- Free standard delivery
- Best price guaranteed
- Fast same-day shipping
- Over 20 years experience
- Family-run business
|Format (Paperback, Hardback etc)||A4|
|Brand / Publisher||BSI|
Screening of individuals working in a secure environment. Code of practice
What is this standard about?
It details how to screen individuals who want to work in secure environments, defined as anywhere that an insider could steal or threaten the integrity of data, information, or other physical or intellectual assets; or threaten people's safety.
Who is this standard for?
- The security sector. The security workforce is regulated by the Security Industry Authority (SIA), which draws its powers from the Private Security Industry Act 2001. Organisations wanting to join the SIA Approved Contractor Scheme must demonstrate their compliance to relevant British Standards, including BS 7858. As well, agencies which offer employee screening packages under the Approved Contractor Scheme.
- Any organization outside of the security sector which wants to screen people employed in sensitives areas such as critical infrastructure sites and those with access to sensitive information, materials or technology. This might include:
- Facilities management companies
- Human resource departments
- Retail sector
- Sports/entertainment sector
- Local government
Why should you use this standard?
While the vast majority of employees and contractors are honest and act with integrity, organizations are nevertheless sometimes vulnerable to insiders with access, who operate in positions of trust.
Indeed the government's Centre for the Protection of National Infrastructure (CPNI) warns that almost all physical and electronic attacks can be assisted or conducted by an insider. Some attacks can only be committed by insiders, such as the unauthorized release of proprietary information, or the sabotage of assets that only employees can access. In addition, there are some tactics that insiders are likely to use in the course of preparing or conducting attacks including deliberate attempts to acquire information or access by manipulating staff.
These risks can be mitigated, however, by a robust screening process for employees in some roles. This British Standard gives recommendations for the screening of individuals working in a secure environment where the security and/or safety of people, goods, services, data or property (intellectual or physical) is a requirement of the employing organization's operations and/or where such screening is in the public interest.
Originally intended for use by the security industry, the standard can be applied by any industry which employs people who are expected to work within secure environments, from employees with access to IT infrastructure and laboratories working with sensitive substances or technology, through to cleaners employed in secure environments such as government buildings. The objective of screening is to obtain sufficient information to enable organizations to make an informed decision on employing an individual in a secure environment. Some insurers also require BS 7858 as a part of the policy conditions and have additional requirements for screening, e.g. a longer screening period.
- Having a single standard across the UK is useful as it means the public and employers can have peace of mind that security staff are as trustworthy as they can be.
- Reducing the risk in this way is vital for employers as providing unstable staff to an event or dishonest people for a retail environment could cause serious reputational damage to the company.
- The standard also rolls in other pieces of UK legislation such as the right to work which is a requirement of all UK employers. This means that one check can be carried out for basic employment and security duties.
NOTE: This British Standard applies equally to all individuals in relevant employment, including full-time and part-time employees, sole traders, partnerships, temporary and permanent employees, and to all levels of seniority, including directors.
What's changed in this update?
This is a full revision and introduces the following principal changes:
a) The revision reflects how industry is currently applying the standard, hence the scope has been widened to include industries outside the security sector, for employees undertaking work in a secure environment, and the title has been changed from a 'security environment' to a 'secure environment'.
b) There is now more emphasis on risk assessment as a theme that runs through the standard
c) There is now a clear objective that the standard's requirements are to obtain sufficient information to enable organizations to make an informed decision on employing an individual in a secure environment
d) More importance is placed on the role of top management, i.e. in deploying appropriate resource to ensure the process is effective and taking responsibility for the acceptance of risk (while top management remains responsible for the execution of the requirements of this standard, it is recognized that authority can be delegated to competent individuals to undertake specific tasks)
e) The revision highlights that the organization remains responsible for any screening activities that it decides to outsource
f) There is a recognition of the role of automation
g) The requirement for character references has been removed as this was seen to be too easy to abuse
h) The standard now permits the passing on of a screening file from job to job, however it is not a requirement of the standard to do so. Where screening files are received from a previous employer, it's still an obligation on the employing organization to ensure that the requirements of the standard have been followed, i.e. acceptance of the screening file alone is not deemed to have met the requirements of this standard
i) While social media and other open source internet checks are now mentioned in the standard, they are not a requirement and may be used as additional information in any employment decisions. Care is to be taken when using this method so as not to introduce any unlawful discrimination
j) The forms in Annex A are now informative and are therefore examples of forms that may be used. This allows organizations to customize them more easily.