DTI rejects security consultant regulation

A government study has failed to find any compelling reasons to license IT security consultants despite suggestions that the...

A government study has failed to find any compelling reasons to license IT security consultants despite suggestions that the sector should be regulated, Computer Weekly has learned.

The study, which is due to be published some time in the next few weeks, is expected to show that users do not have sufficient concerns to justify a complex and potentially expensive licensing programme for IT security consultants.

The report was commissioned by the Department of Trade & Industry in an attempt to end the uncertainty surrounding last year's Private Security Industry Act, which calls for the regulation of "security consultants".

Although conceived as a way of regulating security guards and nightclub bouncers, in practice the Act could potentially be used to make licensing a requirement for IT security professionals.

The DTI report is understood to have identified significant practical barriers to the regulation of the profession, which will make any licensing system less likely.

There is no evidence that information security consultants present any greater threat than other business consultants, the DTI is expected to say.

Many of the real-life problems faced by IT departments result from badly written specifications and difficulties in the implementation stage, rather than from poor advice from security consultants.

The DTI report is expected to conclude that there would be no straightforward way of identifying what an IT security consultant is. Any definition based on skills would be likely to bring general business consultants under the scope of the licensing regime.

However, the DTI's findings are unlikely to end the uncertainty surrounding the Private Security Industry Act. Whether IT security professionals are regulated or not will ultimately depend on how the newly formed Security Industry Authority chooses to define the term "security consultant".

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.