Security Culture and SeMS

Aviation Security Update November 2021

Security Culture and SeMS

Allan Whyte – Certified AvSec Instructor (IAA and UK CAA)

This month we are going to look at some recent AvSec events and take a moment to reflect on SeMS which is being implemented by Aviation Authorities across the world.

But first, a quick revision on Security Culture.

A strong security culture is something that all regulated entities need to foster and promote, it will make the implementation and maintenance of your Security Management System (SeMS) so much easier. Starting to foster a Security Culture is relatively easy, it requires the support of the employees (especially senior management) more than financial support.

So, what is security culture?

Security culture is a set of norms, beliefs, values, attitudes and assumptions that are inherent in the daily operation of an organisation and are reflected by the actions and behaviours of all entities and personnel within the organisation.

Security should be everyone’s responsibility – from the ground up.

Effective security culture is about:

1. Recognising that effective security is critical to business success;
2. Establishing an appreciation of positive security practices among employees;
3. Aligning security with core business goals; and
4. Articulating security as a core value rather than as an obligation or a burdensome expense.

Now that we have had a quick review of Security Culture, let’s move on to the Security Management System (SeMS).

What is a Security Management System (SeMS)?

A Security Management System (SeMS) provides an entity with a framework of operating principles and guidance which enable it to enhance security performance by proactively managing risks, threats, and areas where there are gaps and vulnerabilities which may have a negative impact on that performance.

SeMS is:

  • Based on a risk-driven framework designed to embed security within your operations and culture
  • Suitable for any entity within the aviation sector, regardless of size or operation
  • An enabler for the Civil Aviation Authorities (CAA’s) around the globe to develop flexible, risk-based oversight
  • An enabler for entities required to meet quality control provisions of their local authorities

A SeMS also contributes to making security practices proactive, rather than relying on more traditional reactive and prescriptive procedures. It offers quantitative and qualitative benefits that can improve overall performance and communication within a company, as well as with State regulators. It enhances a company’s security culture, regulatory collaboration and resource utilisation.

A robust SeMS will allow your organisation to:

  • Seamlessly engage with the different departments of your organisation
  • Consistently and efficiently assess threats and risks
  • Effectively collaborate and report when security and threat incidents occur

What are the benefits of a Security Management System (SeMS)?

A Security Management System (SeMS) enables security operators to streamline and optimize routine security and emergency preparedness. It will improve an organization’s efficiency and, with time, you will also often see cost reductions. Overall, five benefits you can expect after implementing a SeMS are:

  • Enhanced risk awareness and response
  • Develop security culture and human capability
  • Improve technological resources and innovation
  • Improve oversight and quality assurance
  • Increase cooperation and support

What are the key elements of a Security Management System (SeMS)?

The performance of an organisation’s SeMS is evaluated against five core components for an effective security culture are listed below.

  • Senior management and corporate commitment
    • Governance strategy and structure
    • Leadership commitment and planning
    • Accountability and responsibilities
  • Resource management
    • Coordination law enforcement agencies
    • Security training and awareness campaigns
    • Management of change
  • Threat assessment and risk management
    • Incident reporting
    • Incident management
  • Management of emergencies and incidents
    • Role of security in emergency response procedures
    • Communication guidelines
    • Incident response
  • Quality assurance and quality control
    • Management of service providers
    • Performance monitoring procedures and reporting
    • Continuous improvement

How to implement Security Management System (SeMS)?

No matter the size, type or complexity, the top executives and senior management play a major role in determining a company’s commitment to security. When an organisation decides that it will implement a SeMS in its operations, it is essential that a plan be drawn up. An implementation is complex and involves several entities within and outside the organisation. In general, there are three stages (levels) of SeMS development:

The first level aims to assess an organisation’s readiness to implement SeMS by identifying its current capabilities. This assessment will result in substantial training and communication improvement, review and re-issuance of organizational policies and allocation of necessary resources.
The second level is the actual implementation of the SeMS. This will cover elements such as the commitment from senior leadership, increased communication of the new approach, development and adjustment of standard operating procedures, modification of cooperation standards and development of performance indicators amongst other elements.

The third level can be achieved once the organisation’s SeMS becomes mature. At this stage, organization’s focus on development of data analysis and quality assurance.

You can learn the essentials of IATA’s SeMS initiative and how it can make your organisation IOSA compliant by taking an IATA Training SeMS course. The course provides a structured approach to security process implementation in accordance with IATA Operational Safety Audit (IOSA) requirements. Thanks to the daily classroom exercises, you’ll be able to begin building a performance-based SeMS that produces measurable and auditable results.

For more information we recommend regularly checking with our training partner IATA who offer regular SeMS updates. We can offer jointly certified training courses through our IATA Accredited Training School (ATS) at Dublin Airport.

Keep checking our Security Manager and Training Manager Resource Centre  where you will find downloadable resources that will hopefully help you in your role.

If you would like to discuss implementing or improving Security Culture and SeMS within your organisation then do not hesitate to contact us.


Allan Whyte – Certified AvSec Instructor (IAA and UK CAA)

FRIDAY 5th November 2021 – Palm De Mallorca Airport (Source – BBC News)

TOPIC – Human trafficking/inadequately documented passengers

One of Spain’s busiest airports shut down for nearly four hours on Friday after an attempt by migrants to enter the country illegally. A plane en route from Casablanca in Morocco to Istanbul, Turkey, was diverted to Palma de Mallorca after a suspected medical emergency was reported onboard.

When the jet landed, 21 passengers egressed the aircraft and ran off across the runways, reportedly escaping over the perimeter fence. Police later made arrests but 12 were still on the run on Saturday.

Police are investigating whether the group’s escape from the plane was spontaneous or an elaborate plot to immigrate illegally. The top Spanish government official for the Balearic Islands, Aina Calvo, said the event was unprecedented for a Spanish airport.

The drama began when emergency services boarded the Air Arabia Maroc plane to evacuate a Moroccan man said to have fallen into a diabetic coma. As they did so, 21 other passengers ran down the steps and fled, reportedly hiding under parked planes.

After a health check at a hospital found him to be fit and well, the Moroccan man was discharged and arrested for illegally entering the country, Spain’s Efe news agency reports. A fellow passenger accompanying him to the hospital reportedly disappeared.

Most of the escapees who were arrested were found by the Guardia Civil.

The total number involved was 24, including a person arrested for aggressive behaviour on the plane.

Some 60 national and international flights were diverted or delayed as a result of the incident.

The Air Arabia Maroc plane later continued to Turkey with its remaining passengers.

FRIDAY 5th November 2021 – United States (Source – Reuters)

TOPIC – Insider Threat

A spy for the Chinese Ministry of State Security has been convicted by a federal jury of plotting to steal trade secrets from several U.S. aviation and aerospace companies, the Justice Department said on Friday.

Yanjun Xu, the first Chinese operative extradited to the United States for trial, was convicted of two counts of conspiring and attempting to commit economic espionage, in addition to a count of conspiracy to commit trade secret theft and two counts of attempted theft of trade secrets. The ruling means Yanjun could face up to 60 years in prison total for all violations and fines totaling more than $5 million, according to a press release. He will be sentenced by a federal district court judge.

Going back as far as 2013, Yanjun was accused of using multiple aliases to carry out economic espionage and steal trade secrets on behalf of China. Multiple U.S. aviation and aerospace companies, including GE Aviation, a unit of General Electric Co, were his targets, the release said.

TUESDAY 19th October 2021 – Shannon Airport, Ireland (Source – The Limerick Post)

TOPIC – Aviation Security News

Time spent going through passenger security screening at Shannon Airport is set to be halved, thanks to a new €2.5 million investment in a state-of-the-art security screening system unveiled on Monday, October 18.

The new high-tech security screening system makes the removal of laptops and liquids from cabin bags a thing of the past and, combined with the latest technologically advanced security scanning equipment, it reduces touch points, and will make the passenger journey through security quicker and easier.