TSI raises concerns over BSI Code of Practice

The British Standards Institution (BSI) has finalised and proposes to publish a Code of Practice outlining “recommendations for the management, staffing, operation and provision of contracted security consultancy services” that “might assist those who wish to contract the services of a security consultant". However, far from achieving that goal, The Security Institute (TSI) has issued a statement suggesting that the Code is “likely to make the practice of good consultancy difficult, if not impossible” while at the same time “sending misleading messages to the users of security consultancy services”.

Within its ranks, TSI plays host to 92 members who either practice security consultancy as sole traders/SMEs, or hold senior positions within large consultancy practices. According to chairman Bill Wyllie (pictured), TSI’s Council is “both disappointed and concerned” by the contents of BS 8549.

“Like the PAS that preceded it, this document is seriously flawed in several areas,” Wyllie told SMT. “In general terms, the British Standard attempts to cross the boundary between being a document that gives advice on how to run a security consultancy business and the territory now properly occupied by Skills for Security, by setting out occupational standards for security consultants. We believe that it does neither very well and that, in its present form, the document conflicts with the National Occupational Standards being published by Skills for Security.”

TSI is most concerned that the British Standard mandates attempted legal non-compliance in the areas of Rehabilitation of Offenders legislation, Data Protection legislation and, in certain circumstances, the Human Rights Act in a variety of ways (including, but not limited to, those of personnel screening and data release in respect of the consultant’s own personnel and those companies to whom they may sub-contract any security work).

“Furthermore,” added Wyllie, “the British Standard attempts unnecessary interference in the conduct of a security consultant’s business by directing minimum standards for insurance, accounting, the release of organisational information, disciplinary procedures, report writing, document and data retention and the format of personal identity cards.”

Continued Wyllie: “While compliance with a British Standard is never a legal requirement, there is a tendency for Procurement Departments to include in tender documents a demand for compliance with BS publications. As such, a consultant who did not fully comply with BS 8549 could find him or herself in breach of contract and subject to civil action. At its most mundane level, this situation could arise wherever a sole practitioner a group of people that probably comprises 40% of the consultancy sector fails to comply with Section 5.3 by not issuing themselves with an ID card bearing details of their name, address and telephone number together with a photograph.”

Wyllie is now busily urging TSI members who are consultants or end users of consultancy services to review BS 8549 and consider its potential impact on their business. “The Council of this Institute will continue its campaign to have this Standard, in its present form, completely set aside,” he concluded.