Protective Security Advisor: What They Do and When to Use One | CloseProtectionHire

The term “protective security” covers a substantial amount of ground: physical barriers and access control, personnel vetting, information handling, cyber-physical interfaces, counter-terrorism measures, and the management systems that tie them together. No single internal team in a mid-sized organisation will have specialist expertise across all of these domains. That is the space in which a protective security advisor operates.

The advisory role can be delivered through two channels: the government-funded network (NPSA Protective Security Advisors and NaCTSO Counter Terrorism Security Advisors) and the private sector. Both are worth understanding, because the right answer for most organisations involves both.

NPSA: The National Protective Security Authority

The National Protective Security Authority replaced the Centre for the Protection of National Infrastructure (CPNI) in March 2023. The NPSA has a broader remit than CPNI had – CPNI focused primarily on critical national infrastructure operators; NPSA extends that remit to include public-facing guidance for crowded places venues, businesses with counter-terrorism obligations under Martyn’s Law, and any organisation seeking to improve its protective security posture.

NPSA publishes guidance across:

• Hostile vehicle mitigation (NPSA HVM Guide 2024, PAS 170:2023 temporary measures, IWA 14-1:2013 permanent vehicle barriers)
• Hostile reconnaissance (recognising and countering pre-operational surveillance)
• Physical security of buildings (access control, perimeter, CCTV, security glazing)
• Personnel security (vetting, insider threat, pre-employment screening)
• Mail and deliveries (suspect packages, vehicle-borne IED recognition)
• Protective Security Advisor programme (the NPSA network of advisors working directly with organisations)

The NPSA PSA network provides free advice to eligible organisations – primarily those operating critical national infrastructure, government premises, or crowded places. Engagement with the NPSA PSA is typically initiated through the organisation’s sector regulator or through direct contact with NPSA.

NaCTSO: Counter Terrorism Security Advisors

NaCTSO (National Counter Terrorism Security Office) operates through local police Counter Terrorism Security Advisors (CTSAs), who are embedded in regional counter-terrorism policing units. CTSAs deliver:

Venue security reviews: A CTSA will visit a premise and conduct a structured assessment of its counter-terrorism vulnerability – perimeter, access control, CCTV coverage, evacuation capability, staff training, and the quality of the terrorism protection plan (where one is required). This is delivered free of charge.

ACT Awareness training: Action Counters Terrorism (ACT) is the public sector counter-terrorism awareness programme, covering threat recognition, hostile reconnaissance, the Run Hide Tell response protocol, and suspicious item procedures. ACT training is free and available to any business or organisation.

ProtectUK guidance: NaCTSO manages the ProtectUK platform, which consolidates counter-terrorism protective security guidance for businesses, venues, and event organisers. It includes Martyn’s Law compliance guidance, sector-specific resources, and the ACT training portal.

CTSAs do not have enforcement powers. The relationship is purely advisory.

Martyn’s Law and the Advisor Role

The Terrorism (Protection of Premises) Act 2025 – known as Martyn’s Law, named for Martyn Hett who was killed in the Manchester Arena attack on 22 May 2017 – creates a statutory duty on operators of qualifying premises and events.

Standard Tier (premises with a capacity of 200 to 799): duty holders must implement a terrorism protection plan and ensure staff are trained in its contents. The plan must address response to a terrorist attack – evacuation, invacuation, communication, and notification procedures.

Enhanced Tier (premises or events with a capacity of 800 or more): duty holders must produce both a terrorism protection plan and a security document – a more comprehensive assessment of terrorism vulnerability and the security measures in place to address it. They must also designate an individual responsible for the security document’s implementation.

The SIA is the designated regulator for Martyn’s Law. It will have powers to issue compliance notices and financial penalties for non-compliance.

The Act does not specify that a Protective Security Advisor must be used to develop the plan or document. But it does require that the plan and document reflect a genuine, systematic assessment of the premises’ vulnerability and the measures in place to address it. An organisation that has engaged with NPSA, NaCTSO, or a qualified private sector advisor is substantially better placed to demonstrate that standard has been met than one that has produced a plan internally without specialist input.

CONTEST and the Broader Counter-Terrorism Framework

CONTEST – the UK’s counter-terrorism strategy, most recently updated in 2023 – operates across four workstreams: Prevent (stop people becoming terrorists), Pursue (disrupt and prosecute terrorists), Protect (reduce vulnerability of people and places), and Prepare (mitigate the impact of attacks that do occur).

Protective security advisory sits primarily within the Protect strand. The specific measures it promotes – hostile vehicle mitigation, access control, staff training, suspicious item procedures – are designed to make it harder for an attacker to carry out an attack and to reduce the casualty potential if they do.

For venue operators, crowded places businesses, and event organisers, understanding where their obligations sit within the CONTEST framework is useful context for engaging with both government advisors and private sector consultants. A security advisor who presents recommendations within this framework – rather than as a disconnected list of technical measures – is communicating the purpose and priority of the work in a way that is useful for internal sign-off and governance.

The Private Sector Advisory Role

Government advisory services are free, high quality, and designed to meet the operational needs of most qualifying organisations. They have limitations: capacity constraints on the government side mean that advice is not always available at the speed a commercial programme requires, and the government advisor cannot carry commercial liability for the advice given or become embedded in an organisation’s procurement process.

Private sector protective security consultants fill these gaps:

• Independent security reviews with professional indemnity cover
• Expert witness and litigation support
• Security specifications for architectural projects and major refurbishments
• Procurement support for security equipment (CCTV systems, access control, vehicle barriers)
• Ongoing retainer relationships providing access to specialist advice for new projects and events
• Programme management for multi-site security improvement programmes

For event organisers with Martyn’s Law obligations, see our event security planning guide. For the crowd dynamics and capacity planning considerations that sit alongside the counter-terrorism measures, see our crowd management for public events guide.