The Vulnerability Self-Assessment Tool

The Vulnerability Self-Assessment Tool, (VSAT™), has its origins in an online version first commissioned by The Office for Security and Counter Terrorism, (OSCT) within the UK Home Office, so that best practice on protective security could be shared by the National Counter Terrorism Security Office (NaCTSO) with the private sector. As a result of its success, achieving over 10,000 users, VSAT™ was chosen as the delivery method for assessing security for the 2012 London Olympic Games and the Torch Relay.

Today, VSAT™ enables you to conduct a security audit to UK Government and internationally recognised standards. These have been prepared by our team of experienced security and intelligence professionals, who include the original operational team leader behind VSAT™’s creation and the original IT design team. VSAT™ is ideally suited for an organisation that needs to conduct any form of security audit across multiple sites that are spread out geographically thereby avoiding costly and time consuming visits and enabling you to make risk based decisions on where, what, how and by whom any extra security investment might be required.

The system allows the client to determine access levels and user rights depending on the user’s role and profile. Full administration rights allow the client’s ‘High Level’ co-ordinator to review all the results, whether by region or country, who can also determine whether the users are allowed to view the results of the site security reviews.

The user will be invited to log on and will be given simple instructions on how to proceed before answering a number of detailed questions on a range of security related areas that cover Physical Security, Personnel, Housekeeping, Information and Cyber Security as well as Emergency Response and Business Resilience.

Each question has a number of possible answers and the user simply clicks on the answer that is most relevant. Each answer is given a weighted score, you can quickly, effectively and efficiently understand the level of risk you might be carrying across your organisation. VSAT™ will provide you with an online report that identifies the risks and recommends practical mitigation measures whilst signposting you to relevant UK best practice.


Once completed, the user will instantly receive an executive Summary that provides a top line risk rating along with the level of risk being carried across the individual areas that have been assessed. Any areas of high risk will also be highlighted.

The user is also able to view the full assessment which sets out in detail the risk rating for each individual question and provides detailed advice and guidance in line with the answer provided. The data provided by VSAT™ to a client will enable them to make informed, justified and auditable decisions when prioritising security improvements or future investments.

An additional feature of VSAT™ is that it includes a ‘Threat Level Multiplier’, which calculates the identified risks against a country’s terrorism threat level. Should that threat level change, the system will automatically inform the user and guide them as to what actions they should now undertake. The VSAT™ will also automatically re evaluate the risk rating.


Because VSAT™ uses the latest micro service architecture and a generic, modular framework, it can be adapted to suit a client’s specific needs. We can work closely with a client to develop question sets that include their particular requirements and offer links to their internal company policies, advice and guidance.

VSAT™ works across a variety of platforms including Windows, Mac and Android so your staff can complete an assessment at their desk on a PC or laptop, or on the move or off line using a native tablet. The data is not held on the device so if the connection is broken or perhaps the device goes missing your data remains secure. The information from the assessments can be accessed by managers or designated staff at a local, regional, national or international level, permitting the identification of, for example, problem areas, performance anomalies, security vulnerabilities, training gaps or opportunities for business improvement.

VSAT™ operates using secure servers. Critical or sensitive data is encrypted and not held locally. VSAT™ utilises a roles and permissions based approach to ensure that personal data is only seen by those who need to see it. VSAT™ is underpinned by the same technology used by major internet and social media providers but it also uses a number of other security measures that protect both the front-end website and the deep-rooted content in the database structure. All data that is accessed via VSAT™ is transmitted via a Secure Socket Layer (SSL) that is subject to 256-bit encryption protocols. VSAT™ is currently in the process of gaining the UK Police Security Standard ‘Secure by Design’.

Our team of experts, with professional careers in UK Military and Law Enforcement, are experienced and accredited National Counter Terrorism Security Advisers who can also conduct onsite audits or verification visits to quality assure the responses within the assessment and provide detailed security advice to meet your precise requirements.

Support Requests

WE WILL ONLY RESPOND TO REGISTERED USERS

Contact support

  • support@arlpartners.co.uk
  • Monday - Friday : 9:30pm - 5:30pm