‍ What it is

A documented plan that defines security responsibilities, procedures, and governance for your organisation. A security management plan translates security policy into operational procedures, clarifies who does what, and ensures security is managed consistently and effectively.

When to use this service

• You have security controls in place but procedures are not documented or inconsistent

• You are implementing recommendations from a risk assessment or audit and need to formalise new procedures

• You have undergone organisational change and security responsibilities are unclear

• You need to train staff on security procedures and want a documented reference

• You are preparing for a compliance audit or government inspection and need to demonstrate governance

• You want to ensure security is maintained consistently across multiple sites or after staff turnover

• You need to establish incident response and escalation procedures

What you will receive

• Security management plan document covering governance, roles, responsibilities, and procedures

• Detailed procedures for key security functions (access control, key management, visitor management, incident response, CCTV monitoring and data retention)

• Responsibility matrix clarifying who is accountable for each security function

• Training materials and staff briefings on security procedures

• Implementation support and staff engagement

• Optional annual review and update process

Our process

1. Scope and objectives: Confirm which security functions need to be documented and the intended audience (staff, contractors, auditors)

2. Current state review: Review existing policies, procedures, and incident history to understand current practice

3. Stakeholder engagement: Interview security, operations, and management teams to understand how security is currently managed

4. Procedure development: Document procedures for key functions (access control, key management, visitor management, incident response, monitoring, data retention)

5. Responsibility definition: Clarify roles and accountability for each security function

6. Compliance review: Confirm procedures comply with relevant standards (PSPF, APP, incident response requirements)

7. Training and implementation: Develop training materials and brief staff on new or updated procedures

8. Ongoing management: Establish a process for reviewing and updating procedures as requirements change

Typical procedure areas covered

• Access control and credential management

• Mechanical key systems and key traceability

• Visitor and contractor management

• CCTV monitoring and data retention

• Incident reporting and escalation

• Security awareness and training

• Compliance and audit processes

• Vendor and supplier management

• Business continuity and emergency response

Frequently asked questions

1. What is the difference between a security management plan and a security policy? A security policy sets the direction and principles (e.g., “We will control access to secure areas”). A management plan documents the specific procedures for implementing that policy (e.g., “Access control procedures: who issues credentials, how access is reviewed, how credentials are revoked”).

2. Do we need a security management plan if we have a risk assessment? A risk assessment identifies risks and recommends controls. A management plan documents how those controls will be operated and maintained. Both are valuable: the assessment identifies what needs to be done; the plan documents how it will be done.

3. Can you align the plan to our existing policies and procedures? Yes. We review existing documentation and build on what you have, rather than starting from scratch. We integrate security procedures with your broader operational and compliance frameworks.

4. How do you ensure staff understand and follow procedures? We develop training materials, conduct staff briefings, and recommend ongoing awareness activities. We also recommend regular audits to confirm procedures are being followed.

5. How often should we update the security management plan? We recommend reviewing the plan annually and updating it when security controls change, incidents occur, or organisational changes affect security responsibilities.

Related services

• Security Risk Assessment

• Security Audits & Reviews

• PSPF Implementation & Compliance

• SOP for Operational Security

Need to document and formalise security procedures? Contact us for a confidential consultation

‍ ‍