What is it?

Security concerns the design and application of physical, personnel (people), information and cyber protective security measures to protect assets and operations against malicious attacks such as terrorism, espionage, theft and crime. Resilience is the ability of an organisation to anticipate, prepare for, respond and adapt to incremental change and sudden disruptions in order to survive and prosper.


At CRA, we believe that investment in effective organisational security and resilience goes beyond the identification and response to risks at the operational and tactical levels. Security and resilience needs to be systemic, and part of an organisation’s memory i.e. represented as part of day to day activity in data, information, and knowledge and not solely reliant on specific individuals or roles. Furthermore it requires commitment from senior management to create the enablers and levers that ensure proportionate and effective arrangements are in place to identify, respond to, and manage security risks and ensure adequate resilience across the organisation.


This provides a greater opportunity to identify leading indicators for security and resilience facilitating a proactive and preventive approach. Furthermore, when effective organisational security and resilience is an integral part of how an organisation operates, it is more likely to result in measures that endure.

Why is it important?

New and existing threats to our security, safety and organisational resilience are continuously evolving. They present a persistent challenge for organisations creating risks to the effective continuity of business and potential harm to people. Socioeconomic, political, environmental, world order, and innovation, particularly advances in digitisation, are all factors that contribute to the evolution of security threats and can influence the rapid development and spread of crime, disruptive activities, and terrorism.

The importance of considering the integrated risk from physical, information, cyber, and people based security is overlooked too often by organisations who tend to maintain an isolated focus on these areas. The impact of security breaches to organisations span reputational damage, financial loss, operational deficiencies, political, and regulatory issues.

What we do?

We have a specialist team of security and resilience practitioners with extensive experience across a range of sectors that cover the Critical National Infrastructure including Transport, and Nuclear.



We carry out organisational reviews of security management, providing a gap analysis of physical, information, cyber, and personnel security areas under a typical plan, do, check, act approach. As part of this we run assessments of security climate to identify potential concerns, emergent risks, and issues across all levels of the organisation.

The work includes industry benchmarking and identification of best practices that can be adapted and implemented in an effective and proportional manner. We provide specialised support to the assessment of security systems and processes including security technologies test and evaluation.



Our services include:

  • Preparation of hazard analysis and consequence assessments, required under the Radiation (Emergency Preparedness and Public Information) Regulations (REPPIR)
  • Service Accident Analysis (SAA): Support to production of SAA technical reports, including identification of potential adverse states that could arise following a severe accident and analyses of the options open to the site to bring the position back under control
  • Support with emergency planning and preparation of emergency, CT and business continuity plans
  • Test and Exercise Facilitation: Work with client and their key stakeholders (Site, Regulators, Local Authority, Emergency Services etc.) to produce and manage realistic and challenging emergency exercises with scenarios based on security threats, safety incidents and business risks
  • Assessment of Emergency Command and Control Facilities

Related Pages

AI Safety Case

read more

Risk & Reliability

read more

Get in touch