Managing Sensitive Information

Managing Sensitive Information

Financial Conduct Authority

When talking about processes, the steps involved in BPSS Clearance include filling out a questionnaire, attending an interview, providing identity document copies, and completing various forms of verification and validation. Check out BPSS Clearance for identity verification service news. The process might require confirmation of employment dates through documentary evidence, checks on a person's National Insurance records, and confirmation that any immigration documents and visas remain valid. The presence of any sign of espionage, terrorism, or fraud activities is treated with serious concern.

Managing Sensitive Information - law enforcement

  1. Financial Conduct Authority
  2. asset
  3. law enforcement
  4. sick leave
  5. Public Services Network
The system also ensures that employees who might need extended sick leave, work with assistive technology, or handle tasks that intersect with security remain checked and trusted.

Managing Sensitive Information - Public Services Network

  • National Insurance
  • legislation
  • interview
law enforcement Even a CBS record might be included as part of the checks if an organization deems it necessary. Everything is done to confirm that individuals match the required profile and present no unacceptable liability.

A candidate may require checks for National Insurance details, verification of overseas qualifications, scrutiny of any gaps in employment, and confirmation that no health care restrictions or excessive sick leave patterns raise questions of reliability. Licenses must be verified along with expiration dates, and in certain sensitive positions, contracts may include terms relating to compliance with security regulations. The presence of assistive technology ensures candidates with disabilities receive proper support. By establishing a framework consistent with the Public Services Network, regulations on information privacy, and handling of personal identity, an organization assures that data protection principles are followed, reducing liability and risk.

Managing Sensitive Information - Financial Conduct Authority

  • sensitive information
  • fraud
  • Rehabilitation of Offenders Act 1974
  • personal identity
For sensitive roles, background checks may consider aspects of the candidate's personal conduct, possible links to espionage, or contact with extremist groups. This can include cross-checking data with agencies involved in counter-terrorism.

As the workforce in the United Kingdom changes over time, meeting the requirements of security clearance standards demonstrates diligence, integrity, and reliability.

Managing Sensitive Information - sick leave

  1. evaluation
  2. questionnaire
  3. civil service
  4. Security vetting in the United Kingdom
  5. identity document
Reducing crime, preventing terrorism, and diminishing the chance of espionage ensure that sensitive information remains protected. By focusing on evidence, fair practice, and adherence to regulation, BPSS Clearance helps organizations avoid liability. It reassures all parties that the chosen candidate respects the rules, values security, and aligns with the established culture of respect and honesty.

BPSS Clearance

In the United Kingdom, government policy requires that staff undergo security vetting in order to gain access to government information.

The government uses four levels[1]: Annex C, p. 24  of personnel security controls depending on the level of assurance required. Three of these levels are types of national security vetting clearance.[1]: Annex B 

Vetting is intended to assure government bodies that the individual has not been involved in espionage, terrorism, sabotage or actions intended to overthrow or undermine Parliamentary democracy by political, industrial or violent means. It also assures the department that the individual has not been a member of, or associated with, an organisation which has advocated such activities or has demonstrated a lack of reliability through dishonesty, lack of integrity or behaviour. Finally, the process assures the department that the individual will not be subject to pressure or improper influence through past behaviour or personal circumstances.[2]

Vetting is usually carried out by United Kingdom Security Vetting (UKSV), a department within the Cabinet Office.[3] UKSV was created in January 2017 by combining DBS National Security Vetting (DBS NSV) and FCDO Services National Security Vetting (FCDOS NSV).[3] This change was an outcome of the Strategic Defence and Security Review 2015.[4]

Security and intelligence agencies such as MI5MI6 and Government Communications Headquarters carry out their own vetting. The minimum is Developed Vetting and very occasionally Enhanced Security Check.

It is possible to pass vetting with one department yet fail it with another as vetting is tailored to the role/department. Clearances can be transferred between departments. Holders of vetting clearance may face travel restrictions on private travel to high-risk countries.

Vetting in the UK is currently undergoing change as part of the Vetting Transformation Programme. This will see a series of "Levels" introduced and the phasing out of the current nomenclature. These new levels will be broadly:

  • Accreditation Check (AC) = Level 1A
  • Counter Terrorist Check (CTC) = Level 1B
  • Security Check (SC) = Level 2
  • Developed Vetting (DV) = Level 3[5]

Note: Baseline Personnel Security Standard (BPSS) is not considered a formal security clearance level but this, or an equivalent background check, is used to underpin all vetting.

The target date for this transformation is 2025. Level 1B was introduced October 2022 and is currently the only "new" level operating.

Types of personnel security check

[edit]

Baseline Personnel Security Standard (BPSS)

[edit]

The Baseline Personnel Security Standard (BPSS) checks are normally performed when a person is recruited.

All those with access to government assets are subject on recruitment to the requirements of the Baseline Personnel Security Standard. This includes all applicants for employment in the civil service and armed forces and applies to both permanent and temporary staff and private sector employees working on government contracts, with access to government assets.

The Baseline Personnel Security Standard requires the verification of the following four elements:

  1. Identity[1]: 7(a) 
  2. Employment history (past three years)[1]: 7(b) 
  3. Nationality and immigration status[1]: 7(c) 
  4. Criminal record (unspent convictions only)[1]: 7(d) 

A reasonable account of any significant periods (a total of 6 months or more in the past 3 years) spent abroad.[1]: Annex B  Prospective employees who have recently come to the UK or lived abroad may be asked to provide overseas police certificates of good conduct.[1]: 7(d) 

BPSS[1]: Annex B 

  • Allows access to UK OFFICIAL assets and occasional access to UK SECRET assets
  • Is required to work in areas where SECRET and TOP SECRET information may be overheard
  • Allows individuals who require it, access to the Public Services Network (PSN)

Employers may initiate the following incremental national security vetting checks on recruits after performing the BPSS check.

Counter Terrorist Check (CTC)/Level 1B

[edit]

A Counter Terrorist Check (CTC)/Level 1B is required for individuals who are employed in posts that:[1]: Annex B 

  • Involve proximity to public figures assessed to be at particular risk from terrorist attack.
  • Give access to information or material assessed to be of value to terrorists. However, it is not designed to manage access to sensitive information.
  • Involve unescorted access to certain military, civil, industrial or commercial establishments assessed to be at particular risk from terrorist attack.

The process for CTC clearance includes:

  • BPSS check;
  • Completion of a security clearance questionnaire by the candidate;
  • Checks against UK criminal records covering both spent and unspent convictions;
  • Checks against Security Service (MI5) records;
  • It may also include an interview.

A CTC/Level 1B clearance must be formally reviewed after ten years (five years for non-List X Contractors).[1]: Annex B 

In the transport sector security vetting requirements, including for Counter Terrorist Check, is regulated by the Department of Transport.[6]

A CTC/Level 1B is required for police officers and many associated staff.[7]

Security Check (SC)

[edit]

A Security Check (SC) is the most widely held level of security clearance.[8] SC is required for posts involving regular and uncontrolled access to SECRET assets and/or occasional, supervised access to TOP SECRET assets,[8] and for individuals who:[1]: Annex B 

  • While not in such posts, will be in a position to directly or indirectly bring about the same degree of damage.
  • Will have sufficient knowledge to obtain a comprehensive picture of a SECRET plan, policy or project.
  • Are being considered for employment where it would not be possible to make reasonable career progress without security clearance for access to SECRET assets.
  • Require access to certain levels of classified material originating from another country or international organisation.

The process for SC clearance includes:

  • Successful completion of the Baseline Personnel Security Standard.
  • Completion, by the individual, of a Security Questionnaire.
  • A departmental/company records check which will include e.g. personal files, staff reports, sick leave returns and security records.
  • A check of both spent and unspent criminal records.
  • A check of credit and financial history with a credit reference agency.
  • A check of Security Service (MI5) records.
  • Checks on foreign travel/foreign contacts.
  • It may also include an interview.

Checks may extend to third parties included on the security questionnaire.

An SC security clearance must be formally reviewed after ten years (seven years for non-List X contractors) or at any time up to that point at the discretion of the vetting authority.[1]: Annex B 

Enhanced Security Check (eSC)

[edit]

This is similar to an SC but also includes a financial questionnaire and may include an interview with a vetting officer. It is a pre-requisite for the granting of access to STRAP codeword material at the SECRET level.

Developed Vetting (DV)

[edit]

DV is one of the most detailed and comprehensive form of security clearance in UK government. It is needed for posts that require individuals to have frequent and uncontrolled access to TOP SECRET assets, or require any access to TOP SECRET codeword material. It is also required for individuals who:

  • While not in such posts, will be in a position to directly or indirectly bring about the same degree of damage.
  • Require frequent and uncontrolled access to Category I nuclear material.
  • Require access to certain levels of classified material originating from another country or international organisation.

The process for DV clearance includes:

  • BPSS check.
  • Completion, by the individual, of a Security Questionnaire, a DV Supplement and Financial Questionnaire.
  • A check of both spent and unspent criminal records.
  • A check of credit and financial history with a credit reference agency.
  • A check of Security Service (MI5) records.
  • A full review of personal finances.
  • Checks on foreign travel/foreign contacts.
  • A detailed interview conducted by a vetting officer.
  • Further enquiries, including interviews with referees conducted by a vetting officer.

A DV security clearance must be reviewed every seven years or at any time up to those points at the discretion of the vetting authority.[1]: Annex B 

Enhanced Developed Vetting (eDV)

[edit]

Enhanced Developed Vetting requires additional in-depth interviews, beyond that of DV, including a full list of all foreign travel within the last 10 years. It is required for a limited number of highly sensitive roles and can only be requested by a small number of government departments.[9]

Caveats/Nationality Restrictions

[edit]

A clearance of any level can be granted with "caveats" which may restrict the holder from accessing certain types of material, for example relating to specific countries, regions or projects. Where there is an explicit requirement for the viewer of a document to be a UK Citizen, the individual must hold a clearance with no "caveats" and be deemed to meet "UK Eyes Only". Further restrictions can include "No Dual Nationals".

Clearance Aftercare

[edit]

Change of personal circumstances

[edit]

A change of personal circumstances (CPC) questionnaire has to be submitted when a CTC, SC, eSC, DV, eDV, STRAP clearance holder is "marrying, remarrying, entering into a civil partnership, setting up a stable unmarried relationship which includes living with someone as a couple", "due to significant changes in financial circumstances" or "due to contact with law enforcement". DV clearance holders also have to report the arrival of new "co-residents" such as a lodger or flatmate.[3]

Annual Security Appraisals/Aftercare Reports

[edit]

Holders of eSC, DV and eDV must annually complete a "Security Appraisal Form" (SAF) in conjunction with their line management, detailing any areas of concern or changes in circumstances that have occurred in the previous year which have yet to be notified to UKSV.

Any issues that require immediate notification to UKSV during the year are either self-reported as a change in circumstances, or if caused by a security issues filed as an "Aftercare Incident Report".

Transfer of a clearance

[edit]

A request can be made to transfer national security clearances between organisations, providing they have not expired. Transfers are requested by the "new employing sponsor". Transfers can be the same level of clearance or a lower level clearance can be "extracted" from a higher level clearance (usually SC extracted from DV). No more than twelve months must have elapsed since the holder left the organisation for which the clearance was originally granted and no more than six months spent living overseas. New completed change of circumstances questionnaires, to bring the UKSV and departmental records up to date, may be required.[3] The new sponsor reviews the details of the clearance and decides if it is acceptable for the specific new role.[1]: 44 

Other Checks

[edit]

Disclosure and Barring

[edit]

In addition to national security clearances, other types of roles and organisations stipulate a need for background checks, these are often required for vulnerable group access (including children), as operated by the Disclosure and Barring Service (DBS), replacing former Criminal Records Bureau (CRB) and Independent Safeguarding Authority (ISA) checks.

Police Vetting

[edit]

The police service has its own system of vetting:

Force Vetting[10] with a hierarchy of Police Personnel Vetting (PPV) and Non-Police Personnel Vetting (NPPV) levels.

Within this there are several levels. For police officers and police staff, there is:

  • Recruitment Vetting; and
  • Management Vetting

For contractors and those with access to certain parts of police systems, there is "non-police personnel vetting":

  • NPPV Level 1 (NPPV1)
  • NPPV Level 2 (NPPV2)
  • NPPV Level 3 (NPPV3) (aligned but not equivalent to SC)

When an actual SC, eSC, or DV is required alongside Force Vetting, it is carried out by UKSV.

Check our other pages :