They can work independently or in support of the police service National Menu of Counter Terrorism Tactical Options. They can be implemented independently by an organisation or can be deployed at the request of police following an extraordinary Security Review.
The tactical options included in this guidance are not exclusive and it is anticipated that this guidance will be reviewed periodically to ensure it is fit for purpose in meeting the ongoing and ever-changing threat from terrorism to the UK.
This guidance has been developed in partnership with a number of security experts within the private sector and the authors would like to thank all of them for their assistance.
Since 2006, information about the national threat level has been available on the MI5 and Home Office websites. In September 2010 the threat levels for Northern Ireland-related terrorism were also made available.
In July 2019, changes were made to the terrorism threat level system to reflect the threat posed by all forms of terrorism, irrespective of ideology. There is now a single national threat level describing the threat to the UK, which includes threats from Northern Ireland, Islamic extremism, left-wing and right-wing terrorism.
The three UK government response levels broadly equate to the five national terrorism threat levels as shown in the table below.
As response levels are the result of detailed assessments of risk, changes in the national threat level may not necessarily produce a change in response level.
Threat and response level
MI5 maintain a history of threat levels:
National Threat Level
Northern Ireland-related Threat Level to Northern Ireland
Threat levels prior to July 2019
Threat from international terrorism
Threat from Northern Ireland-related terrorism
In Northern Ireland
In UK mainland
In general, when the threat level has been raised, it has been post-incident and because of something happening which has impacted on mainland UK. However, in August 2014, the threat level was raised because of a combination of factors (both internationally and UK based). These compelled the threat level to rise to Severe.
It should be noted that an increase to Critical has a significant impact on the UK, the resources across all agencies and potentially business and industry. It is therefore unlikely to remain in place for long periods of time.
It should also be noted that the tactical options included in this document are not just for use after the threat level has risen to Critical.
Under the Protective Security Improvement Activity (PSIA) introduced by NaCTSO in 2014, six methods of attack have been identified and remain current:
non-penetrative vehicle attack
penetrative vehicle attack
PBIED – Person-Borne Improvised Explosive Device (suicide) attack
firearms/weapons attack including close quarter (Marauding Terrorist Attack)
postal device attack including courier and hand deliveries
placed improvised explosive devices
The tactics outlined in this document reflect the options for response to these types of threat.
The overall business strategy in dealing with an increase in threat level to Critical or in response to an attack is:
to understand the type of threat posed – Why did the threat level increase? What was the attack methodology used?
to consider the appropriate level of response and range of tactical options that are best suited to continue business-as-usual, in the parameters of this heightened state of alert.
The operational requirement to consider when planning for an increase in threat level to Critical is:
to agree a menu of site-specific tactical options that are suitable for the organisation that can be considered if the threat level increases to Critical
regularly exercise the plan for Critical to make sure that key stakeholders and staff are aware of the impact on their area of work should a change be necessary
make sure that staff have been consulted and agreements in place if options impact on staff working practices (terms and conditions)
The operational requirement to consider when reacting to an increase in threat level to Critical is:
to escalate and quickly engage with key stakeholders to react when the threat level increases to Critical
to consider a range of options relevant to reduce the likelihood of the threat posed
to continually review the tactical options to make sure they remain suitable to meet the threat posed
make sure that any change to tactical options will provide reassurance to staff rather than cause alarm
implement communication strategy that provides advice to staff around changes to planned events, deliveries or changes to access points
only react to information from official sources such as government, security services and police, as there is a lot of misinformation available through unsubstantiated sources
to have an immediate holding plan available to allow a more permanent solution to be found
consider implementing a command-and-control approach using the Strategic, Tactical and Operational planning system (formerly gold, silver, bronze system) which is similar to that of the emergency services and first responders
minimise disruption to business and promote recovery at the earliest time.
Strategic, tactical and operational planning
Strategic is in overall control of the organisation’s resources at the incident and will formulate the strategy for dealing with the incident.
Tactical manages tactical implementation following the strategic direction given above and makes it into sets of actions that are completed below.
Operational directly controls an organisation’s resources at the incident and will be found with their staff working at the scene.
Menu of Tactical Options
The following list of tactical options should be considered to support an increase in threat level to Critical or following an incident or attack.
This is not an exhaustive list and there may be other site-specific options which are relevant to your particular location.
The key to any change is that security patrols should remain unpredictable. Feedback from security services has proved that this is a real deterrent when planning an attack.
A. Agree strategy and document all decisions (to include rationale for change or preserving status quo).
B. Make sure lock down procedures are tried and tested.
C. Implement emergency change to shift patterns (extended shift patterns, change to rotation etc. Agree plan with staff in advance).
D. Review patrol strategy (be unpredictable). Adopt high visibility clothing. (Deployment in hi-vis will be dependent on the intelligence available and the perceived risk to the site and staff.)
E. Join up resources with neighbouring contracts (rotate and share external patrols with other security companies and widen patrol areas).
F. Report any suspicious activity in a timely manner.
G. Implement communication links with surrounding premises to pass on information about suspicious activity or behaviour.
H. Consider closing non-essential access and egress points.
I. Focus CCTV on all communal areas and vulnerable points.
J. Make sure CCTV is suitable for the task for which it is being utilised.
K. Review immediate parking areas and access to them.
L. All visitors must give 24 hours notice.
M. Implement search regimes (people, vehicles, baggage, etc.)
N. 100% staff ID checks (challenge ALL staff).
O. All staff and visitors to wear ID (if this is not usual practice).
P. Visitors to be accompanied at all times.
Q. Security officers must check all personnel and vehicles including emergency services – do not assume they are who they say they are!
R. Consider cancelling or postponing events.
S. Cancellation of all non-essential training, making sure staffing levels are maintained.
T. Staff are briefed on response and threat levels.
U. Restrict deliveries to essential deliveries only (out of hours only).
V. Couriers – essential deliveries only.
W. Post – where possible scan 100% of mail, making sure postal procedures are robust.