We spoke to Philip about why preparedness matters, how organisations can avoid complacency, and why testing and exercising plans are just as important as creating them.

The challenge of measuring success

One of the unique challenges in protective security is that success can be difficult to measure.

Most organisations will never experience a terrorist attack, which can make it tempting to assume existing measures are sufficient.

However, Philip warns that this can create a false sense of confidence.

“99.9% of the time nobody actually attempts an attack on a venue or an event. So, you don’t know whether that was because of your plan, or because nobody actually tried anything. This can lead to overconfidence or complacency. Nobody should learn the hard way when something does happen.”

For Philip, the true test of preparedness is not simply having a plan, but ensuring it is informed by a thorough assessment of the threat and embedded through regular training, testing, and review.

Why testing and exercising matter

A recurring theme throughout Philip’s work is the importance of moving beyond documentation and ensuring plans work in practice.

For him, preparedness is not a one-off exercise but a continuous cycle of learning, testing, and improvement. He summarises this approach through a framework known as TrEV:

  • Train: Staff at all levels should understand their roles and responsibilities, and know what actions to take if an incident occurs.
  • Exercise: Plans should be regularly rehearsed to reinforce learning, build confidence, and maximise performance under pressure.
  • Validate: Exercises and real-world incidents should be debriefed to identify lessons learned, address gaps, and drive continuous improvement.

This cycle helps organisations build confidence that their procedures will remain effective when tested by real-world pressures.

As Philip explains, organisations can learn valuable lessons from routine incidents as well as major emergencies.

“When an ordinary crime takes place, a person becomes ill, or a potential threat turns out to be nothing, if the plan manages those incidents effectively and the team know what to do, that gives me reassurance that we are prepared.”

However, he is clear that testing and exercising remain the only reliable way to know whether plans will perform as intended.

When preparedness makes the difference

Drawing on his operational experience, Philip recalls a recent high-profile event where effective preparedness prevented what could have become a serious security incident.

While unable to share sensitive details, he explains that a suspect was identified attempting to gain unauthorised access to a secure site.

Because plans, processes, and responsibilities had been clearly established in advance, the threat was identified, assessed, and dealt with quickly.

“All the different parties and processes worked quickly and effectively. No time was lost.”

The outcome illustrates a point Philip often makes when discussing protective security:

“Very often the hallmark of a successful plan is that you know something happened, but the public don’t.”

In many cases, the most effective security measures are the ones that prevent incidents from escalating in the first place.

Effective decision-making starts before an incident

Preparedness is not only about plans – it is also about people.

According to Philip, effective decision-making in high-pressure situations depends on clear leadership, communication, and accountability.

Every security task must be assigned to the appropriate person. Those individuals need to understand the threat, their responsibilities, and why their role matters.

They also need supervision, support, and guidance when required.

Leaders must be capable of making timely decisions, while teams need confidence that communication channels will function when they are needed most.

“If the plan is not effectively communicated, or if lines of communication fail when something happens, effective decisions can neither be made nor implemented.”

Without those foundations in place, even the strongest security plans can quickly unravel.

Building competence through training

For Philip, there is both a moral and legal imperative for organisations to build capability in counter-terrorism protective security and preparedness.

The introduction of the Terrorism (Protection of Premises) Act 2025 (Martyn’s Law) has reinforced the importance of organisations understanding risk and implementing proportionate protective measures to reduce both the likelihood and impact of an attack.

The legislation places greater emphasis on competence, preparedness, and the practical implementation of protective security measures.

The Level 3 Award in Counter-Terrorism Protective Security and Preparedness helps organisations take a significant step towards building that capability.

“The course develops the skills and knowledge needed to support competence in this area. It is a significant and measurable step towards being able to fulfil those responsibilities effectively.”

Importantly, the qualification helps learners understand attack methodologies, threat assessment, protective measures, and preparedness planning in a practical and structured way.

A whole-of-society approach to preparedness

One of the key principles underpinning Terrorism (Protection of Premises) Act 2025 (Martyn’s Law) is that public protection cannot sit solely with security teams, policing, or emergency responders.

Instead, it reflects a whole-of-society approach to preparedness, recognising that organisations and frontline staff all have a role to play in reducing risk and responding effectively when incidents occur.

This means ensuring staff receive training, learning, and instruction that is:

  • Appropriate to their role
  • Relevant to their operating environment
  • Capable of supporting effective implementation in practice

For Philip, this shift from documented procedures to practical implementation is critical.

Real-world incidents rarely unfold neatly or predictably. Plans must therefore be understood, exercised, and embedded into day-to-day operations so that people know how to respond when faced with uncertainty.

This is one of the reasons he believes the benefits of preparedness extend far beyond counter-terrorism (CT) alone.

“A good CT protective security and preparedness plan is also an enhanced crime prevention plan, a crowd management plan, and an emergency incident plan.”

Organisations that invest in preparedness are not simply preparing for one type of threat. They are building resilience across a wide range of risks and disruptions.

A mindset for the future

The most important lesson Philip hopes learners take away from the CTPSaP qualification is that effective counter-terrorism preparedness does not always require significant investment.

“A good CT plan rarely needs expensive additional measures or equipment. It is often more about proper assessment and the effective use of existing resources.”

For many organisations, most of the time, the necessary security lies in understanding risk, making better use of existing measures, and ensuring people know how to respond. It is rarely about new equipment or significant additional expense.

After all, preparedness is not about eliminating risk. It is about ensuring teams can respond when it matters most – calmly, confidently, and consistently.

Learn more

If your organisation is looking to strengthen its approach to counter-terrorism, protective security, and preparedness, explore the Level 3 Award in Counter-Terrorism Protective Security and Preparedness (CTPSaP) and discover how Skills for Justice Training can support your teams.

Find out more

Frequently asked questions about the Level 3 Award in Counter-Terrorism Protective Security and Preparedness

What is the Level 3 Award in Counter-Terrorism Protective Security and Preparedness (CTPSaP)?

The SFJ Awards Level 3 Award in Counter-Terrorism Protective Security and Preparedness (CTPSaP) is a qualification designed to provide learners with the knowledge, skills, and understanding of terrorist attack methodologies, how to assess the likelihood of such threats, and the mitigation strategies available to reduce risk.

Following the introduction of the Terrorism (Protection of Premises) Act 2025 (also known as Martyn’s Law), protective security has become an increasingly important professional standard, while organisational preparedness has become a key responsibility. Developed by SFJ Awards in partnership with the National Counter-Terrorism Security Office (NaCTSO), this is the only policing qualification endorsed by Counter-Terrorism Policing.

What does CTPSaP stand for?

CTPSaP is the acronym for the SFJ Awards Level 3 Award in Counter-Terrorism Protective Security and Preparedness.

What is the Terrorism (Protection of Premises) Act 2025?

The Terrorism (Protection of Premises) Act 2025, also known as Martyn’s Law, received Royal Assent on 3 April 2025.

It introduced new legal duties for certain premises and events across the UK to improve security and preparedness against terrorism.

What is Martyn’s Law?

Martyn’s Law is the common name for the Terrorism (Protection of Premises) Act 2025, which requires certain public venues and events in the UK to take proportionate steps to improve security and preparedness for potential terrorist attacks.

Who does Martyn’s Law apply to?

The Terrorism (Protection of Premises) Act 2025 (also known as Martyn’s Law) applies to publicly accessible premises and events in the UK where 200 or more people may be present. It places legal duties on those responsible for these locations – individuals, organisations and companies – with requirements that increase according to venue size and level of risk.

There are two tiers:

Standard Tier (200-799 people) – Publicly accessible premises such as retail, restaurants, entertainment venues, museums, galleries, and places of worship etc.

Enhanced Tier (800+ people) – Larger venues and events in high-capacity crowds.

Does achievement of the CTPSaP qualification make my business, venue or event compliant with the Terrorism (Protection of Premises) Act 2025 (also known as Martyn’s Law)?

No qualification or training on its own will make a venue, site or organisation compliant.

Compliance is about more than this. However, this qualification provides an excellent foundation of knowledge from which organisations can develop a counter-terrorism risk assessment and preparedness plan as outlined in the requirements of Martyn’s Law.

Where and how can learners complete this qualification?

As a registered training provider approved to deliver the SFJ Awards Level 3 Award in Counter-Terrorism Protective Security and Preparedness (CTPSaP), Skills for Justice Training offers this qualification through scheduled learner cohorts.

You can book onto one of our upcoming cohorts now.

Book now

What should organisations do if the terror threat level in the UK is SEVERE?

As of 30 April 2026, the UK National Threat Level was raised to SEVERE. This means a terrorist attack is highly likely.

When the threat level is SEVERE, organisations should move to a heightened state of security, review contingency plans and ensure staff vigilance.

Find out more about how to review your security plans in response to the increased national threat level.

Does my organisation need counter-terrorism training?

Yes, it is highly recommended and, in many cases, mandatory that organisations in the UK undertake counter-terrorism training, especially with the introduction of new legislation like the Terrorism (Protection of Premises) Act 2025 (also known as Martyn’s Law).

For more advice and guidance on counter-terrorism training, please visit Protect UK.

What is the Section 27 statutory guidance?

The Section 27 guidance for the Terrorism (Protection of Premises) Act 2025 (Martyn’s Law) was published in April 2026. It provides mandatory, actionable advice to help duty holders understand and comply with their legal obligations relating to security and public safety at qualifying premises and events.

Does Martyn’s Law apply to churches?

For most places of worship, the government has stated that the requirements are not intended to be onerous or require significant physical investment.

A key consideration is whether it is reasonable to expect that 200 or more individuals may be present at the same time, even if only occasionally. Where this threshold is met, the premises is likely to fall within the scope of the Standard Tier under Martyn’s Law.