Elements and Performance Criteria
- Plan security awareness activities
- Need for activities is determined, taking into account identified client needs and feedback from clients and staff, and priorities are identified in the organisation's security plan.
- Ideas for new or improved activities are initiated, gathered and assessed, taking into account the human, financial and physical resources required.
- Approval for security awareness activities is obtained in accordance with organisational guidelines.
- Design security awareness activities
- Individuals and groups are targeted, and formal and informal networks are established and used regularly as communication channels.
- Precedents in security management are incorporated into security awareness activities.
- Effective awareness/information presentations are implemented where required.
- Security awareness activities are linked in an integrated and cohesive manner with organisational ethical and security management standards and guidelines, codes of conduct and include related aspects of corporate policy.
- Security awareness activities are based on a knowledge of the organisation's corporate objectives, core business, the culture of the organisation and a knowledge of the organisation's client base.
- Promote government security management
- Develop and nurture cooperative client relationships
- Expectations of clients and contractors are established and documented.
- Opportunities for establishing contacts and networks with external and internal clients are anticipated in consultation with work colleagues and managers.
- Changes in organisational focus are monitored for effects on organisation-client relationships and action is taken to inform clients of changes in accordance with organisational policy and procedures.
- Feedback on organisational activities is obtained and reported within the organisation in accordance with policy and procedures.
- Organisation's security management philosophy, policy and procedures are imparted in a way which facilitates stakeholder understanding.
- Where required, clients are advised when and how they should modify their practices to meet organisational standards.
- Conduct security management activities
- Security management activities are planned and are feasible within existing resource and time constraints.
- Intended outcomes are identified and are based on realistic expectations of the target audience.
- Activities are varied, refined and adapted as indicated by audience response or by changes in the organisation's security strategy and procedures.
- Adult learning techniques are utilised.
- Security awareness information is linked with codes of conduct and ethical and security management guidelines of the organisation, together with its broader corporate goals.
- Evaluate success of awareness raising activities
- Security awareness activities are assessed against predetermined objectives.
- Results of evaluation are documented and used as the basis for planning future activities.
- Opportunities for new security awareness activities are identified and acted on as required.
- Evidence, if any, is obtained of a decrease in the level of security breaches as a result of activities.