Organisational Counter Terrorism Assessment

UK Protect Duty

(MARTYN’S LAW)

Organisational Counter Terrorism Assessment

Why This Assessment Exists

The up and coming introduction of Protect Duty (Martyn’s Law) marks a significant shift for UK organisations.

For many in the UK, this is a new requirement, but the reality is, private sector counter terrorism capability has existed and evolved globally for decades. The UK is now moving to close that gap, requiring a rapid uplift not only in awareness, but in practical, deliverable capability.

This assessment has been developed to support organisations and security professionals in understanding where they stand, how capability is actually delivered in real-world environments, and what is required to meet both the intent and expectations of the new law.

The assessment is also an excellent benchmarking system for organisations that also operate outside of the United Kingdom.

Note: Under development but the version below is available for any organisation to take now.

Understand Your Current Capability Level

This assessment provides a structured benchmark of how your organisation is currently positioned or plans to position itself against the requirements of the new Protect Duty (Martyn’s Law).

It evaluates how you:

Interpret and apply risk
Implement protective security measures
Prepare for and respond to incidents
Develop staff capability
Justify decisions under scrutiny

What This Assessment Is And Is Not

This is not a formal audit or legal determination of so called compliance.

It is a reasonable, scenario based benchmark designed to assist organisations to assess:

How effectively your organisation aligns with the principles set out in Protect Duty and SIA guidance
How well those principles translate into real-world capability
A benchmarking test of future plans
A guide for what is required once the law is in affect

The outcome highlights:

Strengths
Gaps
And areas requiring improvement

Why This Matters

Under Protect Duty, organisations will not be judged solely on:

Documentation
Policies
Or intent

They will be judged on:

What they have implemented
What their people understand
And what they can deliver in real conditions

This assessment is designed to reflect that reality.

Aligned to Guidance — Focused on Delivery

The scenarios questions are built around:

Protect Duty (Martyn’s Law) requirements
SIA guidance and expectations
Established private sector counter terrorism principles

Including:

Reasonably practicable decision-making (SFAIRP)
Preparedness that works in practice
Staff capability and behaviour
Defensibility of decisions under scrutiny

A Practical Benchmark — Not a Static Rulebook

Protect Duty legislation and SIA guidance will continue to evolve over the coming months and years.

However:

The fundamentals of private sector counter terrorism, risk understanding, proportionate protection, and real-world capability have remained consistent for decades.

This assessment also involves those enduring principles.

What You Will Receive

At the end of the assessment, you will receive:

A clear indication of your current position
Insight into how your approach aligns with expectations
Identification of key capability gaps
Practical direction on how to improve

Who This Is For

Responsible Persons
Senior Individuals (Enhanced Tier)
Security and Risk Professionals
Business leaders accountable for Protect Duty delivery

Before You Begin

Answer questions based on what your organisation can currently deliver in reality and how you interpret whats required now, do not game play the questions to chase a good score.

This will ensure your result reflects true capability, not assumption.

Time Required

5 – 7 minutes
21 scenario based questions

Start the Assessment

Welcome to your Organisational Counter Terrorism Assessment

Scope & Tier Determination

An organisation operates a public-facing venue with fluctuating attendance. Leadership has not formally defined whether it falls under Standard or Enhanced Tier expectations. What is the most appropriate approach?

Assume Standard Tier requirements until formally instructed otherwise

Apply general protective measures based on industry norms

Formally assess use, capacity, and function to determine tier and apply requirements accordingly

Review capacity and usage periodically to inform decision-making

Responsibility & Accountability

A senior leader has been assigned responsibility for Protect Duty compliance but has limited operational involvement. What is the most effective approach?

Actively understand, direct, and be able to justify decisions and capability

Rely on external advisors to guide compliance decisions

Delegate responsibilities to operational teams with periodic updates

Maintain oversight through reporting and documentation

Risk Assessment

The organisation has completed a risk assessment using a standard template. What determines whether it meets Protect Duty expectations?

Inclusion of identified threats and mitigation measures

Ability to justify decisions as proportionate, reasonable, and practicable in context

Alignment with industry guidance and best practice

Completion of a recognised risk assessment format

Threat Understanding

The site relies on national threat levels to guide its security posture. What is the most effective approach?

Increase measures during periods of heightened threat

Interpret threat in the context of site, environment, and exposure

Use threat levels to inform general awareness and readiness

Align security posture directly with the national threat level

Vulnerability Assessment

A venue has installed visible deterrents but has not assessed how they integrate with operations. What is the key issue?

Deterrents may not be sufficient on their own

Controls may not align with best practice guidance

Measures may not reflect current threat levels

Measures may not address how vulnerabilities exist in real use

Protective Security Design

Security measures have been implemented as standalone solutions across the site. What is the most effective improvement approach?

Introduce additional systems to cover gaps

Integrate security into operations, environment, and user behaviour

Strengthen key access points

Increase the number of visible deterrents

Preparedness Planning (ST)

A standard-tier premises has documented evacuation and lockdown procedures. What determines whether these meet Protect Duty requirements and SIA expectations in practice?

Procedures are documented and accessible

Procedures can be executed effectively in real conditions

Staff are aware of procedures

Procedures align with guidance

Preparedness Planning (ET)

An enhanced-tier venue has comprehensive response plans. What is the key test of their effectiveness?

Level of detail within the plans

Alignment with regulatory guidance

Ability to operate effectively under real-world pressure

Inclusion of multiple response scenarios

Staff Training

The organisation delivers annual awareness training to staff. What is the key consideration to meet Protect Duty requirements and align with SIA expectations?

Staff complete training and acknowledge understanding

Content reflects recognised guidance

Training results in behaviour change and operational capability

Training is delivered consistently across staff

10.

Behavioural Detection & Awareness

Staff are instructed to remain vigilant and report concerns. What is the most effective way to strengthen this capability?

Train staff to understand baseline behaviour and identify deviations

Encourage reporting of unusual activity

Provide examples of suspicious behaviour

Reinforce vigilance messaging regularly

11.

Communication (Internal)

During an incident, communication delays impact response effectiveness. What is the key improvement area?

Improve coordination between teams

Ensure communication supports decision-making and action under pressure

Increase communication channels

Provide clearer communication procedures

12.

Communication ( Senior Stakeholders)

Senior leaders receive technical security updates but struggle to make decisions. What is the most effective improvement?

Provide more detailed reports

Simplify technical language

Frame risk in terms of business impact and required decisions

Increase frequency of updates

13.

Testing & Exercising

The organisation has not tested its response plans in live scenarios. What is the key risk?

Gaps in coordination may exist

Plans may not work under real-world conditions

Plans may not align with current guidance

Staff may not fully understand procedures

14.

Maintenance & Review

Security measures have remained unchanged for several years. What is the most effective approach?

Review measures against emerging threats

Continuously review, test, and adapt controls

Maintain current measures unless issues arise

Update systems periodically

15.

Decision Justification (Courtroom Context)

Following an incident, an organisation is asked to justify its security decisions. What will be most critical?

Documentation of implemented measures

Ability to demonstrate decisions were reasonable, proportionate, and practicable

Evidence of following guidance

Records of training and planning

16.

Real-World Delivery vs Paper Compliance

An organisation has comprehensive documentation but limited operational capability. What is the key issue?

Procedures may not reflect best practice

Capability does not match documented intent

Documentation may require updating

Training plans may need improvement

17.

Senior Individual (ET)

A Senior Individual is appointed but not engaged in operational delivery. What is the primary risk?

Reduced oversight of compliance

Inability to justify decisions and capability

Lack of alignment with guidance

Ineffective coordination across teams

18.

Resource Allocation

An organisation limits investment in protective security counter terrorism due to cost concerns. What is the correct approach?

Apply standard controls within budget

Balance risk reduction against cost and operational impact

Focus on low-cost measures

Prioritise visible security improvements

19.

Integration with Business Operations

Counter terrorism measures disrupt normal operations and are often bypassed. What is the key issue?

Processes may be too restrictive

Measures may not be clearly communicated

Security has not been integrated into how the organisation operates

Staff may not understand requirements

20.

Crisis Management

The organisation has documented response procedures for evacuation and lockdown under Protect Duty requirements. What determines whether its crisis management capability is effective in practice?

Staff are aware of procedures and understand their roles

Procedures are clearly documented and accessible to relevant staff

The organisation can establish control, make decisions, and coordinate actions effectively under real-world pressure

Response plans align with Protect Duty requirements and recognised guidance

21.

Business Continuity

Following a serious terrorism or hybrid incident, an organisation focuses on its immediate response but has limited planning for operational recovery. What is the most effective approach to align with Protect Duty requirements and SIA expectations?

Develop recovery plans based on standard business continuity frameworks

Restore operations as quickly as possible once the incident has been resolved

Integrate response and recovery planning to ensure the organisation can continue or rapidly restore operations in line with risk and impact

Identify critical functions and prioritise their restoration following disruption

1 out of 1

UK Protect Duty

Organisational Counter Terrorism Assessment

Mildot Group®

Our Mission

Who We Are

What We Do

International Security Experience You Can Trust

Trusted at the Highest Levels