^

 
 

Unit of competency details

CPPSEC4006 - Conduct security risk assessment of client operations (Release 1)

Summary

Usage recommendation:
Current
Mapping:
MappingNotesDate
Supersedes and is equivalent to CPPSEC4006A - Assess risksSupersedes and equivalent to CPPSEC4006A Assess risks. 29/Sep/2019

Release Status:
Current
Releases:
ReleaseRelease date
1 1 (this release) 30/Sep/2019


Classifications

SchemeCodeClassification value
ASCED Module/Unit of Competency Field of Education Identifier 099905 Security Services  

Classification history

SchemeCodeClassification valueStart dateEnd date
ASCED Module/Unit of Competency Field of Education Identifier 099905 Security Services  30/Sep/2019 
The content being displayed has been produced by a third party, while all attempts have been made to make this content as accessible as possible it cannot be guaranteed. If you are encountering issues following the content on this page please consider downloading the content in its original form

Unit Of competency

Modification History

Release 1

This version first released with CPP Property Services Training Package Release 9.0.

Supersedes and is equivalent to CPPSEC4006A Assess risks. Updated to meet the Standards for Training Packages.

Application

This unit specifies the skills and knowledge required to conduct a security risk assessment of client operations. It includes analysing client operations and associated information and intelligence to develop a risk assessment register, develop and apply risk assessment criteria to measure risks and consequences to client operations and recommend appropriate countermeasures. This unit of competency does not cover development of risk management plans.

This unit is suitable for those using specialised knowledge to complete routine and non-routine tasks and using their own judgement to deal with predictable and sometimes unpredictable problems.

Legislative, regulatory or certification requirements apply in some states and territories to the provision of advice on security solutions, strategies, protocols and procedures. For further information, check with the relevant regulatory authority.

Pre-requisite Unit

None.

Unit Sector

Security/Risk management

Elements and Performance Criteria

Elements describe the essential outcomes.

Performance criteria describe what needs to be done to demonstrate achievement of the element.

1

Analyse client operations and risk environment.

1.1

Access and interpret key requirements of legislation, regulations and workplace policies and procedures and apply to work instructions to ensure compliance.

1.2

Consult with relevant persons to confirm risk assessment terms of reference, costs and timeframes.

1.3

Develop and document a structured risk assessment register that includes an agreed methodology and allows for possible changes to client operations.

1.4

Consult with client to confirm their core business, operating environment, goals and objectives.

1.5

Source valid and reliable information and intelligence to clarify client assets and analyse potential and actual security risks.

1.6

Recognise own limitations in assessing security risks and access specialist resources or advice to meet client requirements.

2

Assess security risks and consequences to operations.

2.1

Develop risk assessment criteria comprising qualitative and quantitative measures.

2.2

Apply risk assessment criteria to measure level of potential or existing security risk and associated consequences to client operations.

2.3

Identify gaps in predetermined methodology to respond to changing risk context of client operations and modify risk assessment in consultation with relevant persons.

2.4

Source additional required information to assess and confirm client security risk potential.

2.5

Use information technologies to document and present security risk assessment in a format and style to meet workplace requirements.

3

Finalise risk assessment and present findings.

3.1

Identify countermeasures to overcome security risks associated with client operations and incorporate recommended strategies into final risk assessment.

3.2

Finalise security risk assessment and check to ensure findings and recommendations are supported by verifiable information.

3.3

Present final security risk assessment to relevant persons for feedback within agreed timeframes.

3.4

Use questioning and active listening to explain identified security risks and countermeasures to mitigate risk to client operations.

3.5

Complete and secure risk assessment documentation in a manner that facilitates future retrieval and maintains confidentiality.

Foundation Skills

As well as the foundation skills explicit in the performance criteria of this unit, candidates require:

  • oral communication skills to use clear explanations, active listening and questioning skills to convey and clarify information when assessing risks to client operations
  • writing skills to document succinct and logically structured security risk assessments.

Unit Mapping Information

Supersedes and equivalent to CPPSEC4006A Assess risks.

Links

Companion volumes to this training package are available at the VETNet website - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=6f3f9672-30e8-4835-b348-205dfcf13d9b

 

Assessment requirements

Modification History

Release 1

This version first released with CPP Property Services Training Package Release 9.0.

Supersedes and is equivalent to CPPSEC4006A Assess risks. Updated to meet the Standards for Training Packages.

Performance Evidence

To demonstrate competency, a candidate must meet the performance criteria of this unit by documenting and presenting comprehensive risk assessments of client operations for three different clients.

Knowledge Evidence

To be competent in this unit, a candidate must demonstrate knowledge of:

  • workplace policies and procedures that ensure compliance with legislative and regulatory requirements when conducting security risk assessments of client operations:
  • client service standards
  • licensing requirements in the security industry
  • regulatory requirements in the jurisdiction of operation
  • application of ISO 31000:2018 Risk management – Guidelines when conducting security risk assessments of client operations
  • changing risk context of client operations
  • difference between information and intelligence in the context of security risk assessments
  • methods for developing risk assessment criteria comprising qualitative and quantitative measures
  • process of dynamic risk assessment and application of risk management using the hierarchy of controls
  • type and nature of a range of security risks and countermeasures associated with workplace operations
  • purpose of Australia’sStrategy for Protecting Crowded Places from Terrorism and understanding of:
  • definition of crowded places
  • key security issues for crowded places
  • objectives, characteristics and identification of active armed offenders
  • definition of hostile vehicles and methods of attack
  • signs of chemical weapons attack and recommend response
  • general features of improvised explosive devices and recommended incident response
  • ways that social and cultural differences may be expressed during client consultations.

Assessment Conditions

Assessors must meet the requirements for assessors contained in the Standards for Registered Training Organisations.

All individuals engaged by a licensed RTO for security licensing purposes must hold both a security trainers licence (where such a licence exists within the relevant jurisdiction) and the licence for performing the security activities for which the individual is providing training or assessment. Regulators may impose other assessor conditions to meet jurisdictional assessment requirements.

Assessment must be conducted in the workplace or in a simulated workplace environment. Candidates must have access to:

  • legislation, regulations, policies and procedures that apply to conducting security risk assessments in the jurisdiction of operation
  • client specifications, information and intelligence, information technologies and resources required to achieve the performance evidence
  • ISO 31000:2018 Risk management – Guidelines
  • Australia’s Strategy for Protecting Crowded Places from Terrorism.

Links

Companion volumes to this training package are available at the VETNet website - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=6f3f9672-30e8-4835-b348-205dfcf13d9b