1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationBS 7858:2012Security screening ofindividuals employed ina security environment Code of practicePublishing and copyright informationThe BSI copyright notice displayed in this docu
2、ment indicates when the documentwas last issued. The British Standards Institution 2012Published by BSI Standards Limited 2012ISBN 978 0 580 73505 9ICS 13.310The following BSI references relate to the work on this standard:Committee reference GW/3Draft for comment 12/30237323 DCPublication historyFi
3、rst published June 1996Second edition, March 2004Third edition, August 2006Fourth edition, October 2012Amendments issued since publicationDate Text affectedBS 7858:2012 BRITISH STANDARDContentsForeword ii1 Scope 12 Terms and definitions 13 Risk management 24 Security screening process 35 Ancillary s
4、taff 136 Acquisitions and transfers 137 Subcontractors 138 Individuals employed in security screening 149 Records held after cessation of employment 14AnnexesAnnex A (normative) Example forms 16Bibliography 27List of tablesForm 1 Oral enquiry Previous employer 17Form 2 Oral enquiry Other than previo
5、us employer 18Form 3 Request for confirmation of information given orally 19Form 4 Verification progress sheet 20Form 5A Application form 21Form 5B Authorization and compliance 24Form 6 Statutory declaration 25Form 7 Executive acceptance of risk 26Summary of pagesThis document comprises a front cove
6、r, an inside front cover, pages i to ii,pages 1 to 28, an inside back cover and a back cover.BRITISH STANDARD BS 7858:2012 The British Standards Institution 2012 iForewordPublishing informationThis British Standard is published by BSI Standards Limited, under licence fromThe British Standards Instit
7、ution, and comes into effect on 1 May 2013. It wasprepared by Technical Committee GW/3, Manned Security Services. A list oforganizations represented on this committee can be obtained on request to itssecretary.SupersessionThis British Standard supersedes BS 7858:2006+A2:2009, which will be withdrawn
8、on 31 April 2013.Use of this documentAs a code of practice, this British Standard takes the form of guidance andrecommendations. It should not be quoted as if it were a specification andparticular care should be taken to ensure that claims of compliance are notmisleading.Any user claiming compliance
9、 with this British Standard is expected to be able tojustify any course of action that deviates from its recommendations.Presentational conventionsThe provisions of this standard are presented in roman (i.e. upright) type. Itsrequirements are expressed in sentences in which the principal auxiliary v
10、erb is“shall”.Commentary, explanation and general informative material is presented insmaller italic type, and does not constitute a normative element.Contractual and legal considerationsThis publication does not purport to include all the necessary provisions of acontract. Users are responsible for
11、 its correct application.Compliance with a British Standard cannot confer immunity from legalobligations.BRITISH STANDARDBS 7858:2012ii The British Standards Institution 20121 ScopeThis British Standard gives recommendations for the security screening ofindividuals to be employed in an environment w
12、here the security and/or safetyof people, goods and services, personal data or property is a requirement of theemploying organizations operations and/or where such security screening is inthe public and/or corporate interest.NOTE 1 “Property” includes intellectual and physical property as well as ca
13、sh andvaluables.NOTE 2 See Home Affairs Committee First Report: The Private Security IndustryVolume 1 1.NOTE 3 Some insurers require BS 7858 as a part of the policy conditions and mayhave additional requirements for screening, e.g. a longer security screening period.This British Standard applies equ
14、ally to all individuals in relevant employment(see 2.8), including full-time and part-time employees, sole traders, partnerships,temporary and permanent employees, and to all levels of seniority, includingdirectors. The objective of security screening is to obtain sufficient informationto enable org
15、anizations to make an informed decision on employing anindividual in a security environment.2 Terms and definitionsFor the purposes of this British Standard, the following terms and definitionsapply.2.1 ancillary staffindividual(s) involved in ancillary activities such as administration, personnel,b
16、uilding maintenance and cleaning2.2 conditional employmentperiod of employment during which security screening is continuingNOTE Successful completion of security screening is one criterion upon which thedecision to grant confirmed employment is based.2.3 confirmed employmentemployment granted upon
17、successful completion of security screening and anyadditional criteria applied by the organization2.4 executivedirector, partner or sole owner of the organization, or a manager of theorganization duly authorized in writing by a director, partner or sole owner ofthe organization2.5 individualperson r
18、equired to be security screenedNOTE An individual might be new to the organization or an existing employeetransferring roles within the organization.2.6 limited security screeningalong with information required and preliminary checks, the minimum amountof security screening necessary to be completed
19、 satisfactorily before an offer ofconditional employment can be madeBRITISH STANDARD BS 7858:2012 The British Standards Institution 2012 12.7 organizationcompany (including sole traders and partnerships), establishment, government orlocal authority department, or other body employing and/or contract
20、ingindividuals, including volunteers, in an environment where the security and/orsafety of people, goods and services, personal data or property is a significantconsideration2.8 relevant employmentemployment which involves, or may involve, the acquisition of, or access to,information, assets or equi
21、pment, the improper use of which could involve theorganization, any client of the organization, or any third party, in a security riskNOTE 1 The definition applies to individuals irrespective of whether they areengaged full-time or part-time, on a permanent or temporary basis, and/oremployed directl
22、y or as subcontractors.NOTE 2 Further guidance on individuals considered under relevant employment canbe found in The Information Commissioners Employment Practices Data ProtectionCode Part 1: Recruitment and Selection 2.2.9 screening controllerindividual within an organization, responsible for maki
23、ng sure that the securityscreening process is being carried out correctly2.10 screening officerindividual within an organization, engaged in security screening or a third partyproviding security screening services2.11 security screening form(s)suitable form(s) used to gather and record information r
24、equired to securityscreen2.12 security screening periodperiod of not less than five years immediately prior to the commencement ofrelevant employment or transfer to relevant employment, or back to the age of16 if this date is more recent2.13 subcontractorcompany, agency worker(s), individual(s) and
25、temporary worker(s) not directlyemployed by the organization, contracted to carry out work on behalf of theorganization2.14 wet signatureoriginal signature written on a piece of paper, as opposed to a fax copy or anagreement offered orally or electronically2.15 writinglegible document (hardcopy docu
26、ment or electronically stored documentcapable of being printed and/or viewed on screen)NOTE For verification of identity of signatories to electronic documents, attentionis drawn to The Electronic Communications Act 2000 3.3 Risk managementThe organization should not employ individuals whose career
27、or historyindicates that they would be unsuitable for the role, given that suchemployment might allow opportunities for illicit personal gain, or thepossibilities of being compromised, or opportunities for creating any otherbreaches of security.BRITISH STANDARDBS 7858:20122 The British Standards Ins
28、titution 2012NOTE 1 Attention is drawn to UK employment law, commercial insurance cover andthe applicable terms and conditions of employment.The organization should ensure that all individuals employed in securityscreening (see Clause 8), and those with authority to offer employment,maintain high st
29、andards of honesty and integrity in view of the specialcircumstances of the environment in which they are employed.Although no system of security screening can provide absolute security, theorganization should endeavour to ensure that the integrity of its personnel isestablished and maintained.NOTE
30、2 An integral part of risk management is to provide a structured process fororganizations to identify how objectives might be affected. It is used to analyse therisk in terms of consequences and their probabilities before the organization decideswhat further action is required.NOTE 3 In some cases,
31、where the verification procedures cannot be completedsatisfactorily, employment might be prevented, terminated or employment offerwithdrawn. It is emphasized that this is not necessarily an indication of unsuitability;it might simply not have been possible to obtain the required positive evidence.4
32、Security screening process4.1 OverviewThe organization should carry out security screening in accordance with thisBritish Standard prior to the engagement of individuals for relevantemployment or to their being transferred to relevant employment from otherduties.NOTE 1 For acquisitions and transfers
33、 see Clause 6.NOTE 2 Where labour is subcontracted see Clause 7.The organization should ensure that employees already in relevant employmentare security screened in accordance with this British Standard.NOTE 3 Attention is drawn to the Data Protection Act 1998 4 and theEmployment Rights Act 1996 5.N
34、OTE 4 It is not a provision of this British Standard that employees alreadyscreened to previous editions of this standard are re-screened, provided evidence ofprevious screening can be clearly demonstrated.The full security screening process should be carried out in accordance with thisstandard, reg
35、ardless of an individuals previous employment, even if thatemployment was in a security environment.NOTE 5 Attention is drawn to the Rehabilitation of Offenders Act 1974 6.4.2 AdministrationThe screening controller should ensure that screening data is held confidentiallyand stored securely to preven
36、t unauthorized access and alteration.NOTE 1 Attention is drawn to the Data Protection Act 1998 4 which requiresorganizations that are Data Controllers to notify the Information CommissionersOffice of the processing that is taking place.NOTE 2 With regard to the storage of electronic data, attention
37、is drawn to thefollowing standards; BIP 0008-1 and BS ISO/IEC 27001 (BS 7799-2) andBS ISO/IEC 27002 (BS 7799-1).BRITISH STANDARD BS 7858:2012 The British Standards Institution 2012 3The organizations security screening working practices should be regularlyreviewed and updated if necessary, and shoul
38、d deal with such matters asclearing desks, locking filing cabinets, etc. at the end of the working day;security shredding and disposing of waste paper (including spoiled documents,etc.); the control of access to computers and data storage media, recordings oftelephone conversations, etc.NOTE 3 Atten
39、tion is drawn to the Information Commissioners Employment PracticeCode 2, and the need to comply with any obligations in the InformationCommissioners Code.Organizations should maintain the following in electronic or paper format:a) a separate file for each individual subjected to security screening.
40、 The filesof all individuals currently employed but still subject to completion ofscreening should be identified separately from other employee files; andb) verification progress sheets (or equivalent) for each individual subjected tosecurity screening.Where applicable, records should clearly indica
41、te that an individual isconditionally employed but still subject to completion of screening. Recordsshould show prominently the dates on which such employment commenced andis to cease if screening is not completed within 12 or 16 weeks after the date ofcommencement, dependent on the security screeni
42、ng period.The screening file should be retained during employment (see also Clause 9).4.3 Provision of information4.3.1 GeneralWritten evidence should be obtained to see if there is anything in theindividuals background which would reflect adversely upon their suitability forthe proposed employment
43、(see Clause 3).NOTE When obtaining written references, it is important to be sure that the sourceis genuine. If considered necessary, extra checks can be made to verify the validity offacsimile numbers, postal and email addresses.4.3.2 AuthorizationsThe security screening form should state that info
44、rmation is gathered tofacilitate security screening in accordance with BS 7858, in order to determinewhether individuals are suitable to be employed in a security environment.The organization should make the individual aware at their interview orapplication, whichever is appropriate, that, with the
45、individuals writtenpermission, the organization is authorized to obtain the following in accordancewith relevant legislation:a) background career/history checks. if permission to contact a currentemployer is withheld until an offer of employment is made, the individualshould be informed that a condi
46、tion of the offer of employment is that theoffer can be withdrawn if the security screening is not concludedsatisfactorily. The period of current employment should initially be verifiedby a personal reference and/or documents which substantiate employment;b) a search of public record information. e.
47、g. County Court Judgments,bankruptcies, financial sanctions1)and proof of identity and proof ofaddress; andc) a criminality check: see 4.7j).1)See http:/www.hm-treasury.gov.uk/fin_sanctions_index.htm.BRITISH STANDARDBS 7858:20124 The British Standards Institution 20124.3.3 Information requiredThe or
48、ganization should request the following information at the appropriatepoint of the screening process.a) The individuals personal details including:1) full name, including forename(s) and surname/family name(s);2) other and/or previous forename(s) and surname/family name(s) usedduring the security sc
49、reening period;3) aliases, i.e. any name(s) used in addition to current or previous name(s)during the security screening period;4) full address history, including “from” and “to” dates, for the past fiveyears;5) date of birth;6) National Insurance number;7) evidence of right to work in the UK2);8) SIA licence number and expiry date (if held).b) Details of the individuals education, employment, periods ofself-employment (see 4.7), unemployment and gaps in employment(including career breaks, etc.) throughout the security sc
