMS is not an I.T. based solution)

✓ Align with other Management Systems where already in operation i.e., SMS, ISMS, QMS –
look to develop and support a holistic Integrated Management System.

✓ Access guidance and support from a wide variety of sources e.g., ICAO, IATA, ACI,
regulatory bodies, e.g., CAA and/or wider industry colleagues and/or associations during your
ongoing SeMS development

✓ Share ideas and best practice with other SeMS entities - join the growing SeMS community
to share and discuss issues, concerns, ideas, suggestions, recommended best practice,
metrics, processes and systems
Additional Material and Resources
SeMS material;

• https://www.icao.int/security/sfp/pages/securitymanual.aspx

• https://www.iata.org/en/programs/security/security-management-system-sems/

• https://www.caa.co.uk/commercial-industry/security/security-management-systems/security-management-
systems/

Security Culture:

• https://www.icao.int/Security/Security-Culture/Pages/YOSC-2021.aspx

• https://www.icao.int/Security/Security-
Culture/Pages/default.aspx#:~:text=What%20is%20security%20culture%3F,and%20personnel%20within%2
0the%20organization.

SeMS Self-Study Competency Evaluation:

• https://www.iata.org/en/training/courses/sems-competency-test/tscs63/en/

You might also like