What an NPSA-Aligned Security Assessment Actually Involves

The National Protective Security Authority (NPSA) — formerly CPNI — is the UK's authoritative source of guidance on protective security. For organisations seeking to manage security risk effectively, and for those with obligations under Martyn's Law, NPSA guidance sets the standard against which assessments are judged.

But what does NPSA-aligned actually mean in practice? And what should you expect from a review that claims to meet that standard?

What NPSA Guidance Covers

NPSA guidance spans a broad range of protective security disciplines: physical security, personnel security, hostile vehicle mitigation (HVM), counter-terrorism, information and cyber security. For venues and organisations that are potential targets for hostile reconnaissance or attack, the physical security and counter-terrorism guidance is most directly relevant.

The guidance is not a checklist. It is a framework for professional judgement — and applying it well requires both knowledge of the guidance and experience of the security environments to which it is being applied.

What a Proper NPSA-Aligned Assessment Involves

A rigorous NPSA-aligned security assessment begins before anyone visits your site. It starts with a threat and risk assessment: what threats does your organisation face, how likely are they, and what would the impact be? This establishes the basis for proportionate recommendations — security measures that address genuine risk without creating unnecessary operational burden.

On site, the assessment examines your physical security infrastructure, procedural controls, personnel measures and — where relevant — your counter-terrorism arrangements. It considers hostile reconnaissance pathways, vulnerable entry points, and the alignment between your current security posture and the threat profile your organisation actually faces.

The output should be a clear, prioritised report: specific findings, specific recommendations, and an honest assessment of what is most important to address first. If the report could apply to any organisation, it has not been aligned to yours.

The Professional Judgement That Makes the Difference

NPSA guidance provides the framework. Professional judgement determines whether that framework is applied well. The same standard can produce a generic document or a genuinely useful assessment, depending on the experience of the person conducting it.

Colin Morgan Consulting's security reviews are conducted by a Chartered Security Professional with 39 years of operational experience. We apply NPSA guidance with the professional judgement that experience provides — and we tell you what we actually find, not what is comfortable to hear.

Get in touch to discuss what an NPSA-aligned security assessment would involve for your organisation.