Hea 06 - Security

Exemplary level credit - KBCN1131

The exemplary level credit of Hea 06 requires the use of a compliant risk based security rating scheme and for the project's performance against the scheme to be confirmed through independent assessment and verification. Where this criterion has been met and the exemplary level credit is achieved, the 'Security of site and building' credit of Hea 06 is also automatically achieved. This is because the compliant risk based security rating scheme will cover the requirements of the 'Security of site and building' credit, in addition to covering many other aspects.

---

Exemplary level credit – Non-compatible schemes - KBCN1228

The following cannot currently be considered compliant with the requirements of the exemplary level credit for this Issue, which requires certification through a ‘compliant risk-based security rating scheme’ where ‘performance against the scheme has been confirmed by independent assessment and verification’:

• Secured by Design (SbD)
• Vulnerability Self Assessment Tool (VSAT)

18 Mar 2022 - Title and content updated to include VSAT
11 Nov 2021 - Updated (superfluous commentary removed).

---

Exemplary level credit – Using SABRE - KBCN1499

Order of certification To achieve the BREEAM exemplary credit, the SABRE 'design stage' or 'as-built' certification (as applicable to the BREEAM assessment stage) must be completed before BREEAM certification. Please also refer to KBCN1549 - Shell only and Shell and Core assessments - using SABRE Evidence output The most appropriate evidence output for this exemplary credit is a SABRE certificate corresponding to the stage of the BREEAM assessment (i.e. ‘design stage’ or ‘post-construction stage’). Providing the certificate demonstrates that the requirements of SABRE have been met and validated, which can mitigate any potential delays to the BREEAM QA process. SABRE 'design stage' certification can be sought at any time during the RIBA design stages, whilst 'as-built' certification is sought at handover. Timing of SABRE assessment Unlike the 'Security of site and building' credit, there is no strict cut-off point by which the SABRE assessment process must commence, however RIBA Stage 2 is recommended as a reasonable time by which to begin working towards SABRE certification.

04 Nov 2022 - Reference to KBCN1549 added

---

Secure Government sites – Security criteria - KBCN1652

Government security procedures, such as those for MoD sites, may take precedence in dealing with security risk. Therefore, the security criteria under which this issue is assessed may not be fully appropriate. However, BREEAM requires that a Suitably Qualified Security Specialist (SQSS) or the relevant Government department's security consultant undertake a risk-based security needs assessment during or prior to the Concept Design stage. The final design must embody the recommendations of the security consultant. Evidence requirements Where it is confirmed that, due to security issues, the assessor cannot provide complete evidence of the security assessment and implementation of the recommended measures, the following can be accepted: A written statement or report from the SQSS confirming:

• Justification of why the evidence requirements cannot be met
• Details confirming their status as SQSS for the project
• Dates of their consultations and inspections
• Confirmation that all the recommended security measures have been implemented

---

Security – Change of SQSS and recommendations - KBCN1044

If the SQSS working on the project changes during the assessment, the recommendations of the original SQSS can be modified if the new SQSS can provide justification for this.

---

Security needs assessment (SNA) – Formal consultation with relevant stakeholders - KBCN1470

Providing the SQSS can provide evidence of reasonable attempts to obtain feedback from relevant stakeholders, this aspect of the SNA requirements will be satisfied. In the event that a relevant stakeholder does not provide a response when consulted (e.g. if they do not respond following a reasonable period, or they confirm that are unable to deal with the enquiry), it would be expected that SQSS consider alternative sources of information. For example, the SQSS may decide to refer to freely-available crime data on the Police UK website, and include a summary or analysis of this in their SNA.

13 Sep 2021 Applicability to HQM confirmed

---

Shell only and Shell and Core assessments – using SABRE - KBCN1549

Where the SABRE assessment is registered and certified as shell & core, this can be accepted for meeting both the standard and exemplary level criteria of shell only/shell and core BREEAM assessments. Currently, Shell and Core SABRE certificates are identified as 'interim', but there is no requirement for further 'final certification' of shell & core SABRE assessments or any further evidence of the fit-out. Please also refer to KBCN1499 - Exemplary level credit – Using SABRE

---

SQSS – Individuals Recognised - KBCN1485

Individuals can continue to be considered a ‘Suitably Qualified Security Specialist’ (SQSS) for the purposes of compliance with HEA 06 (1 credit – Security of Site and Building) where adherence to the SQSS criteria 1-3, detailed below and in HEA 06, is evidenced to the BREEAM Assessor.

1. Minimum of three years' experience in a relevant security profession (in the last five years). This experience must clearly demonstrate a practical understanding of factors affecting security in relation to construction and the built environment, relevant to the type and scale of the project being undertaken.
2. Holds a qualification relevant to security.
3. Maintains a full membership to a relevant professional body, institute or certification scheme that has a professional code of conduct, to which members adhere.

Alternatively, individuals can be considered a ‘Suitably Qualified Security Specialist’ where adherence to the SQSS criterion 4 (detailed below and in HEA 06) is demonstrated to the BREEAM Assessor.

4. A specialist registered with a BREEAM recognised third party licensing or registration scheme for security specialists.

The following licensing/registration schemes are recognised as meeting the requirements of criterion 4 of the Suitably Qualified Security Specialist (SQSS) criteria. As such, individuals listed are also eligible to perform the role of SQSS:

A. SABRE Registered Professionals with ‘SQSS’ status – Live list here

B. Chartered Security Professionals (CSyP) - Live list here

C. Register of Security Engineers and Specialists (RSES) ‘General Security Advisor’ (GSA) - Live list here

  Note: DOCOs can be considered as suitably qualified subject to meeting criteria 1-3 and regional police forces may provide services in support of BREEAM. However, the Metropolitan Police has indicated that it will not provide services solely for the purposes of meeting the BREEAM Security Needs Assessment (SNA).   In all cases, Notes 1 and 2, below, shall apply to the appointment of the SQSS and the award of the available credit respectively.

Notes

1. Security professionals often possess knowledge and skills in relation to specific aspects of the discipline, whilst others may possess more holistic knowledge. Therefore, when appointing an SQSS, consideration should also be given to their experience and background, as well as the appropriateness of the individual to carry out the task assigned. The SQSS should be able to demonstrate independence and that they have experience dealing with similar projects with comparable security levels and risks.
2. Irrespective of who performs the role of SQSS, the 1 credit available for ‘Security of Site and Building’ may only be awarded if the assessment criteria are satisfied i.e. where a compliant, documented Security Needs Assessment (SNA) has been produced and subsequent risk-commensurate security recommendations have been implemented.

Definitions

SABRE Registered Professional SABRE Registered Professionals are deemed to meet the competency requirements of the various specialist deliverables within the SABRE security assessment scheme including: threat assessments, risk assessments, security strategies, technical design & engineering and concepts of operations (CONOPS). The registration is also intended to act as an indicator of professionalism for the benefit of the wider industry. Chartered Security Professional (CSyP) The Register of Chartered Security Professionals (CSyP) was established under a Royal Charter granted to the Worshipful Company of Security Professionals in the UK and launched in 2011. Registrants use CSyP as a post nominal. Being admitted to the Register and becoming a CSyP is a means of being recognised and continuing to represent the highest standards and ongoing proficiency. It is the gold standard of competence in security practice. CSyPs must comply with a Code of Conduct, a Professional Disciplinary Code, and also complete Continuous Professional Development each year. The Register is recognised across the UK, including by the Association of Security Consultants (ASC), the International Professional Security Association (IPSA), The Security Industry Authority (SIA) and CPNI (Centre for the Protection of National Infrastructure). Register of Security Engineers and Specialists (RSES) The Register of Security Engineers and Specialists (RSES) was established to promote excellence in security engineering by providing a benchmark of professional quality against which its members have been independently assessed. Registration is open to engineers, applied scientists and specialists who apply their knowledge to securing the built environment and infrastructure. RSES is sponsored by the Centre for the Protection of National Infrastructure (CPNI) and administered by the Institution of Civil Engineers’ (ICE) Membership Division.

04 Aug 2023 - Additional paragraph added to clarify that, if a DOCO is willing and able to do so, they can undertake the role of SQSS for BREEAM, provided they meet the eligibility criteria set out in criteria 1-3
15 Jul/07 Sep 2022 - Reference to DOCOs' suitability to perform the role of SQSS under Option 4.D. removed - The Metropolitan Police has indicated that DOCOs will not provide a consultation service solely for the purposes of meeting the BREEAM Security Needs Assessment (SNA). 
10 Dec 2021 - Further clarification added
17 Nov 2021 - First paragraph updated for clarity

---

Visual audit of site and surroundings - KBCN0685

The method of conducting the visual audit of the site and its surroundings required for a Security Needs Assessment (SNA) is at the discretion of the Suitably Qualified Security Specialist (SQSS). It can be carried out as a site visit, or through the review of relevant project information and drawings, provided the SQSS is satisfied that these are sufficient to inform their SNA & associated security recommendations. The approach should be justifiable in terms of the scale, complexity, location and any other specific aspects of the assessed development.

24/06/22 - Applicability to UK NC2018 confirmed

---