DTI rejects security consultant regulation

A government study has failed to find any compelling reasons to license IT security consultants despite suggestions that the...

A government study has failed to find any compelling reasons to license IT security consultants despite suggestions that the sector should be regulated, Computer Weekly has learned.

The study, which is due to be published some time in the next few weeks, is expected to show that users do not have sufficient concerns to justify a complex and potentially expensive licensing programme for IT security consultants.

The report was commissioned by the Department of Trade & Industry in an attempt to end the uncertainty surrounding last year's Private Security Industry Act, which calls for the regulation of "security consultants".

Although conceived as a way of regulating security guards and nightclub bouncers, in practice the Act could potentially be used to make licensing a requirement for IT security professionals.

The DTI report is understood to have identified significant practical barriers to the regulation of the profession, which will make any licensing system less likely.

There is no evidence that information security consultants present any greater threat than other business consultants, the DTI is expected to say.

Many of the real-life problems faced by IT departments result from badly written specifications and difficulties in the implementation stage, rather than from poor advice from security consultants.

The DTI report is expected to conclude that there would be no straightforward way of identifying what an IT security consultant is. Any definition based on skills would be likely to bring general business consultants under the scope of the licensing regime.

However, the DTI's findings are unlikely to end the uncertainty surrounding the Private Security Industry Act. Whether IT security professionals are regulated or not will ultimately depend on how the newly formed Security Industry Authority chooses to define the term "security consultant".



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...