The Multi-Organisation Security Environment
An airport is not a single security perimeter managed by a single organisation. It is a complex of overlapping security responsibilities — the aerodrome operator’s Airport Security Programme governing the physical security of the aerodrome, the airlines’ security procedures governing the specific processes they apply to passengers, baggage, cargo and mail, the ground handlers’ security procedures governing their access to aircraft and baggage, and the regulated agents’ security arrangements governing the cargo supply chain. Each organisation’s security framework must meet the requirements of the applicable regulatory layer. And the interfaces between them — the points at which one organisation’s security responsibility ends and another’s begins — are precisely where security vulnerabilities are most likely to exist.
The aerodrome operator does not control the security procedures of the airlines and ground handling organisations operating on its aerodrome. But the DfT will hold the aerodrome operator to account for the overall security of its aerodrome — including the security failures of organisations operating within its perimeter. Effective aviation security management at an aerodrome requires not only an internally coherent Airport Security Programme but a governance framework through which the aerodrome operator sets, monitors and enforces security standards across all regulated organisations operating on its aerodrome.
Unannounced Inspection and the Consequences of Non-Compliance
DfT aviation security inspectors conduct unannounced inspections of aviation security arrangements at UK aerodromes and aviation organisations. They test whether the security measures described in the approved Airport Security Programme and associated documentation are actually in place and being applied — whether security staff are performing required screening procedures correctly, whether access control is functioning as the security programme describes, whether security training records are accurate and current, and whether the organisation’s security management is functioning as a coherent programme or as isolated activities documented for compliance purposes.
The consequences of inspection findings are not limited to a requirement for corrective action. Significant non-compliance can result in formal enforcement under the Aviation Security Act 1982, financial penalties, and in the most serious cases suspension of the approval that the organisation requires to operate. For an aerodrome operator, a DfT enforcement action has reputational and commercial consequences that extend well beyond the regulatory finding itself. AACS provides the independent assessment and documentation support that enables organisations to identify and close their security gaps before the DfT inspector finds them.
Aviation security compliance is not achieved by having a security programme in a binder and a Category 10 awareness presentation delivered at induction. It is achieved by having a security framework that is accurately documented, genuinely implemented across all relevant operations and personnel categories, actively monitored for compliance, and continuously maintained against an evolving threat and regulatory environment. AACS builds that framework.
The Regulatory Framework
The aviation security obligations applicable to UK operators arise from a layered framework of primary legislation, statutory instruments, DfT Directions, European retained law, ICAO standards and organisation-specific approved programmes. The table below sets out the primary components and their obligations.
| Regulatory Reference | Obligation & Compliance Implication |
| Aviation Security Act 1982 | The primary UK legislation governing civil aviation security. Confers powers on the Secretary of State to issue Aviation Security Directions to aerodrome operators, airlines, aircraft operators and other persons with functions related to civil aviation. Compliance with Directions is a legal obligation enforceable by criminal and civil sanctions. |
| Air Navigation Order 2016 | Establishes the legal framework within which aviation security requirements operate alongside airworthiness, flight operations and personnel licensing obligations. Relevant to the interaction between security access controls and the operational requirements of aviation personnel. |
| DfT National Aviation Security Programme (NASP) | The overarching UK aviation security policy framework, maintained by the DfT Aviation Security directorate. Sets the security standards, objectives and minimum requirements that all regulated aviation organisations in the UK must meet. The NASP is protectively marked and not published in full — organisations subject to it receive it under appropriate access controls. |
| Aviation Security Directions | Legally binding directions issued by the Secretary of State under the Aviation Security Act 1982 to specific categories of regulated organisation. Directions may require specific security measures, impose training requirements, mandate security documentation updates or direct immediate operational responses to elevated threat conditions. Organisations must monitor Directions and implement requirements promptly. |
| Regulation (EC) 300/2008 | The primary EU aviation security regulation, retained in UK law post-Brexit. Establishes the common rules for the protection of civil aviation against unlawful interference. Sets requirements for security programmes, screening, access control, airside security, cargo and mail security, in-flight security and security training. The basis for the Category 10 and specialist security training requirements. |
| Commission Implementing Regulation (EU) 2015/1998 | The detailed implementing regulation for Regulation 300/2008. Provides the specific technical requirements for each security measure: screening methods, equipment standards, access control procedures, background check requirements, regulated agent approval, known consignor approval, and security training syllabi. The primary technical reference for security programme content. |
| CAP 1223 — Aviation Security: Guidance for Approved Trainers | UK CAA / DfT guidance on the approval of aviation security training providers and the standards applicable to approved security training. Relevant to organisations designing or delivering security training under the DfT approval framework. |
| CAP 1480 — Airside Identity Cards | UK CAA guidance on the management of airside identity cards, background check requirements, access control and the obligations of aerodrome operators and employers in the airside pass management process. |
| Airport Security Programme (ASP) | The organisation-specific security programme that every aerodrome operator must hold, approved by the DfT. The ASP describes the aerodrome’s security arrangements across all regulated functions — access control, screening, staff security measures, cargo and mail security, security management and training. It must be accurate, current and implemented as described. |
| Security Procedures Documents | Airlines, ground handlers, regulated agents and other regulated organisations are required to hold organisation-specific security procedures documents that describe how they implement the applicable security requirements. These must be consistent with the NASP, applicable Directions, and the aerodrome operator’s ASP where relevant. |
| ICAO Annex 17 — Security | The international standard for the protection of civil aviation against acts of unlawful interference. The DfT and European frameworks are aligned with ICAO Annex 17 Standards and Recommended Practices. Relevant for operators with international obligations, bilateral security arrangements, or operations into states where ICAO Annex 17 compliance is assessed. |
| ICAO Doc 8973 — Aviation Security Manual | The authoritative ICAO reference for aviation security management. Provides detailed guidance on threat and risk assessment, security programme management, screening methods, cargo security and security training. The design reference for organisations developing security management frameworks. |
Airport Security Programme Development & Revision
The Airport Security Programme is the defining document of an aerodrome operator’s aviation security arrangements. It must be approved by the DfT. It must accurately describe the security measures in place at the aerodrome across all regulated functions. And it must be implemented as written — because the DfT inspector’s assessment is not whether the document is adequate, but whether the aerodrome’s actual security arrangements match what the document says.
The ASP is not a document that can be produced from a generic template and submitted to the DfT for approval. It must describe this aerodrome — its specific layout, its access control system, its CCTV coverage, its screening arrangements, its staffing structure, its threat and risk assessment, its security training framework and its security management system. A document that describes a hypothetical aerodrome will not be approved, and if it is approved because the discrepancies are not immediately visible, it will generate findings when the DfT inspector visits and finds that reality does not match the document.
Initial Airport Security Programme Development
For aerodrome operators seeking initial DfT approval of an Airport Security Programme — whether for a new aerodrome, a change in operator, or a change in the aerodrome’s operational scope that requires a new or substantively revised ASP — AACS develops the complete ASP from the ground up, calibrated to the specific aerodrome and structured for DfT submission:
- Aerodrome security baseline assessment — understanding the physical security arrangements, access control systems, screening facilities, CCTV coverage, staffing structure and current security practices before beginning documentation
- Threat and risk assessment — developing the security threat and risk assessment that underpins the ASP, addressing the specific threat environment applicable to the aerodrome, its flight mix, its geographic location and its operational profile
- Security boundary and restricted area definition — accurately defining the security restricted area, the sterile area and all other security zones, with reference to the aerodrome’s physical layout and access control infrastructure
- Access control system documentation — describing the aerodrome’s access control arrangements for all categories of person and vehicle, including airside pass management, background check procedures and contractor access control
- Screening arrangements documentation — documenting the screening measures applicable to passengers, baggage, staff and vehicles at the aerodrome, calibrated to the aerodrome’s specific facilities and DfT requirements
- Staff security measures documentation — pre-employment background checks, security screening requirements for airside personnel, and the management of persons with security-sensitive access
- Cargo and mail security documentation — the aerodrome operator’s role in the cargo and mail security chain, interface with regulated agents and known consignors, and supervision of cargo security arrangements on the aerodrome
- Security management system documentation — security monitoring, compliance management, incident reporting, security information management and interface with the aerodrome’s SMS
- Security training framework documentation — the training requirements applicable to all categories of airside personnel, training standards, delivery methods, assessment criteria and records management
- Emergency and contingency security procedures — the security response arrangements for elevated threat conditions, security incidents, and the interface between security emergency procedures and the Aerodrome Emergency Plan
- DfT submission management — managing the ASP submission to the DfT, responding to DfT comments and queries during the approval process, and achieving formal DfT approval
Airport Security Programme Revision
An approved ASP must be kept current. Physical changes to the aerodrome — new terminal buildings, revised access control infrastructure, new screening equipment, extended restricted area boundaries — require ASP amendment. Operational changes — new airlines, new ground handling arrangements, new cargo handling facilities — may require ASP revision. Regulatory changes — new DfT Directions, revisions to the NASP, changes to implementing regulation requirements — must be reflected in the ASP. And changes in the security threat picture may require the threat and risk assessment to be updated and the ASP’s security measures to be reviewed accordingly.
AACS provides ASP revision services for aerodrome operators managing the ongoing maintenance of their approved security programme:
- Physical change ASP amendment — revising the ASP to reflect new or modified aerodrome infrastructure, access control systems, screening facilities or CCTV arrangements
- Operational change ASP revision — revising the ASP to reflect changes in airlines, ground handlers, cargo operations or other operational arrangements that affect the security programme
- Regulatory change ASP update — identifying the impact of new or revised DfT Directions, NASP updates or implementing regulation changes on the approved ASP and producing the required amendments
- Threat and risk assessment update — revising the ASP’s threat and risk assessment in response to changes in the security threat environment or significant operational changes at the aerodrome
- ASP gap analysis — independent review of the current ASP against the aerodrome’s actual security arrangements, identifying discrepancies between the document and operational reality and producing a structured revision programme
- DfT amendment submission management — managing the submission of ASP amendments to the DfT, responding to DfT queries and achieving formal amendment approval
Security Procedures Documents for Airlines, Ground Handlers & Regulated Organisations
Airlines, ground handlers, regulated agents, known consignors and other regulated organisations are required to hold security procedures documents that describe how they implement the aviation security requirements applicable to their operations. These documents must be consistent with the NASP, with applicable DfT Directions, and — for organisations operating at a specific aerodrome — with the aerodrome operator’s approved ASP. They must be accurate, current and implemented as written.
The security procedures documents of airlines and ground handling organisations are not sub-documents of the aerodrome operator’s ASP, but they must be compatible with it. Where the ASP sets minimum standards for access control, screening or staff security measures that apply to all organisations operating on the aerodrome, the security procedures of those organisations must meet or exceed those standards. AACS develops and revises security procedures documents for airlines, ground handlers and other regulated aviation organisations:
Airline Security Procedures
Airlines operating scheduled or charter services hold security obligations that span the full passenger journey — pre-departure check-in, baggage acceptance, hold loading, cabin preparation, airside access control and, for operators on certain routes or with specific approvals, in-flight security measures. The airline’s security procedures must describe all of these accurately and in a form that DfT oversight — and, on international routes, the security oversight of destination states — can assess:
- Airline security procedures document development — covering passenger and baggage acceptance, security screening obligations, hold security, cabin security checks, access control at check-in and gate, and security training requirements
- Airline security procedures revision — following route changes, fleet changes, ground handling arrangement changes or regulatory updates
- Security procedures gap analysis — independent review of the airline’s current security procedures against applicable regulatory requirements and the ASP of the aerodromes the airline operates from
- DfT submission and approval management — managing the submission of airline security procedures to the DfT and achieving formal approval
Ground Handler Security Procedures
Ground handling companies operate in the most security-sensitive part of the airside environment — in direct proximity to aircraft, hold compartments, baggage systems and fuel points. Their security obligations include access control for their own personnel and equipment, the security of aircraft under their handling, baggage reconciliation procedures, supervision of the aircraft hold, and the management of security-relevant incidents on the ramp. Their security procedures must describe these obligations accurately and must be consistent with the ASPs of the aerodromes they operate at:
- Ground handler security procedures document development — covering access control, aircraft security checks, baggage handling security, hold management, security training and incident reporting
- Multi-aerodrome procedures management — for handlers operating at multiple aerodromes, ensuring that procedures reflect the specific requirements of each aerodrome’s ASP while maintaining a coherent company-level security framework
- Security procedures revision and update — following changes in operational scope, new aerodrome access, or regulatory update
- Security procedures gap analysis — independent review against regulatory requirements and applicable ASPs
Regulated Agent & Known Consignor Documentation
Regulated agents and known consignors occupy a defined position in the air cargo security chain. Their approvals — issued by the DfT on the basis of assessed compliance with the regulated agent and known consignor security requirements — are the mechanism through which cargo is accepted as ‘secure cargo’ without requiring screening by the airline or the aerodrome operator. The documentation that supports these approvals must be accurate, current and reflect the security controls actually in place. AACS develops and revises regulated agent and known consignor security documentation:
- Regulated agent security programme development — covering security controls, screening arrangements, staff background checks, access control, training and record-keeping for regulated agent approval
- Known consignor security framework documentation — covering site security, personnel background checks, consignment security procedures and management accountability for known consignor approval
- DfT regulated agent and known consignor approval submission support — managing the application process and responding to DfT queries during assessment
- Security documentation revision and re-approval — following changes to operations, premises, personnel or regulatory requirements
Security Compliance Monitoring & Independent Audit
Security Compliance Monitoring System Design
Regulated aviation organisations are required to monitor their own compliance with their approved security programme and applicable security requirements. For aerodrome operators, this obligation extends to monitoring the compliance of all regulated organisations operating on the aerodrome — ensuring that the security standards the ASP requires of airlines, ground handlers and other airside organisations are being met in practice, not merely described in their security procedures documents.
Security compliance monitoring must be structured, documented and capable of demonstrating to the DfT inspector that the organisation has a functioning internal oversight system. An organisation that relies on ad hoc observation and informal management oversight is not operating a security compliance monitoring system — it is hoping that compliance is happening. AACS designs security compliance monitoring systems for aerodrome operators and regulated organisations:
- Security compliance monitoring framework — the system through which the organisation monitors compliance with its approved security programme, applicable DfT Directions and NASP requirements
- Internal security audit programme — schedule, scope, methodology and reporting framework for the organisation’s self-audit of security compliance
- Security audit checklist development — calibrated to the organisation’s specific operations, security arrangements and applicable regulatory requirements
- Non-compliance finding and corrective action process — the system through which security compliance failures are identified, classified by risk significance, assigned corrective action, tracked to closure and reported
- Tenant and operator security monitoring framework — for aerodrome operators, the governance framework through which compliance with the ASP’s requirements is monitored across all regulated organisations operating on the aerodrome
- Security compliance monitoring documentation — the records, reports and audit outputs that demonstrate compliance monitoring activity to DfT oversight
Independent Security Audit
An independent security audit from AACS provides aerodrome operators and regulated organisations with an external assessment of their security compliance — the assessment that identifies the gaps a DfT inspector would find, before the inspector finds them. Independent audit also provides the board-level assurance that internal audit cannot deliver: an objective assessment of whether the security framework is functioning as approved, not merely as it is described in internal reporting.
AACS independent security audit services include:
- Full security compliance audit — assessing compliance with the approved ASP or security procedures document, applicable DfT Directions and NASP requirements across all security functions
- Access control audit — testing whether physical and procedural access controls are functioning as the approved security programme describes, identifying vulnerabilities in the access management system
- Screening audit — assessing whether screening procedures for passengers, baggage, staff and vehicles are being applied correctly and consistently
- Staff security measures audit — reviewing background check compliance, security pass management accuracy, and the management of persons with security-sensitive access
- Cargo and mail security audit — for regulated agents and aerodrome operators, assessing the accuracy of cargo security procedures and the consistency of their application
- Security training compliance audit — reviewing training records, training content accuracy and the currency of security training across all categories of required personnel
- Security documentation accuracy audit — assessing whether the approved ASP or security procedures accurately describe the security arrangements as currently implemented
- Corrective action plan development — a structured, prioritised plan addressing all audit findings with clear ownership and realistic timescales
DfT Inspection Preparation
DfT aviation security inspections test whether the security arrangements described in the approved programme are in place and being applied consistently. Preparation for inspection is not a matter of ensuring the binders are in order — it is the opportunity to test the actual security measures against the approved documentation, identify gaps before the inspector does, and ensure that the organisation’s security management can demonstrate its compliance position clearly and credibly.
AACS provides structured DfT inspection preparation for aerodrome operators and regulated organisations:
- Pre-inspection security audit — independent assessment of security compliance against the approved programme and applicable requirements, identifying and prioritising gaps for corrective action before the inspection
- Documentation readiness review — ensuring ASP, security procedures, training records and compliance monitoring records are complete, current and accurately reflect implemented security arrangements
- Access control and screening test programme — testing physical and procedural security measures against the approved programme, identifying specific failure points
- Staff security awareness assessment — evaluating whether security staff understand and correctly apply the security procedures they are required to implement
- Inspector engagement preparation — advising on how to present the organisation’s security programme to the DfT inspector, manage specific areas of complexity, and respond to inspector queries clearly
DfT Inspection Finding Response
When a DfT inspection generates findings, the organisation’s response determines both the regulatory outcome and the DfT’s confidence in the organisation’s security management. A response that addresses the surface manifestation of the finding without understanding why the security measure failed does not resolve the underlying vulnerability. AACS provides specialist support for organisations responding to DfT security inspection findings:
- Finding root cause analysis — understanding why each security finding occurred: whether it reflects a procedural gap, a documentation failure, a training deficit, an access control system weakness, or a security management failure
- Corrective action plan development — a structured response to each finding that addresses the identified root cause, with clear corrective actions, responsible owners and timescales that satisfy DfT expectations
- ASP or security procedures amendment — revising approved documentation as required by the finding and managing the DfT amendment approval process
- DfT formal response drafting — producing the written response to DfT inspection findings in the format and at the level of detail the authority expects
- Post-corrective action verification — independently verifying that corrective actions have been implemented and are effective before the DfT’s follow-up assessment
Aviation Security Training
Aviation security training is not a one-off induction event that satisfies a regulatory checkbox. It is the mechanism through which every person with access to the security-sensitive parts of the aviation environment understands their personal role in the security system — what they are required to do, why they are required to do it, and what the consequences are of failing to do it. The regulatory framework requires security training that is role-specific, delivered to defined standards, assessed for competence, recorded, and renewed at defined intervals. It requires initial training before access is granted, recurrent training at required intervals, and refresher training following security incidents or significant procedural changes.
Generic security awareness content is not adequate for most security training obligations. Category 10 security awareness training must cover the required regulatory content but must also be calibrated to the specific aerodrome where the trainee will work — its specific security procedures, its access control arrangements, its restricted area boundaries and its threat environment. Screener training must meet the approved syllabus content and be delivered and assessed by appropriately approved providers. Security manager training must equip the recipient to manage a security programme and respond to incidents rather than simply to understand the regulatory framework. AACS designs and delivers aviation security training programmes calibrated to the specific regulatory requirement, the specific organisation, and the specific roles of the personnel receiving it.
Category 10 Security Awareness Training
Category 10 security awareness training is the minimum security training obligation for all persons holding airside identity cards at UK aerodromes — every person with access to the security restricted area, regardless of their role, employer or the purpose of their access. The training must cover the content specified in the applicable implementing regulation and must be delivered before airside access is granted.
AACS designs and delivers Category 10 security awareness training programmes for aerodrome operators and airside employers:
- Category 10 training content development — calibrated to the specific aerodrome, incorporating the aerodrome’s specific security procedures, access control arrangements and threat environment alongside the required regulatory content
- Role-specific Category 10 training variants — for organisations with multiple personnel categories requiring the same regulatory training baseline but different operational contexts: ramp staff, terminal staff, contractors, engineering and maintenance personnel
- New starter Category 10 training delivery — initial security awareness training for new airside access pass holders before access is granted
- Category 10 recurrent training — refresher training at the required regulatory intervals, updated to reflect any changes in security procedures, threat environment or regulatory requirements since initial training
- Category 10 training assessment — competence assessment frameworks that verify understanding of required content rather than recording only attendance
- Category 10 training records management — the records system that documents training delivery, assessment outcomes and renewal dates for the organisation’s airside pass holders
- Category 10 training scheme design for aerodrome operators — the complete framework through which the aerodrome operator manages Category 10 training across all organisations with airside access, including the standards it requires of employers and the monitoring arrangements it uses to verify compliance
Security Manager & Security Supervisor Training
Security managers and supervisors hold operational responsibility for the implementation of security procedures. They are the people who brief security staff, resolve access control queries in real time, manage security incidents, liaise with DfT inspectors, maintain security records, and ensure that the security measures described in the approved programme are applied consistently across every shift and every team. Training for security managers and supervisors must go well beyond the awareness level required for Category 10 — it must develop genuine competence in security management, incident response and the regulatory framework that governs both.
AACS designs and delivers security manager and supervisor training:
- Security manager training programme — covering the regulatory framework in depth, ASP content and management, DfT inspection management, security incident response, security compliance monitoring, staff management and the legal framework governing security decisions
- Security supervisor training — operational security management, briefing and debriefing security staff, real-time access control decision-making, incident reporting and escalation, and supervisor responsibilities under the approved security programme
- New security manager induction — structured induction programme for managers taking up the security manager role, covering the specific ASP, current compliance status and outstanding corrective actions
- Security management skills development — targeted skills development for security managers in specific areas: compliance monitoring, incident investigation, threat assessment, stakeholder engagement and DfT relationship management
Screener & Security Officer Training
Security screeners and officers operate the front-line security measures on which the aviation security framework depends. Their training must meet the syllabus requirements of the applicable implementing regulation, be delivered by appropriately approved providers, and be assessed for competence rather than merely for attendance. The quality of screener training directly determines the effectiveness of the screening function — a screener who has been trained but not genuinely competent is a gap in the security perimeter, not a contribution to it.
AACS provides screener and security officer training advisory and programme design:
- Screener training programme design — structured training in passenger and baggage screening, hold security checks, vehicle screening and the specific screening equipment deployed at the aerodrome, calibrated to the DfT-approved syllabus content
- Security officer training programme design — access control procedures, identity document verification, challenge procedures, search authority, use of detection equipment and incident response
- Competence assessment framework — practical assessment standards, scenario-based testing and the records framework that demonstrates screener and officer competence to DfT oversight
- Recurrent screener training — refresher training at required intervals, incorporating performance data, recent incident learning and any changes in screening procedures or equipment
- Training quality assurance — monitoring the effectiveness of screener and security officer training through post-training competence observation and performance trend analysis
Cargo & Mail Security Training
Personnel with cargo and mail security responsibilities — regulated agent staff accepting, screening and securing consignments, known consignor personnel managing the security of their own product, and airline and ground handler staff receiving and loading secure cargo — carry security training obligations that are specific to their role in the cargo security chain. Generic security awareness training does not satisfy these obligations. AACS designs cargo and mail security training for the specific role:
- Regulated agent staff training — covering the regulatory basis for regulated agent status, security control obligations, consignment acceptance and verification procedures, screening requirements, documentation management and the consequences of security failure in the cargo chain
- Known consignor staff training — covering the known consignor approval basis, site security obligations, consignment security procedures, staff background check requirements and the interface with regulated agents
- Airline and ground handler cargo acceptance training — covering the procedures for accepting cargo from regulated agents and known consignors, verifying security status documentation, and managing consignments that do not meet security requirements
Security Culture & Awareness Programme
Beyond the role-specific training that the regulatory framework requires, effective aviation security depends on a security culture in which every person with access to the security-sensitive environment understands that security is a shared responsibility — not a function performed by security staff while everyone else gets on with their job. A person who observes a tailgating incident at an airside access gate and does not challenge or report it because they regard it as someone else’s concern is a gap in the security system, regardless of how well trained the security officer at the gate is.
AACS designs security culture and awareness programmes for aerodrome operators and regulated organisations that build genuine security consciousness across the full airside community:
- Security culture assessment — evaluating the current security culture across the organisation or aerodrome community, identifying where security awareness and security behaviour fall short of the standard the framework requires
- Security awareness campaign design — the communications, briefings and engagement activities that build ongoing security awareness beyond the initial training event
- Insider threat awareness programme — specifically addressing the insider threat — the risk that persons with legitimate access use that access to facilitate unlawful interference — and building the reporting culture that surfaces insider risk indicators before an event occurs
- Security reporting scheme design — the mechanism through which staff at all levels can report security concerns, suspicious behaviour and security incidents without consequences, and which routes those reports to the people with authority and responsibility to act on them
Airside Identity Management & Access Control
The airside identity card is the mechanism through which the aerodrome operator controls who has access to the security restricted area. Every person holding an airside ID card has been through a background check, holds a current Category 10 security training certificate, and has been assessed as presenting no unacceptable security risk. The management of that identity card system — the background check process, the pass issue and renewal process, the records management framework, and the control of access rights — is a primary security management obligation for aerodrome operators, and a significant compliance management challenge for organisations with large and rotating workforces.
Airside Identity Card Scheme Management
AACS provides advisory and documentation support for aerodrome operators managing airside identity card schemes:
- Background check framework — the process through which background checks are conducted, verified and recorded for all new airside pass applicants, covering the regulatory requirements for different access categories
- Pass issue and administration process — the procedures through which ID cards are issued, access rights assigned, and cards managed through the holder’s period of airside access
- Pass renewal and expiry management — the system through which pass renewals are triggered, background checks refreshed, and training currency verified before renewal
- Pass withdrawal and return procedures — the processes governing the return of ID cards when an individual’s airside access ceases, including the management of cards issued to contractors and temporary workers
- Access right management — the framework through which access rights are assigned proportionately to the access the individual requires, and the procedures for escalating access rights where operational requirements change
- Identity management records system — the records framework that enables the aerodrome operator to identify all current pass holders, their access rights, their background check dates and their training status at any time
- Employer obligations framework — the governance framework through which the aerodrome operator manages the obligations of employers whose staff hold airside passes, including the notification requirements when staff leave, change roles, or give rise to security concerns
Access Control System Documentation
The physical and electronic access control systems that protect the security restricted area must be accurately described in the ASP. The procedures governing their operation — who has access to which zones, how access rights are managed, what happens when the system fails or is bypassed, and how violations are detected and reported — must be documented and implemented consistently. AACS provides access control documentation for aerodrome operators:
- Access control system description — accurate documentation of the physical and electronic access control infrastructure for inclusion in the ASP
- Access control operating procedures — the SOPs governing the day-to-day operation of the access control system, covering all access categories and failure scenarios
- Tailgating and piggybacking prevention procedures — the measures and monitoring arrangements that detect and prevent unauthorised access through controlled access points
- Contractor access control framework — the specific procedures governing the access of construction and maintenance contractors to the security restricted area, including temporary pass arrangements and supervision requirements
Security Management System Development
A security management system is not the same as a security programme. The Airport Security Programme describes what security measures are in place. The security management system is the organisational framework through which those measures are managed, monitored, maintained and improved — the governance through which security performance is assessed, security incidents are investigated for systemic learning, changes in the threat environment are assessed and addressed, and the organisation’s security compliance position is visible to leadership.
Many regulated aviation organisations have an approved ASP or security procedures document but do not have a functioning security management system. The security programme is documented and approved. The security measures it describes may or may not be consistently applied. But there is no systematic mechanism for monitoring compliance with the programme, investigating security incidents for root causes, tracking corrective actions to closure, or identifying when the programme needs to be updated in response to changes in operations, threat or regulation. AACS develops security management systems for aerodrome operators and regulated organisations:
- Security policy and governance framework — the policy commitment, organisational accountability structure and governance framework that make the security management system operational rather than aspirational
- Security threat and risk assessment process — a structured, repeatable process for assessing the current security threat environment and its implications for the organisation’s security arrangements
- Security performance monitoring — the metrics and monitoring arrangements through which the organisation tracks its security compliance performance, identifies trends and detects deterioration before it becomes a significant failure
- Security incident investigation methodology — the process through which security incidents and near misses are investigated for systemic root causes, and the findings used to improve the security programme
- Security change management process — the governance through which changes to operations, infrastructure, personnel or regulatory requirements are assessed for security implications and the security programme updated accordingly
- Security management review — the periodic review process through which senior leadership assesses the organisation’s security management performance, oversight effectiveness and compliance position
- SMS and security management integration — for organisations that hold both an aviation SMS and security management obligations, designing the integration between the two frameworks so that security incidents, near misses and safety-security interfaces are managed coherently
The AACS Approach to Aviation Security
Aviation security documentation that does not accurately describe the security arrangements as implemented is not a security programme. It is a liability document — one that creates the appearance of compliance while the actual security gaps it conceals remain open to exploitation. AACS writes what the organisation actually does, advises where what it does falls short of what it must do, and builds the compliance framework that closes the gap.
AACS advisors bring direct experience of aviation security regulatory compliance, ASP development, DfT inspection management and security training design across the full range of regulated aviation organisation types. We understand the DfT’s regulatory framework and inspection methodology, the operational reality of managing security compliance in a complex multi-employer airport environment, and the specific security management challenges facing smaller aerodrome operators and regulated organisations without dedicated security compliance resource.
We work across the full range of organisation types and sizes — from major aerodrome operators managing complex multi-airline security environments through to small regional airports and business aviation operators seeking initial DfT approval of their security arrangements. The regulatory obligation is proportionate to the scale and risk profile of the operation; the quality of the security programme and the rigour of the compliance framework must not be.
Our advice is independent. We have no commercial relationship with any security equipment supplier, security staffing company or training software provider that would influence our recommendations. Our advisory is shaped by what the regulatory framework requires, what the DfT inspector will assess, and what will actually protect the security of the aerodrome and the people who use it.
We are direct. An organisation whose security programme does not accurately describe its security arrangements, whose training records do not support its compliance claims, or whose access control system has vulnerabilities the ASP does not acknowledge will receive that assessment clearly — and a structured, practical plan for addressing it before the DfT inspector makes the same finding under enforcement authority.
Services at a Glance
| Service Area | What AACS Provides |
| Airport Security Programme development | Initial ASP development for new or revised DfT approval, including threat and risk assessment, all security function documentation and DfT submission management |
| ASP revision & amendment | Revision following physical, operational or regulatory change; gap analysis between ASP and current security reality; DfT amendment submission |
| Airline security procedures | Development, revision and DfT submission of airline security procedures documents |
| Ground handler security procedures | Development and revision of ground handler security procedures, multi-aerodrome consistency and DfT submission |
| Regulated agent & known consignor documentation | Security programme development for regulated agent and known consignor approval applications |
| Security compliance monitoring system | Compliance framework design, internal audit programme, checklist development, non-compliance process and documentation |
| Independent security audit | Full compliance audit against ASP and applicable requirements, access control and screening testing, corrective action plan |
| DfT inspection preparation | Pre-inspection audit, documentation readiness review, access control and screening testing, inspector engagement preparation |
| DfT inspection finding response | Root cause analysis, corrective action plan, ASP amendment, DfT formal response and post-corrective action verification |
| Category 10 security awareness training | Aerodrome-specific training design, delivery, assessment, recurrent training and scheme management framework |
| Security manager & supervisor training | Training programme design and delivery for security managers, supervisors and new security management appointments |
| Screener & security officer training | Training programme design, competence assessment framework and recurrent training |
| Cargo & mail security training | Role-specific training for regulated agents, known consignors and cargo acceptance personnel |
| Security culture & awareness programme | Culture assessment, awareness campaign design, insider threat programme and security reporting scheme |
| Airside identity management | Background check framework, pass management, renewal systems, employer obligations and records management |
| Security management system development | Policy, governance, threat and risk assessment process, performance monitoring, incident investigation and SMS integration |
Speak to an AACS Specialist
Whether you are developing an initial Airport Security Programme, revising documentation that no longer accurately reflects your security arrangements, preparing for a DfT inspection, responding to inspection findings, designing security training for your workforce, or building a security management system that manages your security obligations as a coherent operational programme, AACS provides the specialist expertise to deliver what you need.
We will be direct about your security programme’s compliance position, what the regulatory framework requires, and how we can help you build aviation security arrangements that genuinely protect the aerodrome and satisfy the DfT.
