Martyn's Law Risk Assessment: How to Prepare Your Venue

Why Risk Assessment Matters

A terrorism risk assessment is the foundation of your compliance strategy. For enhanced tier venues, it is a legal requirement. For standard tier venues, it is the smartest thing you can do before writing your procedures. Without understanding your risks, you are guessing about what measures to put in place.

A good risk assessment does three things: it identifies what could go wrong, it evaluates how likely and how severe each scenario is, and it tells you what you can reasonably do to reduce the risk.

Step 1: Understand the Threat

Start by understanding the types of terrorist attack that could affect your premises. The main attack methodologies to consider are:

• Vehicle attack: A vehicle driven into crowds of people, particularly at entrances, pedestrian areas, or queue lines.
• Bladed weapon attack: An individual or group using knives or other edged weapons in crowded areas.
• Firearms attack: An armed attacker targeting people inside the venue.
• Improvised explosive device (IED): A bomb placed in or near the premises, including person-borne devices (suicide bombers).
• Chemical, biological, radiological (CBR): Less likely but cannot be entirely discounted for high-profile venues.
• Hostile reconnaissance: Surveillance of the venue by individuals planning an attack. This is not an attack itself but is a precursor that your assessment should address.

You do not need to be a terrorism expert to work through this list. The question for each type is simply: could this happen here, and what would the impact be?

Step 2: Assess Your Vulnerability

Walk your premises with fresh eyes and ask: where are we vulnerable? Consider:

• Entry points: How easy is it for someone to enter with a weapon or device? Are there uncontrolled access points?
• Crowding points: Where do people congregate? Queues, lobbies, bars, corridors. These are the highest-impact targets.
• Vehicle access: Can a vehicle approach areas where people gather? Is there anything preventing a vehicle from being driven into pedestrians?
• Visibility: Can your staff or CCTV see what is happening in all public areas? Are there blind spots?
• Response capability: If something happened right now, how quickly could your team respond? Do they know what to do?

Step 3: Review Existing Measures

Before deciding what new measures you need, catalogue what you already have. Many venues have more security infrastructure than they realise:

• CCTV cameras and recording systems
• Access control (key cards, locks, barriers)
• Security staff or stewards
• Lighting in and around the premises
• Fencing or perimeter controls
• Fire alarm and evacuation systems
• Communication systems (radios, PA systems)

Assess whether each existing measure is effective, maintained, and being used properly. A CCTV system with broken cameras or a fire alarm that has not been tested is a gap, not a measure.

Step 4: Identify Countermeasures

Based on your vulnerability assessment and the gaps in your existing measures, identify what additional steps you can take. Apply the "reasonably practicable" test: is the measure proportionate to the risk, achievable with available resources, and practical for your type of venue?

Countermeasures fall into three categories:

• Physical measures: Bollards, barriers, improved locks, lighting upgrades, CCTV additions.
• Procedural measures: Search policies, bag checks, visitor management, reporting protocols, communication plans.
• People measures: Staff training, security awareness programmes, dedicated monitoring roles, engagement with police and CTSAs.

Step 5: Document Everything

Your risk assessment must be written down. It should clearly set out what threats you considered, what vulnerabilities you identified, what measures are already in place, what additional measures you are implementing, and why your approach is proportionate. Date it and identify who conducted it.

A risk assessment template should include:

• Premises description and capacity
• Threat assessment by attack type
• Vulnerability analysis by area and scenario
• Existing measures inventory
• Gap analysis
• Proposed additional measures with timelines
• Review date and reviewer details

Step 6: Review Regularly

A risk assessment is not a one-time exercise. Review it at least annually, and whenever there is a significant change. Changes that should trigger a review include: alterations to the building, changes in the type of events you host, changes in the threat level, security incidents at your venue or similar venues, and changes in staffing or security arrangements.

Getting Help

Your local Counter Terrorism Security Advisor can help you conduct your first risk assessment. For complex or high-profile venues, consider engaging a professional security consultant with terrorism-specific expertise. The investment in a proper assessment upfront saves money by ensuring you spend on the right measures, not guessing.