Introducing Security Management Systems (SeMS) | Day 1, slot 3

“The introduction of Airport Security Management Systems (SeMS) and what it will mean for industry”

on Day 1 of the event, at 1100-1145.


Presentation by Peter Drissell, Director Aviation Security at UK Civil Aviation Authority.

The UK CAA and UK DfT have jointly published two SeMS guidance documents; a SeMS Framework and a separate note for Accountable Managers.


This guidance sets out how organisations in the aviation sector should develop their security management systems.
The following components together make up the SeMS:


  • Management Commitment
  • Threat & Risk Management
  • Accountability and Responsibilities
  • Resources
  • Performance Monitoring Assessment and Reporting
  • Incident Response
  • Management of Change
  • Continuous Improvement
  • SeMS Training and Education
  • Communication


Having considered the responses to an industry consultation, the UK Government concluded in June 2012 that the development and roll-out of Security Management Systems (SeMS) was the right first step to take towards the delivery of a more flexible regulatory approach.


Any future discretion could be granted to organisations only when there was assurance that security risks, which remain substantial, were being appropriately managed by the organisations themselves.


The concept of Security Management Systems is based on safety management systems, so will be familiar to those in the aviation sector. The idea is that:


  • security risks should be managed at the right level, overseen by company boards;
  • activities should be measured to provide management information on security performance;
  • there should be people in the organisation who are accountable for maintaining rigorous security standards, using the management information; and
  • there should be a culture that promotes high security standards throughout the company.


A SeMS achieves this by providing an organised, systematic approach to managing security which embeds security management into the day-to-day activities of the organisation.
The value of the SeMS Framework.


Although a SeMS is not required by the regulations, we believe that organisations will recognise that by developing a SeMS in line with the Framework they will gain an effective security quality management system which will meet the quality control requirements of articles 12, 13 and 14 of EC 300/2008 and allow them to manage risks more effectively and efficiently.


In addition to an organisation’s own security assurance, SeMS implemented consistently across industry will bring each organisation further benefits. It will provide assurance of the security performance of those suppliers and partners who have a SeMS, and it will facilitate meaningful benchmarking and trend analysis, enabling an organisation to understand how well its own performance compares to the performance in its sector generally.


SeMS is a necessary pre-cursor for extending the CAA’s Performance Based Regulation program into the security arena. Assurance of security performance through SeMS is essential if we are to build an evidence base supporting the changes to regulations, including those cast at the EU level, needed to permit PBR.