Changes in 2020 to

Staff Security Screening O

An important aspect of security and risk management is an effective approach to security screening of new

staff, in particular those involved with the security of your people and property and those with access to critical systems and data. The accreditations that many security organisations require will include adherence to effective screening as laid out in BS 7858:2019. Additionally, this updated standard broadens its scope so it can be used as a model for all staff screening, not just within the security sector.

You may have a team within your organisation that carries out screening, or you could use an independent specialist screening organisation. Either way, the security of your organisation and reaching the required accreditation is dependent on you getting it right.

In this transitional period before BS 7858:2019 becomes operational in April 2020, where either standard BS7858 or BS7858:2019 can be used, there is time to familiarise yourself with the changes summarised below.

Rescreening required?

Firstly, it is helpful to note that if you have already satisfactorily screened people under the BS 7858 regime, you do not need to

rescreen them when BS

7858:2019 comes into force.

Top management must demonstrate commitment to screening

A significant change in the new standard is that it now places more importance on the role of top management of an organisation, requiring them to demonstrate that they are employing good risk management practices, including their approach to employing people.

Top management must show they understand the parts of their business where risk lies and the roles that are involved with these risks, be they financial, security of data, risk to property or related to people, such as roles with access to vulnerable adults and children.

Commitment to effective screening from the top of the organisation is needed: to ensure the resource and infrastructure is in place; to direct and support the activity required; to ensure responsibilities are assigned and communicated. This is irrespective of whether screening is outsourced or carried out in house, to comply with the standard. In either situation, the organisation employing the individual screened is required to review and sign off the screening file.

Practical Changes to BS 7858:2019

There are a number of specific changes within BS 7858:2019 that those carrying out screening need to understand:

• Character references no longer required: The 2012 standard required a character reference as part of screening. Additionally, individuals who needed to explain a long period out of work could use a character reference to evidence a valid reason for this period under the previous standard. Character references are now deemed to be too easy to abuse and are no longer required. For absences (more than 31 days and not registered as unemployed) further evidence and checks will be needed and this is going to be more of a challenge to provide. This is where specialist agencies can sometimes be of help.

• Global Watch List Check: As part

of screening, checks must be made across a range of lists and databases. For example, the HM Treasury list of financial sanctions targets in the UK, watch lists and fraud databases like CIFAS. A comprehensive list

8 © CI TY S ECUR I TY MAGAZ INE – WINT E R 2 0 1 9 www. c i t y s e c u r i t yma g a z i n e . c om

n 1st April 2020, the updated British Standard relating to staff security screening BS 7858:2019 (published 30th Sept. 2019) comes into force, bringing a number of significant changes. Now is the time to make sure you are prepared for this new standard.

is not provided; it is the screening organisation’s responsibility to determine which are the appropriate lists to check against.

• Electronic media: The new standard recognises that a lot of documentation is now authenticated by electronic means; “wet signatures” are not always used.

• Annual competency review: There is a new requirement for evidence on an annual review of the competency of individuals carrying out screening.

• Conditional Offer – Third requirements added: Currently there are two steps you have to follow before making an offer of conditional employment: completion of the prescribed preliminary checks and satisfactorily completing limited screening. The new standard introduces a third element: you must undertake a risk review and confirm that “the level of risk in the intended employment has been evaluated and is deemed to be acceptable and documented“and therefore you are happy to make the offer based on that and your risk profile.

• Record Keeping: Where an individual is reviewed and not made a conditional offer, or where employment will not continue after limited screening, organisations are required to retain records on this person for 12 months.

• Permission to pass on screening file from one employer to another: With appropriate consent of the employee, employers can pass on their screening files to another employer. However, the new employer is still responsible for making sure screening has been done to the required standard. Both parties are also responsible for ensuring that other legislation, such as data protection, is adhered to.

Open Source / Social Media

The new standard recognises that some organisations may want to carry out open source checks on social media activity. This is an area that needs to be handled with care. Organisations carrying out these kinds of checks need to do them consistently, without discriminating and within data privacy legislation. The guidance for the new standard refers to the Financial Conduct Authority (FCA) Handbook – The Financial Crime Guide for further help. Caution is recommended for this area and to keep a watching brief of further guidance to be provided from regulatory bodies.

In just a few months BS 7858:2019 will come into force. Is your organisation ready? Make sure you can answer key questions around screening. Now’s the time to ensure you have the right process, resources and infrastructure in place.

Victoria Hotchkin Managing Director National Security Screening Agency (NSSA)

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36