Nuclear Security Assurance Model (NSAM) developed as a Joint Venture between ARL Partners and Amport Risk Limited, enables nuclear Duty Holders to:
NSAM enables a common, consistent and standardised format for Duty Holder and Regulator assessment, reflecting the stated intent of SyAPs. In doing so, it reduces any difference in interpretation of compliance requirements. It reduces ambiguity and subjectivity in engagement between the Duty Holder and the Regulator by establishing a common interpretation of the baseline for assurance assessment. NSAM is client configurable and can be used by either party, be it collaboratively or separately, to conduct a ‘gap analysis’ between the Duty Holder’s and the Regulator’s assessment of potential compliance risk, thereby focussing the ‘sampling’ of risk areas for regulatory scrutiny or by in-house assurance processes.
NSAM will provide users and observers an assurance risk rating across the whole of the Regulatory framework or any part of it. NSAM provides best practice guidance that supports and informs risk based decision making and can be used to identify areas for improvement. It’s output forms a baseline for discussion with the Regulator by providing an acknowledged, or even approved, framework for an evidence-based assessment of the Duty Holder’s security arrangements. The Model can also include any other specific requirements a client may have and offers, for instance, links to internal company policies, processes and procedures; and to trusted external information sources that promote UK government best practice.
A comprehensive, transparent and direct link to regulatory direction and guidance to inspectors, contained in SyAPs and JSP 628. It provides a tool that spans the CAE sequence and captures Duty Holder security self-assessment across the ten Fundamental Security Principles (FSyPs) or the sixteen Defence Security Conditions (DSC), and their subordinate structures of guidance, whilst also providing a repository for the collection and collation of ‘evidence’ in any digital data format.
NSAM incorporates a comprehensive question-set that is completely aligned with SyAPs and JSP 628. The suggested answers reflect a range of potential expectations with each one given a weighted score that reflects the potential impact it can have on reducing compliance risk, as illustrated in the screenshots. Once completed, a user instantly receives an Executive Summary that provides a top line assurance rating along with the level of risk being carried across the individual FSyP or DSC that has been assessed. Any areas of high risk are highlighted.
NSAM is powered by VSAT™ , the Vulnerability Self-Assessment Tool, and has its origins in an online version first commissioned by The Office for Security and Counter Terrorism, (OSCT) within the UK Home Office, so that best practice on protective security could be shared by the National Counter Terrorism Security Office (NaCTSO) with the private sector. As a result of its success, achieving over 10,000 users, VSAT™ was chosen as the delivery method for assessing security for the 2012 London Olympic Games and the Torch Relay.
This isn’t a ‘tick-box’ exercise. Ultimately, any judgement or assessment has to be set against a set of expectations. In this case, these are set by the Regulator or the client. Questions are overwhelmingly open questions and there are no ‘right’ answers. The ‘right’ answer will be for the Duty Holder to determine and argue through the CAE construct. The scoring, unseen to the user, is driven by the interpretation of the user and reinforced for judgemental purposes by the evidence provided. So, unlike a ‘tick box’ exercise, NSAM doesn’t stop Duty Holders thinking for themselves; quite the opposite. The Model, used for assurance purposes, can sit at the core of a security assurance process but it’s not the only tool in the toolbox.