This apprenticeship is in development and is subject to change
An apprenticeship is only available for delivery when both the standard and assessment plan is approved and a funding band (core government contribution) has been assigned to the standard.
If you'd like to get involved and contribute to the development of this apprenticeship, please read about developing standards and assessment plans. You can email the trailblazer contact using the details on this page.
Proposal approved
Occupational standard approved
End-point assessment plan approved
Funding approved
This occupation is found in the public and private sectors and focuses on the mitigating actions and policies required to meet prevailing threats and protect assets from compromise across the enterprise using a combination of physical security; personnel security; technical security and cyber security. This occupation is found in every organisation that holds assets of value that require protection. An asset is anything with value, tangible or intangible, in need of protection, and which can include but not be exclusive to People – employees, contractors, visitors and communities; Physical – property and items of value that can be seen, touched or held; Information – data bases, financial data, research, trade secrets and intellectual property; Processes and Systems – anything that enables the enterprise to function. These groupings can be further broken down into tangible assets – buildings, equipment, raw materials; intangible assets – intellectual property, contracts, copyrights, reputation, or mixed assets – individuals and their knowledge, physical assets that contain intangible assets. The range of sectors that this occupation applies to includes all Critical National Infrastructure (CNI) sectors: chemicals; civil nuclear; communications; defence; emergency services; energy; finance; food; government; health; space; transport; water and supply chains of these sectors. This occupation also applies to, but is not exclusive to, the following sectors: construction; property management; science/technology centres; academia; retail; tourism; stadia and sporting arenas; hotels and hospitality; events sector and night-time economy.
The broad purpose of the occupation is to protect assets from identified threats by assessing protective security risks and developing mitigations to reduce these risks. This may comprise, amongst other things, working with key stakeholders to support risk assessments, assess information, provide technical input to conversations, identify risks, and develop mitigations, deploy security personnel, condition enterprise personnel to ensure a positive security culture, target hardening, use technology and policies and procedures to mitigate the identified threats and associated risks. Protective Security Advisers will understand an organisation’s assets, the threats they face and how assessments can be used to identify the risk these threats pose. Protective Security Advisers develop plans to mitigate these risks and implement security measures, with a review process which provides continuous improvement. They will understand the fundamentals of protective security which forms the foundations of ‘security convergence’.
Protective security is a combination of the four security disciplines of personnel, physical, cyber and technical security. Protective security is where all four disciplines have been considered together to ensure threats that seek to find gaps between the disciplines cannot be exploited. This is often referred to as security convergence. The Government Functional Standard GovS 007: Security, describes the purpose of each of the protective security disciplines: Physical Security: The purpose of physical security measures is to ensure a safe and secure working environment for staff and visitors, protecting them against a wide range of threats, including theft, terrorism and espionage. Personnel Security: The purpose of personnel security is to assure organisations that the people it employs are suitable for work in sensitive roles. It also safeguards employees from exploitation as a result of their personal circumstances. Technical Security: The purpose of technical security measures is to holistically protect sensitive information and technology from close access acquisition or exploitation by hostile actors, as well as any other form of technical manipulation. Cyber Security: The purpose of cyber security is to ensure the security of data and information.
In their daily work, an employee in this occupation interacts with a variety of internal and external stakeholders as protective security advisers do not work alone, with the focus on security being a business enabler. To achieve this protective security advisers, need to work with a wide range of stakeholders within a business to ensure business needs are met and externally to support and work with partners and the communities they are based in. In the role of the Protective Security Adviser they will be expected to communicate effectively and provide protective security briefings and subject matter expertise to mitigate protective security risks to a wide variety of stakeholders. Such stakeholders may include: senior risk owners; employees; customers; suppliers; distributors; enterprise risk management (ERM) professionals; corporate threat and intelligence analysts; business continuity and resilience professionals; business development management; information security officers; human resource departments; health and safety professionals; physical security teams; Third party supply chains; Police and law enforcement; community representatives; and the National Technical Authorities i.e. National Protective Security Authority (NPSA), UK National Authority for Counter Eavesdropping (NACE) and National Cyber Security Centre (NCSC).
An employee in this occupation will be responsible for the identification of security vulnerabilities to enable organisations to provide a converged security and risk mitigation approach employing National Technical Authority (NTA) guidance. This may include developing asset registers; records of threat actors and potential threat vectors employed against organisational assets; vulnerability assessments; security risk assessments (SRA); protective security mitigations; protective security risk registers; protective security planning and review and assurance processes.
Security adviser
Security consultant
Security contract manager
Security manager
Security practitioner
Security specialist
Senior security supervisor
K1: Crime and security science theories and how they underpin protective security design to provide a layered security approach and why security matters to protect businesses and society: Routine Activity Theory, Rational Choice Theory, Offender Typologies, Crime Mapping, Broken Windows Theory, the security triangle of detection, response and delay, Situational Crime Prevention, Social Crime Prevention, adversary path analysis, Crime Prevention through Environmental Design and Defence in depth based on National Protective Security Authority (NPSA) deter, detect, delay, mitigate, respond principles.
Back to Duty
K2: The protective security eco-system, the role played by key organisations and how each National Technical Authority (NTAs) contributes to the protective security of business and society: the Register of Security Engineers and Specialists (RSES) and Chartered Security Professionals (CSyP).
Back to Duty
K3: How the security convergence of the four main disciplines of protective services Cyber, Personnel, Physical and Technical can mitigate vulnerabilities of the siloed approach to security risk management.
Back to Duty
K4: Importance of a single overview of risk for senior risk owners by employing security convergence as an effective strategy to manage organisational risk.
Back to Duty
K5: The main features and how to apply significant law to individual organisations: the Occupiers Liability, Health and Safety, Management of Health and Safety at Work Regulations, Fire Safety, Data Protection, the National Security Act, the National Security Investment Act, the Security Services Act, Common Law and Criminal Law, the Digital Online Resilience Act, UK AI Act, Communications Act, Computer Misuse Act, Data Protection Act, General Data Protection Regulation (GDPR), Network and Information Systems Regulations, Privacy and Electronic Communications Regulation.
Back to Duty
K6: Principles of good governance, governance structure and protective security oversight of cyber, physical, personnel and technical security including two-way communication channels, security risk registers, an accountable board level risk owner and structure for dissemination of information and decisions.
Back to Duty
K7: The influence of organisational objectives and differing protective security approaches taken in the context of government, Critical National Infrastructure, multi-nationals, academia, start-ups and emerging technology.
Back to Duty
K8: The requirements of ISO standards and their application in protective security.
Back to Duty
K9: The challenges faced by individuals from diverse backgrounds, with differing social-economic and societal perceptions, and people with special educational needs and disabilities when interacting with colleagues and stakeholders.
Back to Duty
K10: Principles of asset identification and classification: physical, information, people assets and anything that enables a business to operate e.g. a process, system, document or person and brand and reputation.
Back to Duty
K11: The influence of intent and capability on threat actor actions.
Back to Duty
K12: Information sources and the types of information of potential threats to security: the National Protective Security Authority (NPSA), National Cyber Security Centre (NCSC), UK National Authority for Counter Eavesdropping (UK NACE), National Counter Terrorism Security Office (NaCTSO), MI5, Police, local crime statistics and external stakeholders.
Back to Duty
K13: Threat Intelligence Cycle and how to use threat assessments to conduct threat analysis based on a range of threat scenarios that organisations would potentially face based on their assets, services provided and locations.
Back to Duty
K14: Principles of security risk management including how threat, vulnerability and impact determines the risk posed to an organisation, its assets and people and how mitigating threat, vulnerabilities and impact can be supported with protective security.
Back to Duty
K15: The principles of quantitative, qualitative and semi-qualitative risk assessment methodologies to develop risk statements including threat actors, assets targeted, attack vectors used, and potential impact aligned to organisational assets, threat, vulnerability and impact.
Back to Duty
K16: The concepts, main functions and benefits of security risk registers for governance, mitigations, risk tolerance and corporate memory and how they support the production of Operational Requirements.
Back to Duty
K17: Common security standards to mitigate forcible attack vectors including Loss Prevention Standards (LPS) 1673, LPS 1178 Issue 8, NPSA Marauding Terrorist Attack Standard and NPSA Manual Forced Entry Standards (MFES).
Back to Duty
K18: The main types of postal and courier attack vectors and mitigations and the principles of the PAS 97: 2021 Mail Screening and Security-Specification.
Back to Duty
K19: The main types of glazing specification, glazing systems vulnerabilities and mitigation against forcible attack and blast.
Back to Duty
K20: NPSA principles on threats to security posed by vehicles: Vehicle as a Weapon (VAW), Vehicle Borne Improvised Explosive Device (VBIED) and the Layered Vehicle Attack and the potential risk they provide to organisations, businesses and society and how ISO 22343-1: 2023 Vehicle security barriers supports building resilience for security threats with Hostile Vehicle Mitigation strategies.
Back to Duty
K21: Methodology used by threat actors during marauding terrorist attacks and NPSA recommended measures to minimise the impact of Marauding Terrorist Attack to save lives.
Back to Duty
K22: Principles of the NPSA Surreptitious Threat Mitigation Process (STaMP) employing NPSA Surreptitious Attack Protective Security Philosophy.
Back to Duty
K23: Principles of the Cyber Assurance Physical Security Systems (CAPSS).
Back to Duty
K24: Governmental, Independent and third-party certification of physical security products and standards e.g. NPSA Catalogue of Security Equipment (CSE), Redbook LIVE.
Back to Duty
K25: How organisations can manage potential insider threat, insider risk and insider events: leadership, governance, pre-employment screening and vetting, ongoing personnel security, employee monitoring and assessment, investigation and disciplinary practices, a security culture with security focused behaviour embedding NPSA's 5 Es, effective and line management, organisational insider threat stakeholder group utilising the NPSA ten steps of insider risk assessment and isomorphic learning.
Back to Duty
K26: How the threat landscape and societal challenges influence motivations and methods used by insiders and insider event typologies: unauthorised disclosure of sensitive information, process corruption, unauthorised provision of third-party access to organisational assets, financial gain through financial corruption and workplace violence.
Back to Duty
K27: The integration of personnel, cyber, physical and technical security controls to mitigate insider risk.
Back to Duty
K28: Principles of hostile reconnaissance and hostile planning stages, and how protective security can be used to disrupt hostile reconnaissance employing the principles of NPSA DENY, DETECT and DETER strategy and the integration of Security Minded Communications, See Check and Notify (SCaN) and Project Servator.
Back to Duty
K29: The role individuals can play to ensure their personal security and safety when working for an organisation: personal situational awareness, online vigilance, maintain residential security, planning prior to travel, managing own digital footprint, protect sensitive information, follow organisational personal security emergency procedures.
Back to Duty
K30: The principles of technical security and why and how organisations may be targeted.
Back to Duty
K31: The required elements of a technical surveillance device.
Back to Duty
K32: The principles of information egress via spatial, physical and conductive methods used during standoff and close access technical collection operations.
Back to Duty
K33: How existing protective security may encourage threat actors to employ technical attack vectors.
Back to Duty
K34: The convergence of physical, personnel and people security to mitigate standoff attacks and close access technical collection operations.
Back to Duty
K35: The technical security attack vectors: overt access of visitors and contractors, commercial off the shelf 'quick plant' products, human interface devices, mobile telephones, smart devices, long lensing, drones, laser microphones and deep plant devices, 'man-in-the-middle', Telecommunications Electronics Materials Protected from Emanating Spurious Transmissions (TEMPEST) attacks, and lip-reading attack vectors.
Back to Duty
K36: How to mitigate against technical attacks during 'overt access': quick plant devices, human interface devices, remote access trojans, international mobile subscriber Identification catchers, man-in-the-middle, vulnerabilities created by smart devices, long lensing, lip reading, drones, laser microphones and deep plants.
Back to Duty
K37: The concept and applicability of Confidentiality, Integrity and Availability (CIA) for cyber security.
Back to Duty
K38: The main features of malware and how it can be used to access a computer via human and technical factors.
Back to Duty
K39: The threat vectors used by threat actors and the mitigations that can be applied: phishing, spam, spoofing, click-fraud and botnets and attacks on 'End of Life' software, anti-virus software, sandboxes and code-signing.
Back to Duty
K40: The principles of how the internet works including Transmission Control Protocol (TCP), Internet Protocol (IP), datagrams, packets, and the principles of wireless Local Access Networks.
Back to Duty
K41: The methods employed by threat actors to gain data including employing Wi-Fi hotspots, packet sniffing and man-in-the middle attacks.
Back to Duty
K42: The principles of encryption, cryptography, asymmetric cryptography, encryption keys, secure web browsing, and methods to protect data on the network.
Back to Duty
K43: The vulnerabilities of short encryption keys, and the Network Intrusion Detection Systems and Host Intruder Detection Systems.
Back to Duty
K44: The consequences of common network security threats and insider threats on data loss: recreating lost data, purchasing new hardware, purchasing new software, cost of continuing without the available data, the cost involved with informing others of the data loss.
Back to Duty
K45: How cyber security supports authentication and access to organisational systems including good password practice, salting in collaboration with hashing, use of hardware tokens.
Back to Duty
K46: Attack vectors used, including hashes and brute force attack.
Back to Duty
K47: The principles of incident response and incident management.
Back to Duty
K48: The principles of investigation for security incidents including gathering and grading information to be used in investigations, processing information and making recommendations for decision making.
Back to Duty
K49: The principles of a Return on Security Investment (ROSI) and cost benefit analysis, its alignment with organisational aims and objectives and impact on security decision making.
Back to Duty
K50: The concept of organisational resilience and learning and its interdependency with protective security to enable organisational resilience in a changing environment.
Back to Duty
K51: The principles to promote sustainable working practices in protective security.
Back to Duty
K52: How glazing systems can impact the carbon footprint of buildings: laminated glass, annealed and float glass, tough and tempered glass, heat strengthened glass, laminated glass sandwich and polycarbonate.
Back to Duty
K53: The use of reflective practice theories and techniques to inform professional development of an individual and improve approaches to own practice and operational activities.
Back to Duty
K54: Techniques for managing challenging communications using language and style that reflect the situation and audience.
Back to Duty
K55: The use of digital technology to support investigations and assist decision making.
Back to Duty
K56: Problem solving tools and techniques.
Back to Duty
K57: Principles of influencing techniques to achieve goals and objectives.
Back to Duty
K58: Methods for reporting, in accordance with organisational procedure.
Back to Duty
K59: Presentation methods for different audiences using communication skills and strategies to maximise understanding of intended purpose.
Back to Duty
K60: The role of key stakeholders and how they interact with the protective security adviser in protective security planning.
Back to Duty
S1: Utilise crime and security science knowledge and theory in the planning of organisational protective security to address protective security requirements and meet organisational needs.
Back to Duty
S2: Apply the principles of security convergence to protective security planning.
Back to Duty
S3: Comply with legislation, local and national policies and practice within limits of own role.
Back to Duty
S4: Engage and influence the governance process to enable security risk decisions.
Back to Duty
S5: Interpret organisational needs in the application of protective security.
Back to Duty
S6: Follow ISO standards within limits of own role with consideration of the implications of non-compliance.
Back to Duty
S7: Support individuals with differing social-economic and diverse backgrounds who are faced with challenges when interacting with colleagues and stakeholders.
Back to Duty
S8: Produce asset registers for organisations, applying asset identification and classification principles.
Back to Duty
S9: Produce 'Threat Analysis' based on an organisation's assets, services and location, applying asset identification and classification principles.
Back to Duty
S10: Assess vulnerability and impact to the organisation within protective security risk documentation.
Back to Duty
S11: Produce a security risk assessment.
Back to Duty
S12: Develop physical security mitigations for forcible attack vectors.
Back to Duty
S13: Develop physical security mitigations for surreptitious attack vectors.
Back to Duty
S14: Utilise assured products to mitigate protective security risk.
Back to Duty
S15: Develop measures to mitigate against organisational insider risk.
Back to Duty
S16: Develop mitigations against hostile reconnaissance.
Back to Duty
S17: Apply personal security and safety protocols in the work environment.
Back to Duty
S18: Develop mitigations, using converged security, to mitigate technical security attack vectors.
Back to Duty
S19: Develop mitigations for technical security attack vectors.
Back to Duty
S20: Review identified vulnerabilities that could be exploited by malware in organisational assets to develop mitigations to protect confidentiality, integrity and availability of data.
Back to Duty
S21: Develop mitigations to prevent data loss within organisations.
Back to Duty
S22: Utilise organisational cyber security approaches for authentication and access with full consideration of password good practise mitigations and for potential attack vectors.
Back to Duty
S23: Review Incident Response and Incident Management plans to ensure efficiency contributing to organisational resilience.
Back to Duty
S24: Review information gathered through investigations to make recommendations for decision making.
Back to Duty
S25: Make recommendations to senior leadership for protective security.
Back to Duty
S26: Utilise organisational learning to enhance protective security and resilience.
Back to Duty
S27: Incorporate sustainable practice when designing security mitigations.
Back to Duty
S28: Engage in self-reflection, feedback and professional development activities to improve own professional practice.
Back to Duty
S29: Manage challenging communications using language and style that reflect the situation and audience.
Back to Duty
S30: Assess information gained through digital technology to inform decisions.
Back to Duty
S31: Apply logical thinking and problem-solving tools and techniques, identifying issues and proposing solutions to problems.
Back to Duty
S32: Apply influencing techniques to achieve goals and objectives.
Back to Duty
S33: Follow organisational reporting protocols.
Back to Duty
S34: Create and deliver presentations using communication skills and strategies to maximise understanding of intended purpose.
Back to Duty
S35: Liaise with cross-functional security teams for protective security planning.
Back to Duty
B1: Committed to supporting a strong security posture.
Back to Duty
B2: Works independently and takes responsibility working diligently with personal resilience regardless of supervision levels.
Back to Duty
B3: Effective time management.
Back to Duty
B4: Embraces Equality, Diversity and Inclusion treating everyone with dignity and respect.
Back to Duty
Apprentices without level 2 English and maths will need to achieve this level prior to taking the End-Point Assessment. For those with an education, health and care plan or a legacy statement, the apprenticeship’s English and maths minimum requirement is Entry Level 3. A British Sign Language (BSL) qualification is an alternative to the English qualification for those whose primary language is BSL.
Crown copyright © 2025. You may re-use this information (not including logos) free of charge in any format or medium, under the terms of the Open Government Licence. Visit www.nationalarchives.gov.uk/doc/open-government-licence