SABRE: a framework for enhanced security performance
What is it?
SABRE (Security Assurance by the Building Research Establishment) is a security risk management standard for new and existing buildings, infrastructure assets and managed space.
It aims to improve security and safeguard return on investment by providing a framework for the design, construction and operation of buildings. It is part of BRE Global Limited (itself part of the BRE Group), an independent, third-party approvals organisation, which also provides training to individuals who wish to become SABRE Registered Assessors. It has been recognised by RIBA, among others.
Why was it introduced?
Launched in 2017, SABRE was to some degree a response to a survey that year by the BRE Group in which two-thirds of respondents expressed an increased anxiety about crime compared to 2012. A majority of respondents were consequently of the view that a more proactive management of security would mitigate these fears.
The principles it employs are similar to BREEAM assessments, which have already been discussed on this site. The only difference is what is being measured: BREEAM is interested in sustainability, but of course that needs to be considered in tandem with security.
How does it work and what does it measure?
SABRE lists a selection of benefits, including improved construction quality, greater operational effectiveness, independent assurance, value for money, and enhanced marketability.
As you would expect with a quality assurance procedure, the idea is to recognise and reward good practice by measuring the performance of those involved in the built environment sector, in order to help companies inform their investment decisions and transparently communicate their security credentials to relevant parties. BRE Global states that SABRE will:
- communicate the security credentials of the facility to internal and external stakeholders
- measure facility performance and target areas for future improvement and investment
- benchmark performance across a portfolio of assets
- demonstrate that a project has delivered on contractual requirements.
The framework comprises nine technical sections split into three larger sections and seventy different assessment issues that need to be addressed. Each section has an aim, and each issue has criteria and associated metrics. Rating is done on a sliding scale between 1, which is deemed acceptable, and 5, representing outstanding. Let’s look in a little more detail:
Section 1 is concerned with facility security requirements and is sub-divided into two technical sections that cover “understanding the facility and context” and “facility security risk”. The aim is obviously to assess whether management has established and maintained an understanding of their facility security requirements.
Both technical sections contain a set of criteria that includes the identification of the relevant parties, legal requirements, security dependencies and assessment procedures.
If you are a facilities manager with responsibility for the application of management systems standards in other disciplines such as quality and environmental management, these requirements and the path to their achievement will be familiar, as they reflect the type of clauses contained in these standards.
Section 2 pertains to planning for a secure facility and is sub-divided in three. The sections cover facility security strategy, design, and risk management planning. Section 2 is designed to “assess whether management adopt a strategic and holistic approach to the identification and specification of appropriate and proportionate facility security controls”.
These sections mirror what is considered the current good practice in security planning, such as ensuring the strategy and subsequent design and planning is predicated upon the principles of deterrence, detection, delay and disruption and unwanted adversarial activity.
This is an example of how SABRE recognises the need to integrate security measures with other relevant design elements such as those concerning fire safety.
The third section covers facility security implementation and management aims to measure whether there is “strong leadership and commitment to security risk management at a facility”. It comprises three technical sections on incident management, project management, and the development and operation of a security risk management system.
As described above, many of the requirements echo those found in other management system standards: the need for demonstrable leadership and commitment from the responsible person; adequate resources; and competency and performance monitoring.
There is also a requirement in this section to develop and exercise procedures for incident management and recovery.
The final technical criterion is a requirement for innovation. This sits across all the other criteria and aims and can be considered a guiding principle. It covers innovation in several areas, such as the apposite use of technology to improve the security performance of the facility.
There are two modes of assessment: online via self-assessment, with the option to take best-performing assets through to the other mode: third-party assessment via a Registered Assessor.
One final note: SABRE provides a Readiness Checklist to help those either involved in the procurement of new facilities or operating existing facilities determine if they are ready to undertake SABRE assessment and certification. There is a checklist, which helps prospective applicants understand whether the values and objectives of the scheme are in alignment with their own.
Once the checklist is completed, a recommendation is made. This is a very good idea, as it saves people from putting time and money in when they’re not ready, and is an excellent first step in what is essentially a cost-benefit analysis.
Mainer Associates is working towards becoming Registered Assessors.