Sign In
Go Search

Personnel Security

Some external threats, whether from criminals, terrorists, or competitors seeking a business advantage, may rely upon the co-operation of an 'insider'.

This could be an employee or any contract or agency staff (e.g. cleaner, caterer, security guard) who has authorised access to your premises. If an employee, he or she may already be working for you, or may be someone newly joined who has infiltrated your organisation in order to seek information or exploit the access that the job might provide.

What is personnel security?

Personnel security is a system of policies and procedures which seek to manage the risk of staff or contractors exploiting their legitimate access to an organisation's assets or premises for unauthorised purposes. These purposes can encompass many forms of criminal activity, from minor theft through to terrorism.

The purpose of personnel security is to minimise the risks. It does this by ensuring that organisations;

  • employ reliable individuals, minimising the chances of them becoming an insider threat once they have been employed
  • detect suspicious behaviour
  • resolve security concerns as soon as they have become apparent.

This chapter refers mainly to pre-employment screening, but organisations should be aware that personnel screening should continue throughout the worker's term of employment.

Further information regarding ongoing personnel screening can be found at www.cpni.gov.uk

Understanding and assessing personnel security risks

Organisations deal regularly with many different types of risk. One of them is the possibility that staff or contractors will exploit their positions within the organisation for illegitimate purposes. These risks can be reduced but can never be entirely prevented. Instead, as with many other risks, the organisation should employ a continuous process for ensuring that the risks are managed in a proportionate and effective manner.

Data Protection Act

The Data Protection Act 1998 (DPA) applies to the processing of personal information about individuals. Personnel security measures must be carried out in accordance with the data protection principles set out in the act.

Pre-employment Screening

Personnel security involves a number of screening methods, which are performed as part of the recruitment process but also on a regular basis for existing staff. The ways in which screening is performed varies greatly between organisations; some methods are very simple, others are more sophisticated. In every case, the aim of the screening is to collect information about potential or existing staff and then use that information to identify any individuals who present security concerns.

Pre-employment screening seeks to verify the credentials of job applicants and to check that the applicants meet preconditions of employment (e.g. that the individual is legally permitted to take up an offer of employment). In the course of performing these checks it will be established whether the applicant has concealed important information or otherwise misrepresented themselves. To this extent, pre-employment screening may be considered a test of character.

For more information see the Pre Employment Screening Guidance on the CPNI website.
Copyright 2010 National Counter Terrorism Security Office Privacy Policy