Protective Security Charter

We have developed a coherent, risk based, cost-effective and proportionate approach to protective security, which is supported by effective governance structures and processes. 

In line with government guidance, our approach to protective security is holistic, which means we don’t just focus on one aspect, like physical barriers or cybersecurity, but instead look at the entire ecosystem of risks and protections.

Our protective security framework is structured around 20 themes (see below), which collectively cover the following five key areas:

1.Physical security

Safeguarding our buildings, infrastructure, assets and equipment.

2. People security

Ensuring we have trustworthy, vetted individuals and that insider threats are mitigated and that we also protect our colleagues, for example when working alone.

3. Information security

Protecting sensitive data from being accessed, stolen, or leaked.

4. Cybersecurity

Ensuring we have effective and up-to-date IT security systems in place.

5. Security culture

Embedding awareness and responsible behaviour throughout KFRS.

The 20 themes that comprise our protective security framework are based on those set out in the National Protective Security Authority (NPSA)’s Passport to Good Security. These themes are as follows:

1. Good governance
2. Identify most valuable assets
3. Identify the threats
4. Adopt a risk management approach
5. Mitigate risks
6. Legality, ethics and transparency
7. Control access
8. Security culture: soft measures
9. Security culture: hard measures
10. Protect information
11. Secure sharing of information
12. Online social behaviour
13. Security pre-screening
14. Home and mobile working
15. Colleagues exit strategy
16. Build secure
17. Search and screening
18. Business continuity
19. Incident management
20. Emerge stronger - learning from security incidents

Within each of these 20 themes, the Passport to Good Security contains a number of sub-themes, each of which has its own priority, impact and compliance rating, along with evidence of compliance. This provides an effective means of identifying, assessing and mitigating the threats to KFRS. 
 

We have a robust and effective approach to governance and oversight of security. This operates through a suite of policies and procedures covering the five key areas and a dedicated steering group whose focus is protective security. More information about this approach is provided below.

Our suite of Tier 2 Policy and Tier 3 Procedure documents detail the systems and processes in place to ensure effective protective security. These set out in clear terms the actions that are taken and the associated responsibilities of colleagues and the wider organisation.

We have a Security Steering Group (SSG) whose role is to ensure that the Strategic Leadership Board (SLB) remains fully informed about emerging, potential, and current security risks across the areas covered by the Passport to Good Security and any escalation of the UK threat level.

The SSG is responsible for providing the SLB with regular updates on current risk mitigation and resilience measures, while also advising on what actions are necessary to address emerging and potential risks, including the appropriate risk recording processes. Additionally, the SSG monitors compliance with relevant legislative requirements and tracks progress against the Passport to Good Security.

By offering clear, specialist, and balanced advice, the SSG enables the SLB to make informed decisions about the level of focus and prioritisation given to identified security risks.

Where appropriate, updates will also be taken to the meetings of the Kent and Medway Fire and Rescue Authority. This ensure that the Members of the Fire Authority are kept appraised of relevant issues and their assistance sought when necessary.

Effective protective security starts with having a security culture embedded within the Service. This refers to a shared set of values, beliefs, and behaviours around security that are consistently practised and reinforced throughout KFRS. 

In addition to our policies and technology, how we think about and approach security in our daily work is essential to good security. Simple practical examples of this include:

• Wearing our KFRS ID badges, and where practical, on the official KFRS lanyard.
• Politely challenging people, we do not recognise who are not displaying a valid ID or visitor badge and escorting them to reception or to their host.
• Locking our computer and device screens when we are away from them.
• Reporting things that don’t look or feel right.

Key to embedding and maintaining an effective security culture is training on security related areas. Within KFRS mandatory training is provided to all colleagues on essential foundational areas, such as data protection, cyber security and anti-fraud and corruption, with more specialised security related training provided to teams as necessary, examples of which include recruitment practices and security of premises. This allows us to balance good security without compromising our focus on customer and community openness.
 

Our approach to protective security is informed by and follows the guidance and standards listed below. These have been purposely selected as we believe they represent the most authoritative, accessible and effective standards that we can apply.

• NPSA Passport to Good Security
• Cyber Essentials - NCSC.GOV.UK
• Digital and Cyber - Fire Standards Board

We monitor these to ensure that we continue to follow best practice in this area.