This apprenticeship standard has been approved for delivery by the Institute for Apprenticeships and Technical Education. However, starts on the apprenticeship will only be possible once a suitable end-point assessment organisation (EPAO) has obtained Ofqual recognition. Once the EPAO has obtained Ofqual recognition, funding for apprentice starts will be permitted and this message will be removed.
To provide protective security advice incorporating cyber, personnel, physical and technical disciplines with a converged approach.
This occupation is found in the public and private sectors and focuses on the mitigating actions and policies required to meet prevailing threats and protect assets from compromise across the enterprise using a combination of physical security; personnel security; technical security and cyber security. This occupation is found in every organisation that holds assets of value that require protection. An asset is anything with value, tangible or intangible, in need of protection, and which can include but not be exclusive to People – employees, contractors, visitors and communities; Physical – property and items of value that can be seen, touched or held; Information – data bases, financial data, research, trade secrets and intellectual property; Processes and Systems – anything that enables the enterprise to function. These groupings can be further broken down into tangible assets – buildings, equipment, raw materials; intangible assets – intellectual property, contracts, copyrights, reputation, or mixed assets – individuals and their knowledge, physical assets that contain intangible assets. The range of sectors that this occupation applies to includes all Critical National Infrastructure (CNI) sectors: chemicals; civil nuclear; communications; defence; emergency services; energy; finance; food; government; health; space; transport; water and supply chains of these sectors. This occupation also applies to, but is not exclusive to, the following sectors: construction; property management; science/technology centres; academia; retail; tourism; stadia and sporting arenas; hotels and hospitality; events sector and night-time economy.
The broad purpose of the occupation is to protect assets from identified threats by assessing protective security risks and developing mitigations to reduce these risks. This may comprise, amongst other things, working with key stakeholders to support risk assessments, assess information, provide technical input to conversations, identify risks, and develop mitigations, deploy security personnel, condition enterprise personnel to ensure a positive security culture, target hardening, use technology and policies and procedures to mitigate the identified threats and associated risks. Protective Security Advisers will understand an organisation’s assets, the threats they face and how assessments can be used to identify the risk these threats pose. Protective Security Advisers develop plans to mitigate these risks and implement security measures, with a review process which provides continuous improvement. They will understand the fundamentals of protective security which forms the foundations of ‘security convergence’.
Protective security is a combination of the four security disciplines of personnel, physical, cyber and technical security. Protective security is where all four disciplines have been considered together to ensure threats that seek to find gaps between the disciplines cannot be exploited. This is often referred to as security convergence. The Government Functional Standard GovS 007: Security, describes the purpose of each of the protective security disciplines: Physical Security: The purpose of physical security measures is to ensure a safe and secure working environment for staff and visitors, protecting them against a wide range of threats, including theft, terrorism and espionage. Personnel Security: The purpose of personnel security is to assure organisations that the people it employs are suitable for work in sensitive roles. It also safeguards employees from exploitation as a result of their personal circumstances. Technical Security: The purpose of technical security measures is to holistically protect sensitive information and technology from close access acquisition or exploitation by hostile actors, as well as any other form of technical manipulation. Cyber Security: The purpose of cyber security is to ensure the security of data and information.
In their daily work, an employee in this occupation interacts with a variety of internal and external stakeholders as protective security advisers do not work alone, with the focus on security being a business enabler. To achieve this protective security advisers, need to work with a wide range of stakeholders within a business to ensure business needs are met and externally to support and work with partners and the communities they are based in. In the role of the Protective Security Adviser they will be expected to communicate effectively and provide protective security briefings and subject matter expertise to mitigate protective security risks to a wide variety of stakeholders. Such stakeholders may include: senior risk owners; employees; customers; suppliers; distributors; enterprise risk management (ERM) professionals; corporate threat and intelligence analysts; business continuity and resilience professionals; business development management; information security officers; human resource departments; health and safety professionals; physical security teams; Third party supply chains; Police and law enforcement; community representatives; and the National Technical Authorities i.e. National Protective Security Authority (NPSA), UK National Authority for Counter Eavesdropping (NACE) and National Cyber Security Centre (NCSC).
An employee in this occupation will be responsible for the identification of security vulnerabilities to enable organisations to provide a converged security and risk mitigation approach employing National Technical Authority (NTA) guidance. This may include developing asset registers; records of threat actors and potential threat vectors employed against organisational assets; vulnerability assessments; security risk assessments (SRA); protective security mitigations; protective security risk registers; protective security planning and review and assurance processes.
Security adviser
Security consultant
Security contract manager
Security manager
Security practitioner
Security specialist
Senior security supervisor
This is a summary of the key things that you – the apprentice and your employer need to know about your end-point assessment (EPA). You and your employer should read the EPA plan for the full details. It has information on assessment method requirements, roles and responsibilities, and re-sits and re-takes.
An EPA is an assessment at the end of your apprenticeship. It will assess you against the knowledge, skills, and behaviours (KSBs) in the occupational standard. Your training will cover the KSBs. The EPA is your opportunity to show an independent assessor how well you can carry out the occupation you have been trained for.
Your employer will choose an end-point assessment organisation (EPAO) to deliver the EPA. Your employer and training provider should tell you what to expect and how to prepare for your EPA.
The length of the training for this apprenticeship is typically 21 months. The EPA period is typically 5 months.
The overall grades available for this apprenticeship are:
When you pass the EPA, you will be awarded your apprenticeship certificate.
The EPA gateway is when the EPAO checks and confirms that you have met any requirements required before you start the EPA. You will only enter the gateway when your employer says you are ready.
The gateway requirements for your EPA are:
Project with report
You will complete a project and write a report. You will be asked to complete a project. The EPAO will give you suggested project titles. The report should be a maximum of 4000 words (with a 10% tolerance).
You will have 12 weeks to complete the project and submit the report to the EPAO.
You need to prepare and give a presentation to an independent assessor. Your presentation slides and any supporting materials should be submitted at the same time as the project output. The presentation with questions will last at least 60 minutes. The independent assessor will ask at least 8 questions about the project and presentation.
Professional discussion underpinned by a portfolio of evidence
You will have a professional discussion with an independent assessor. It will last 60 minutes. They will ask you at least 10 questions. The questions will be about certain aspects of your occupation. You need to compile a portfolio of evidence before the EPA gateway. You can use it to help answer the questions.
You should speak to your employer if you have a query that relates to your job.
You should speak to your training provider if you have any questions about your training or EPA before it starts.
You should receive detailed information and support from the EPAO before the EPA starts. You should speak to them if you have any questions about your EPA once it has started.Reasonable adjustments
If you have a disability, a physical or mental health condition or other special considerations, you may be able to have a reasonable adjustment that takes this into account. You should speak to your employer, training provider and EPAO and ask them what support you can get. The EPAO will decide if an adjustment is appropriate.
| Version | Change detail | Earliest start date | Latest start date |
|---|---|---|---|
| 1.0 | Approved for delivery | 14/05/2025 | Not set |
Crown copyright © 2025. You may re-use this information (not including logos) free of charge in any format or medium, under the terms of the Open Government Licence. Visit www.nationalarchives.gov.uk/doc/open-government-licence