Skip to main content
Protective security lifecycle platform
The Protective Security Lifecycle Platform

Protective Security, Managed End to End

Hermes turns protective security from a periodic consultancy exercise into a structured, measurable, continuously managed capability. Assess your posture, prepare for Martyn's Law, train your people, validate your controls, and assure continuous improvement — all in one NPSA-aligned system.

What Is Protective Security?

Protective security is the discipline of protecting people, information, and physical assets from threats such as terrorism, hostile reconnaissance, and criminal attack. It layers physical, personnel, and procedural measures — from the outside in — on the principles of defence-in-depth and risk-based proportionality.

Done well, it is not a one-off report. It is a continuous capability: assess, plan, train, validate, deliver, and assure — repeated as threats and circumstances change. Hermes is the platform that manages that whole lifecycle in one place.

The Lifecycle

Ten Stages, One System

01Assess
02Understand
03Plan
04Learn
05Validate
06Deliver
07Exercise
08Assure
09Review
10Improve
The Services

Seven Services Across the Lifecycle

Each service stands alone — or connects to the others through shared structured data. Start where your need is greatest; the platform grows with you.

How It Works

Built on Four Principles

Structured Data Before Documents

Every finding is captured as structured data first — so one assessment can generate many deliverables, and every recommendation traces back to a registered risk and asset.

Human Consultants Stay Accountable

AI-assisted analysis compresses the work; qualified consultants review and sign off at defined gates. The objective is a better operating system for consultants, not a replacement.

Continuous Assurance, Not Point-in-Time

Protective security is not a report you file and forget. The platform tracks recommendations into actions, actions into evidence, and evidence into a living maturity position.

Executive-First Reporting

Every output is board-readable. Leadership gets a clear picture of posture, progress, and residual risk — without wading through technical detail.

Frequently Asked

Common Questions

What is protective security?

Protective security is the discipline of protecting people, information, and physical assets from threats such as terrorism, hostile reconnaissance, and criminal attack. It combines physical, personnel, and procedural measures — layered from the outside in (out-to-in zoning) and built on defence-in-depth — to deter, detect, delay, respond to, and recover from attacks. In the UK, protective security guidance is set by the National Protective Security Authority (NPSA).

What is a protective security lifecycle platform?

A protective security lifecycle platform manages protective security as a continuous capability rather than a one-off exercise. It covers the full lifecycle — assessing posture, planning improvements, training people, validating controls, designing and delivering measures, and assuring ongoing governance — within a single structured system, so every decision from initial threat identification through annual review is managed in one place.

What services does Hermes offer within protective security?

Hermes offers a protective security assessment (available now), Martyn's Law readiness, protective security learning and training, validation of implemented controls, security design, delivery and procurement support, and continuous assurance. The assessment framework is live; the remaining services are being rolled out across the lifecycle platform.

Is the Hermes protective security methodology NPSA-aligned?

Yes. The methodology adopts NPSA (National Protective Security Authority) principles — layered security through out-to-in zoning, defence-in-depth, risk-based proportionality, and the 5 D's (deter, detect, delay, respond, recover). Every assessment follows the same structured framework, ensuring consistency and traceability across engagements.

Who is the protective security platform for?

It serves independent security consultants and security firms who want to standardise and scale their methodology, and organisations — including venues, events, estates, and corporate security teams — that need to assess, improve, and continuously manage their protective security capability. Responsible persons preparing for Martyn's Law are a particular focus.

The Operating System for Protective Security

Whether you are a consultant standardising your methodology or an organisation building lasting capability — start with an assessment, or talk to us about the full lifecycle.

Learn About Martyn's Law

Our complete guide to the Terrorism (Protection of Premises) Act 2025 — who it applies to, the tiers, the timeline, and what organisations need to do.