Is It ‘Legal’ To Design Security Systems Without A Licence? A Risk Management Perspective

Risk Management

By Dr Kevin J. Foster

Recently, I heard an argument from a licensed security consultant that, in a legal sense, an engineer in Victoria cannot design electronic security systems for a project in Western Australia (WA) unless he or she is licensed in WA. I have heard similar arguments previously; for example, that someone in Canberra cannot work on a security project in Queensland unless they are licensed in Queensland and so on.

The security industry legislation in WA clearly states that a security consultant (Class 4) licence is required if there is a transaction involving the provision of security advice to a paying customer and this transaction occurs in WA. The legislation has no specific requirements about who can or cannot draft technical specifications and drawings for the consultant’s consideration. The only requirement is that security advice must be provided to a paying customer under the authority of a security consultant’s licence and the licensed security consultant must be employed under the authority of a security agent’s licence.

In this context, it is the advisory transaction that is being regulated, not the location of the pre-transaction design work, and not who was involved in the drafting of specifications and drawings. All that seems to matter is whose licence is used to provide authorised advice to a paying customer and in what state the transaction occurred.

For example, if an electrical or electronics engineer (who we will call John) in Melbourne sends his security systems design to his colleague (Bill) in the same firm in Perth, then under WA security industry legislation, a licence is not required for that transfer of information from one office to another (for example, security systems diagrams and specifications).

However, if Bill then presents the security design in the form of security advice to a paying customer in Perth, then Bill will need to be a licensed security consultant as defined under the Security and Related Activities (Control) Act 1996 (WA) Part 3 Division 1 s. 13.

When an engineering team contributes to the design of a major building or civil infrastructure, a number of disciplines are involved. An electrical engineer (for example, John) might design electronic building services including intrusion alarms, CCTV and access control systems. If John has had no training in security risk management, it is possible he may not have a clear understanding of how any of these systems might reduce security risk, nor would he necessarily understand the intent of criminals or terrorists who might present a threat. However, if John is a chartered professional engineer and registered on the National Engineers Register, it might be a poor argument to suggest he does not have the expertise to design the technical elements of an electronic security system to a brief written by someone who is aware of the security risk issues.

However, there is a valid argument that John should not be advising paying customers about the impact of his designs on the customer’s security risk. This is where the security consultant has an important role. The security consultant (Bill) should be the interface between the customer and the design engineer (John). The security consultant should be the person responsible for presenting security advice to the customer, especially if there is an expectation that the security system’s design will alter the security risk in some way.

Similarly, structural and civil engineers might design security structures and barriers to stop a vehicle or to provide resilience to a blast pressure wave. This type of work is security related. However, interestingly, I do not hear arguments that civil and structural engineers need to be licensed security consultants. If their designs are entirely technical then perhaps they do not need to be. The test for who needs to be licensed or registered needs to be consistent. I think the legislation in each state is clear, but perhaps the arguments from security consultants are not always so consistent or logical.

Most states have legislation that regulates the provision of security advice to paying customers through provisions for licensing or registration of security advisers. I am not aware of any legislation that specifies a “licensed security systems designer”!

This article should not be construed as legal advice. It represents the personal opinion of the author who is a commentator on security risk management issues.

Dr Kevin J. Foster is the managing director of Foster Risk Management Pty Ltd, an Australian company that provides independent research aimed at finding better ways to manage risk for security and public safety, and improving our understanding of emerging threats from ‘intelligent’ technologies.