D21.3 - Overall Approach To Security Management And Emergency Preparedness



Similar documents
D01.1 Project Management Plan

The TIPS project is supported by the European Commission through the Seventh Framework Programme for Research and Technological Development /

EUROPEAN COMMISSION. CASSANDRA Common assessment and analysis of risk in global supply chains

European Code for Export Compliance

Impact of extreme weather on critical infrastructure. Deliverable 7.2. Website and Collaboration Platform Online

Terms of Reference PUBLIC PERCEPTION SURVEY. Office of Disaster Preparedness and Emergency Management

Urban Transport Security presented by Patrick Dillenseger RATP

ESKISP Direct security testing

D Test Strategy

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

Deliverable D7.2: The project website

The Risk Management strategy sets out the framework that the Council has established.

D E F I N I T I O N O F Q U A L I T Y C O N T R O L P R O C E D U R E

Brand Development and Management Enabling Strategy

Rules for the use of the IT facilities. Effective August 2015 Present

Project Execution Guidelines for SESAR 2020 Exploratory Research

CRIMINAL JUSTICE AND COURTS BILL. Factsheet Revenge Pornography

Educational Programme in Nuclear Security

Guidance notes and templates for Project Technical Review involving Independent Expert(s)

4. Which sector do you belong to? Please check one box.

POLICE AND CRIME PLANS

Business Continuity Management. Policy Statement and Strategy

RECOMMENDATIONS COMMISSION

Business Continuity Management

National Cyber Security Policy -2013

PROPOSAL ACRONYM - ETN / EID / EJD (delete as appropriate and include as header on each page) START PAGE MARIE SKŁODOWSKA-CURIE ACTIONS

Business Continuity Policy

The PNC Financial Services Group, Inc. Business Continuity Program

COMMISSION OF THE EUROPEAN COMMUNITIES COMMISSION RECOMMENDATION. of

Deliverable 1.1 Description of Quality Management and Risk Processing Responsible partner:

Horizon 2020 Secure Societies

Qualification of innovative floating substructures for 10MW wind turbines and water depths greater than 50m

Benefits of conducting a Project Management Maturity Assessment with PM Academy:

PROJECT DELIVERABLE. Funding Scheme: Collaborative Project

HabEat - FP HabEat

The International MBA in Corporate Security Management (IMBASM) Distance Learning

REGULATIONS ON OPERATIONAL RISK MANAGEMENT OF THE BUDAPEST STOCK EXCHANGE LTD.

Candidate Support Pack HNC Management. Management: Plan, Lead and Implement Change [DV8C 35]

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Industry. Cyber Security. Information Sharing at the Technical Level. Guidelines

ETIP Wind Steering Committee meeting Monday 7th March :00 16:45 EWEA office, Rue d Arlon 80 6th floor Bruxelles AGENDA

From the light to the full application form focus on work plan

INFORMATION GOVERNANCE POLICY

EBA FINAL draft Regulatory Technical Standards

TENDER NUMBER: ITT/SACU/015/2015/O Information and Communication Technology (ICT) Audit IT Effectiveness Review

VICTORIAN GOVERNMENT DEPARTMENT ENVIRONMENTAL MANAGEMENT SYSTEM MODEL MANUAL

DATA PROTECTION POLICY

This is the software system proposal document for the <name of the project> project sponsored by <name of sponsor>.

Proposal template (technical annex) Health, demographic change and wellbeing Two-stage Research and Innovation actions Innovation actions

Protecting betting integrity

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

CONFLICT ANALYSIS & CONFLICT SENSITIVITY

The internet and digital technologies play an integral part

Deliverable D7.1. Project Website and Project Presentation

28 August University of Edinburgh, 2 ECNC, 3 Countryscape, 4 University of Oxford, 5 UNEP-WCMC, 6 SYKE, 7 Alterra

WH+ST. Action Plan UNESCO World Heritage and Sustainable Tourism Programme

Guideline. Records Management Strategy. Public Record Office Victoria PROS 10/10 Strategic Management. Version Number: 1.0. Issue Date: 19/07/2010

GOVERNMENT OF THE REPUBLIC OF LITHUANIA

Business Continuity Policy

THE HUMAN COMPONENT OF CYBER SECURITY

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

EXECUTIVE AGENCY HORIZON 2020 PROGRAMME

BUSINESS CONTINUITY MANAGEMENT POLICY

CALL FOR QUOTATION For COMMUNICATION SERVICES

Quality Management Plan Template

ISO 14001:2004 Environmental Management System Manual

COMPACTCommunityPartnershipAction

Stakeholder management and. communication PROJECT ADVISORY. Leadership Series 3

Aon Risk Solutions Aon Crisis Management. Crisis Management Consulting Terrorism Probable Maximum Loss (PML) Studies

Committees Date: Subject: Public Report of: For Information Summary

Funded by the European Union s H2020 Programme. D4.1 Virtual Collaboration Platform

COMPLAINTS AND RESPONSE MECHANISM

D 8.2 Application Definition - Water Management

BUSINESS CONTINUITY MANAGEMENT SINGAPORE SS540 BCM STANDARDS. LSA Consultants Pte Ltd

Transcription:

D21.3 - Overall Approach To Security Management And Emergency Preparedness Document identification Related SP / WP SP2 / WP21 Reference SCR-WP21-D-MTR-004-08 Related Deliverable D21.3 Dissemination Level RE Lead Participant MTRS3 Ltd. Lead Author Contributors Gilad Rafaeli, MTRS3, MTRS3 Fivos Andritsos, JRC Lindsey Barr, UITP Reviewers Gilad Rafaeli and Paul Abbott JRC, UITP, RATP, CRTM, RATP, THALES, HCO, ATM This document is issued in the frame and for the purpose of SECUR-ED project. This project has received funding from the European Union s Seventh Framework Programme (FP7/2007-2013) under grant agreement n 261605. This document and its contents are the property of SECUR-ED Partners. All rights relevant to this document are determined by the applicable laws. Access to this document does not grant any right or license on the document or its contents. This document or its contents are not to be used or treated in any manner inconsistent with the rights or interests of SECUR-ED Partners or to their detriment and are not to be disclosed externally without prior written consent from SECUR-ED Partners. Each SECUR-ED Partner may use this document in conformity with SECUR-ED Consortium Agreement provisions. Document name: D21.3 - Overall Approach To Security Management And Emergency Preparedness Page 1 of 58

History Version Status Date Authors Main Changes 1.0 Draft 30.8.11 1.1 Draft 23.9.11 1.2 Draft 17.10.11 2.0 Draft 1.11.11 First draft (Uploaded on the Cooperation Tool) Comments of partners, following WP21 meeting and RATP comments Comments of UITP, JRC and THALES Second draft (Uploaded on the Cooperation Tool) 3.0 14.11.11 Version sent to peer ers (Uploaded on the Cooperation Tool as version 3) 3.1 16.11.11 Third draft, following UITP comments to ver. 2.0 (Uploaded on the Cooperation Tool) 4.1 23.11.11 Peer ed version sent to Thales for final validation (Uploaded on the Cooperation Tool) 4.2 28.11.11 Forth draft, following UITP comments to ver. 4.1 and the peer (Uploaded on the Cooperation Tool as version 6) 5.0 Review 30.11.11 Version sent to Thales for final validation (Uploaded on the Cooperation Tool as version 7) 8.0 Issued 06.12.11 Thales Version submitted to EC (Uploaded on the Cooperation Tool as version 8) Document name: D21.3 - Overall Approach To Security Management And Emergency Preparedness Page 2 of 58

TABLE OF CONTENTS History...2 Public summary...5 List of figures...6 1. Abstract, purpose and targeted audience...7 1.1. Abstract...7 1.2. The purpose of this document...8 1.3. Targeted audience and usage...8 2. References... 10 2.1. List of acronyms... 10 2.2. Referenced documents... 11 3. Introduction to public transport security... 12 3.1. A notation of safety and security... 12 3.2. Public transport security key issues... 12 3.3. Organisational safety & security culture [15]... 14 3.4. Public transport assets and systems... 16 3.5. Security typologies of uncontrolled & controlled transport related assets and systems... 19 4. Security master plan - setting up public transport security arrangements... 21 4.1. The building blocks of public transport security... 21 4.1.1. A security organisation set up... 21 4.1.2. Risk based approach strategy... 22 4.1.3. Risk mitigation safeguards and policies... 22 4.2. The components of the organisation security master plan... 22 5. Security arrangements organisation set-up, risk management and safeguards implementation... 24 5.1. Security organisation set-up... 24 5.1.1. Definition & allocation of responsibilities... 24 5.1.2. Security organisation influences... 25 5.1.3. Security organisation performance... 27 5.2. Risk based strategy for security management... 28 5.2.1. Adoption of a risk based approach... 28 5.2.2. Risks identification... 29 5.2.3. Risk management process... 31 5.2.4. Managing risk by a cyclic process... 34 5.2.5. The risk assessment process... 34 5.2.6. Collection of criminal and anti-social behaviour data... 35 5.2.7. Security risk treatment... 35 5.3. Risk mitigation safeguards description and implementation... 36 Document name: D21.3 - Overall Approach To Security Management And Emergency Preparedness Page 3 of 58

5.3.1. Description of risk mitigation safeguards... 36 5.3.2. The 4E's approach... 37 5.3.3. The linkage between risk mitigation safeguards and incident sequence path... 38 5.3.4. The design and implementation process... 41 5.3.5. The linkage between operational requirements and technological safeguards... 44 6. Security operations and incident planning... 46 6.1. Development of concept of operations... 46 6.1.1. Definition of concept of operations - "CONOP" [R8]... 46 6.1.2. Objectives... 46 6.2. Security plans... 46 6.3. Standard operating procedures... 47 6.4. Emergency & crisis procedures... 47 6.5. Training programmes... 48 6.5.1. Training objectives... 48 6.5.2. Target population... 48 6.5.3. Training methods... 48 6.6. Security incident response planning... 49 6.6.1. General planning needs... 49 6.6.2. Security incident response plan considerations... 50 6.6.3. Roles & responsibilities... 50 6.6.4. Crisis management & business continuity... 51 6.6.5. Incident response & management... 52 7. Appendices... 56 7.1. An example of the content of a security master plan... 56 7.2. An example of the content of a security plan [1]... 57 Document name: D21.3 - Overall Approach To Security Management And Emergency Preparedness Page 4 of 58

Public summary This document summarises for public transport operators (PTOs) the full range of processes and considerations to be taken into account in the management of the security risks faced by the assets for which they are responsible. It identifies issues that should be considered when a security plan is being developed by PTOs. The following issues are considered: A description of the assets and security typologies of urban public transport systems. Security master plan - the PTO s general and conceptual framework for securing it s system and the protection of human life, property, operations, information, business, reputation and the environment; Security concept - comprising three components: Security organisation structure. Key to the effective management of a PTO s security arrangements the allocation of organisational management resources and the definition of individual responsibilities. The security organisation of the PTO, security operation arrangements, stakeholder interfaces, emergency preparedness and security quality control are considered. Risk based approach to security management. Risk identification and the principles of a risk based security management strategy. Implementation of risk mitigation safeguards. Security risk management needs in the context of the design and assimilation of solutions including technologies. Security operation and incident planning needs. Security operations development and management. Professional staff protecting a PTO s tangible and intangible assets. Incident response planning. The framework for planning and managing the PTO response to security incidents of whatever magnitude. The key targets of this document within a PTO s organisation are those with a security responsibility, perhaps in addition to their primary responsibilities. These are e.g. security managers; staff responsible for protection of the PTO s assets against threats of crime, public disorder, anti-social behaviour and terror; risk managers; emergency preparedness managers; customer service personnel with passenger security responsibilities and IT security personnel. It is for a PTO to determine whether it chooses to apply the entire content of this document, or parts thereof, depending on its needs and resources. For other stakeholders such as transport/organising authorities involved in transport related security issues, this document identifies the guidelines that PTOs can consider in the preparation of their security arrangements. By providing an overall approach to security considerations and methodology this document also supports coordination of the various organisations involved and a better mutual understanding of security policies and expectations. Document name: D21.3 - Overall Approach To Security Management And Emergency Preparedness Page 5 of 58