National Security Inspectorate Sentinel House, 5 Reform Road Maidenhead SL6 8BY Website: nsi.org.uk Document no. NCP 111 Document issue no. 5 Document issue date August 2020 Document owner Head of Field Operations (Services) Last review date August 2020 Document classification PUBLIC (RESTRICTED) Page 1 of 8 © NSI 2020 NSI code of practice for the provision of screening services NCP 111.5 Aug 2020 NSI code of practice for the provision of security screening services Document no. NCP 111 Document issue no. 5 Document issue date August 2020 Document owner Head of Field Operations (Services) Last review date August 2020 Document classification PUBLIC (RESTRICTED) Page 2 of 8 © NSI 2020 Contents 1 Introduction ………………………….. ………………………….. ………………………….. ………………………….. ……………. 3 2 Scope ………………………….. ………………………….. ………………………….. ………………………….. ……………………….. 3 3 Requirements ………………………….. ………………………….. ………………………….. ………………………….. …………. 3 Clause 4 Top management commitment ………………………….. ………………………….. ………………………….. …………………… 4 Clause 5 Risk Management ………………………….. ………………………….. ………………………….. ………………………….. ………………. 4 Clause 6 Individuals employed in screening ………………………….. ………………………….. ………………………….. ……………… 4 Clause 7 Screening process ………………………….. ………………………….. ………………………….. ………………………….. ……………… 5 Clause 8 Sub – contractors ………………………….. ………………………….. ………………………….. ………………………….. …………………. 7 Clause 9 Ancillary staff ………………………….. ………………………….. ………………………….. ………………………….. ………………………. 7 Clause 10 Acquisitions and transfers ………………………….. ………………………….. ………………………….. ………………………….. . 7 Clause 11 Records ………………………….. ………………………….. ………………………….. ………………………….. ………………………….. …. 7 Clause 12 Example forms – Annex A ………………………….. ………………………….. ………………………….. ………………………….. . 7 Clause 13 Additional NSI requirements ………………………….. ………………………….. ………………………….. ……………………… 7 NSI code of practice for the provision of security screening services Document no. NCP 111 Document issue no. 5 Document issue date August 2020 Document owner Head of Field Operations (Services) Last review date August 2020 Document classification PUBLIC (RESTRICTED) Page 3 of 8 © NSI 2020 1 Introduction It is a condition of approval for the majority of the NSI Certification schemes that the services are carried out by individuals who have been successfully screened in accordance with BS 7858. BS 7858 is the British Standard Code of Practice (CoP) for screening of individuals working in a secure environment and it essentially concentrates upon the checks and verifications to be carried out in order to successfully screen an individual. It does n ot include any significant detail that an organization carrying out such services should satisfy. This is not an issue where the screening is carried out in house by a security service provider as the NSI a pproval will also entail compliance with a technic al or service provision standard or CoP such as BS 7499 for static guardin g . The additional CoPs in connection with the NSI Regulations and any specific scheme criteria specify the general requirements that the company providing the service should satisfy. It is important for the understanding of BS 7858:2019 that you have read and understood the foreword of the standard. Historically , organizations providing a commercial screening service targeted and received most of their business from the security guarding sector where there is often the greatest turnover of staff. In such cases a condition of NSI approval was that such screening pr oviders should also satisfy the applicable requirements of BS 7499 with respect to the structure of the organization, finances, insurance etc. Organizations providing a commercial screening service and seeking NSI Approval now increasingly service a wide r ange of security service providers where BS 7499 has little or no relevan ce. Therefore this NSI Code of P ractice has been produced to establish common criteria that any organization providing a commercial screening service should satisfy if they wish to be approved by NSI. It should be read in conjunction with BS 7858:201 9 and the NSI Technical Bulletin 00 49 . 2 Scope The scope of this NSI Code of Practice covers any organization that seeks to obtain and maintain NSI Approval for screening services. 3 Requireme nts The clau se reference numbers and titles in Table 1 below relate to the clause reference numbers and titles of BS 7858: 201 9 . The requirements, listed under ‘Additions / Omissions / Modifications ’ shall be read in conjunction with the corresponding clau ses NSI code of practice for the provision of security screening services Document no. NCP 111 Document issue no. 5 Document issue date August 2020 Document owner Head of Field Operations (Services) Last review date August 2020 Document classification PUBLIC (RESTRICTED) Page 4 of 8 © NSI 2020 of BS 7858:201 9 and are the requirements that have to be satisfied by any organisation wishing to maintain an NSI approval for the provision of screening services. Where additional text is reproduced in italics in Table 1, it is included as additional guidance rather than as a specified requirement. BS 7 858:201 9 clauses Additions / Omissions / Modifications for Screening Services Clause 4 Top management commitment The requirements of clause 4 shall be followed. The organisation shall ensure processes are in place to review business performance and ongoing resource availability. R eviews shall include performance against contractual arrangements, customer satisfaction and staff performance. Clause 5 Risk Management The organization shall ensure that on induction or during training individuals carrying out screening are made aware of the principles laid down in clause 5 as summarized below: ‘T he objective of screening i.e. to employ individuals who may be suitable for the role given that such employment might allow opportunity for illicit gain, being compromised, or creating a breach of confidentiality, trust and safety. ’ Clause 6 Individuals employed in screening 6 .1 General A confidentiality agreement shall be signed by all screening personnel and should also include a statement to confirm tha t the individuals are aware they may be processing sensitive personal data falls within the provisions of the Data Protection Act 2018 a nd General Data Protection Regu lation . This should include the period of both employment and post – employment. Individuals completing screening should also be mindful of the difference between personal opinion and fact when recording information. 6 .2 Trai ning The required training records for all individuals carrying out screening shall be signed by both the trainer and trainee. Where the required training is carried out internally the content of the training package sha ll be clearly documented so a view can be taken regarding its adequacy. Training for screening staff shall include awareness of nationalities that require a work permit, visa etc . and for NSI code of practice for the provision of security screening services Document no. NCP 111 Document issue no. 5 Document issue date August 2020 Document owner Head of Field Operations (Services) Last review date August 2020 Document classification PUBLIC (RESTRICTED) Page 5 of 8 © NSI 2020 BS 7 858:201 9 clauses Additions / Omissions / Modifications for Screening Services example restrictions on the extent of employment that can be carried out by individuals gaining entry o n a student visa. 6 .3 Outsourced screening The o utsourced screening organization shall ensure th at all personnel understand it is not their decision whether employment is granted and they merely advise whether or not the screening has been satisfactorily completed. The organization u tilising the screening services sh all retain ultimate responsibility for the outsourced screeni ng process and should review the completed screening file . Clause 7 S creening process 7 . 1 General The organization shall be mindful of the fact they are processing sensitive and confidential personal data and it shall be held under secure conditions that prevent unauthorized access or viewing. A data controller shall be appointed and the organization shall maintain registration with the Information Commissioners Office as required by the Data Protection Act. 7.2 Administration A screening file shall be established for each individual subject to screening and on satisfactory completion it shall be passed to the potential employer. If the screening organization retains any of the screening or personal information it shall be clear that the individual w ho has been screened has given their consent for this. The file may either be held electronically or in paper format. Secure storage of records shall include a clear desk policy at the end of each working day such that all sensitive personal data is held in lockable cabinets in a secure office (an appropriate alarm system shall be considered in relation to the perceived level of risk, contracts held and t ype of personnel being screened). Where secure shredding of documents is not conducted on site, the ba s is of selection of the secure shredding contractor shall be demonstrated and ideally include compliance with a recognized code of practice or membership requirements for an appropriate trade association. Where documents sent down this route are of high sen sitivity , waste destruction/transfer notes shall be retained. 7 . 3 Provision of information Where the client does not have an acceptable application form that captures all the required information to facilitate satisfactory screening , the organization carrying out the screening shall have an appropriate form to capture the necessary information detailed within this clause of BS 7858. NSI code of practice for the provision of security screening services Document no. NCP 111 Document issue no. 5 Document issue date August 2020 Document owner Head of Field Operations (Services) Last review date August 2020 Document classification PUBLIC (RESTRICTED) Page 6 of 8 © NSI 2020 BS 7 858:201 9 clauses Additions / Omissions / Modifications for Screening Services Where photo copies of information are supplied via the client it should be clear the client has seen the originals. S creening shall not commence until a statement is seen from the individual to be screened that authorizes an approach to current and former employers etc., and it is clear whether the standard 5 year screening or a longer period is required. No te: All screening personnel shall demonstrate an understanding of the sensitivities of approaching current employers. 7 .4 Preliminary checks Where photo copies of i dentity documents are supplied via the client it should be clear the client has seen the ori ginals. If a match is found whilst completing the Global W atchlist checks, the client shall be informed so they can decide t he appropriate course of action. When approaching credit reference agencies for public information searches , it shall be clear the f inancial history is required for employment purposes and not for the purposes of granting credit. If a concern appears whilst conducing the public record information searches, the client shall be informed so they can decide the appropriate course of actio n . 7 .5 Conditional employment When t he client has been informed sufficient satisfactory screening has been conducted to offer conditional employment , at the client’s discretion, it shall be clear what further confirmation is required. 7 .6 Period allowed for completion of full screening for individuals in conditional employment If screening cannot be completed within the period specified in the standard, the client shall be informed prior to the end of the required time period and the reasons clearly stat ed. If the client makes the decision to extend the screening period into permitted periods of extension , this should be approved by the client ’ s top management, recorded, retained and made easily accessible. The extension of the screening period is not i ntended to be used to cover for a shortage of screening personnel. 7 .7 Completion of screening (verification of information) Statutory declarations shall only be used with the prior documented approval of the client ’ s top management. Where the client has requested a higher level of criminality check rather than the basic disclosure, the reasons for this shall be clearly established. NSI code of practice for the provision of security screening services Document no. NCP 111 Document issue no. 5 Document issue date August 2020 Document owner Head of Field Operations (Services) Last review date August 2020 Document classification PUBLIC (RESTRICTED) Page 7 of 8 © NSI 2020 BS 7 858:201 9 clauses Additions / Omissions / Modifications for Screening Services 7 .8 Review of screening pro gress The verification progr ess sheet shall demonstrate timely action is taken to chase all the necessary verifications and inform the client if difficulties are encountered. Clause 8 Sub – contractors If the client has requested screening for any of its sub – contractors then it shall be clear that the sub – contractor’s and the individual’s consent have been obtained. Clause 9 Ancillary staff The organisation shall apply the requirements of BS 7858:2019 to relevant ancillary staff within their working environment . Clause 10 Acquisitions and transfers Where it is clear retrospective screening is being carried out, screening personnel shall demonstrate awa reness of the sensitivities they may need to observe when dealing directly with individuals being screened and awareness of the Employment Rights Act and Transfer of Undertakings (Protection of Employment) Regulations . Clause 11 Records The organization shall demonstrate awareness of the requirements fo r maintenance of records so the client can be advised if necessary and particularly if the contract requires records to be maintained on behalf of the client. Clause 1 2 Example forms – Annex A The organization shall either operate in accordance with the client’s system and f orms or have their own set that request the information required by the standard. Clause 1 3 Additional NSI requirements 1 3 .1 Structure and principals The organization shall document and maintain a simple supporting management system* such that essential documents are issue controlled, appropriate records maintained and complaints from any stakeholder recorded, investigated and actioned as appropriate. * If NSI Gold Approval is required then the supporting management system shall satisfy the current version of BS EN ISO 9001 . NSI code of practice for the provision of security screening services Document no. NCP 111 Document issue no. 5 Document issue date August 2020 Document owner Head of Field Operations (Services) Last review date August 2020 Document classification PUBLIC (RESTRICTED) Page 8 of 8 © NSI 2020 BS 7 858:201 9 clauses Additions / Omissions / Modifications for Screening Services Details of the ownership and the principals of the organization shall be available and supplied to interested parties on request. 1 3 .2 Finances The organization shall be able to present two years trading accounts that demonstrate the business is financially sound , or if recently established , evidence of sufficient financial backing and working capital for its needs. 1 3 .3 Insurance T he provider shall maintain appropriate insurance. The provider shall possess insurance cover commensurate with the business undertaken, services provided and the number of persons employed. The provider shall hold, as a minimum, employer’s liability insu rance as expressed within the Employers’ Liability (Compulsory Insurance) Act. The provider shall also ensure that where relevant and/or required, other insurances are held, for example public liability, products liability, efficacy/inefficacy, profession al indemnity, contractual liability, wilful and belligerent acts, financial loss, fidelity bonding, directors and officers, property/office cover. Insurance certificate(s) and/or schedule(s) shall be directly produced by the insurer and not any agent or b roker. The documents shall specifically state the exact trade/trades being undertaken and cover to a sufficient level to ensure both third parties and staff are properly protected. 1 3 .4 Sales/marketing Sales/marketing information shall not make any claim s that cannot be substantiated. NSI certification marks/logo shall only be utilised as permitted under the scheme requirements. A quotation shall be produced for the client, which shall include the services being delivered and associated costs. This shall be available prior to commencement of the service. 13.5 Contractual arrangements The organization shall have a standard agreement that can be signed by both parties, that clearly sets out the extent of the screening services and the documentation to be provided by each party to facilitate completion of the screening process. The ag reement shall make it clear the decision to employ rest s with the potential employer and not with the organization carrying out the screening.