The Private Securities Industry Act 2001 makes provision for the regulation of the private security industry. It is relevant to organisations implementing an IT security strategy and assessing physical security, including staff vetting.
The Act aims to raise the integrity of private security staff by implementation of a licensing regime.
Physical security of digital systems and networks is an essential component of an organisation’s security policy. The Security Industry Authority supervises the regime and will look into the background of security staff. It is a criminal offence to carry on business without a licence.
Uncertainty over security consultants
The Act does not deal with information security and legal uncertainty exists in that the law may not cover security consultants (ie. non employees). Schedule 2 Paragraph 5 (1) entitled ‘Security Consultants’ states
“This paragraph applies (subject to the following provisions of this paragraph) to the giving of advice about -
- (a) the taking of security precautions in relation to any risk to property or to the person; or
- (b) the acquisition of any services involving the activities of a security operative.”
The paragraph appears to relate to the security of an organisation’s computers, digital systems and networks.
Organisations are therefore advised to exercise due diligence when contracting with security consultants.
Supervision and enforcement