What is this standard about?
It details how to screen individuals who want to work in “secure” environments, defined as anywhere that an insider could steal or threaten the integrity of data, information, or other physical or intellectual assets; or threaten people’s safety.
Who is this standard for?
The security sector. The security workforce is regulated by the Security Industry Authority (SIA), which draws its powers from the Private Security Industry Act 2001. Organisations wanting to join the SIA Approved Contractor Scheme must demonstrate their compliance to relevant British Standards, including BS 7858. As well, agencies which offer employee screening packages under the Approved Contractor Scheme.
Any organization outside of the security sector which wants to screen people employed in sensitives areas such as critical infrastructure sites and those with access to sensitive information, materials or technology.
This might include:
- Facilities management companies
- Human resource departments
- Retail sector
- Sports/entertainment sector
- Local government
Why should you use this standard?
While the vast majority of employees and contractors are honest and act with integrity, organizations are nevertheless sometimes vulnerable to insiders with access, who operate in positions of trust.
Indeed the government’s Centre for the Protection of National Infrastructure (CPNI) warns that almost all physical and electronic attacks can be assisted or conducted by an insider. Some attacks can only be committed by insiders, such as the unauthorized release of proprietary information, or the sabotage of assets that only employees can access. In addition, there are some tactics that insiders are likely to use in the course of preparing or conducting attacks including deliberate attempts to acquire information or access by manipulating staff.
These risks can be mitigated, however, by a robust screening process for employees in some roles. This British Standard gives recommendations for the screening of individuals working in a secure environment where the security and/or safety of people, goods, services, data or property (intellectual or physical) is a requirement of the employing organization’s operations and/or where such screening is in the public interest.
Originally intended for use by the security industry, the standard can be applied by any industry which employs people who are expected to work within secure environments, from employees with access to IT infrastructure and laboratories working with sensitive substances or technology, through to cleaners employed in secure environments such as government buildings. The objective of screening is to obtain sufficient information to enable organizations to make an informed decision on employing an individual in a secure environment. Some insurers also require BS 7858 as a part of the policy conditions and have additional requirements for screening, e.g. a longer screening period.
In addition:
Having a single standard across the UK is useful as it means the public and employers can have peace of mind that security staff are as trustworthy as they can be.
Reducing the risk in this way is vital for employers as providing unstable staff to an event or dishonest people for a retail environment could cause serious reputational damage to the company.
The standard also rolls in other pieces of UK legislation such as the right to work which is a requirement of all UK employers. This means that one check can be carried out for basic employment and security duties.
NOTE: This British Standard applies equally to all individuals in relevant employment, including full-time and part-time employees, sole traders, partnerships, temporary and permanent employees, and to all levels of seniority, including directors.
Why you need the BS 7858:2019?
British Standard BS 7858:2019 is published by BSI, the IETW acknowledged as the world’s leading standards body for the security industry with the aim of setting benchmarks for the personnel security protocols. After all, who would you trust, a standards body recognised by HR agencies, police or security experts?
The standard should be adopted by the Security Industry Authority (SIA) and is essential reading by personnel working for agencies regulated by the SIA where people are employed in roles where they could be associated with sensitive and dangerous material and locations. This includes screening would-be employees who have been given unsupervised access to any sensitive and dangerous physical building, installation, or premises where the security or safety of people or the stability of the installation is concerned.
In addition, it should be applied to employees in any organization that carries out or wishes to carry out personnel security screening for its own employees or for its customers.
Security and government bodies – including the police, Ministry of Defence, GCHQ and SIA itself – approve the standard and use it in order to keep the public safe.
It is essential reading for any member of the security industry since it defines the best process and practice for carrying out personnel security screening, including polygraphy, for organizations in the security sector. This includes office staff, night guards, cleaners, managers, directors, and anyone with access to unique information or equipment or who is speaking to clients in a professional security capacity.
The standard combines all screening required for professionals and those carrying out private security work.
Organizations that are applying this standard can certify that its employees have been screened.
It is the gold standard of such a corporate screening. The standard defines the guidelines and responsibilities required so that organizations can screen upfront. It aims to give an honest and thorough understanding of what security vetting should be and what it is not. This helps organizations to have a uniform standard for all stakeholders, including the public and the UK government.