National Security Inspectorate Sentinel House, 5 Reform Road, Maidenhead, SL6 8BY E: nsi@nsi.org.uk | W: nsi.org.uk Page 1 of 14 © NSI 2018 Date: 27 September 2018 To: 1. All NSI Guarding Gold and Silver approved companies holding approval for the provision of investigative services 2. Applicant Companies who wish to gain approval for the above scope of approval TECHNICAL BULLETIN No: 0045 Guidance on the implementation of BS 102000:2018 British Standard Code of Practice for the Provision of Investigative Services (Supersedes BS 102000:2013) BS 102000:2018 has a publication date of 31 August 2018 and is available through licensed outlets including NSI who can supply copies at a discounted rate. BS 102000:2018 gives recommendations for the conduct, management, staffing and operational accountability for the provision of investigative services. Organisations that demonstrate compliance with BS 102000:2018, and also satisfy the relevant NSI criteria for approval, will be approved for the following scope: “The provision of investigative services in accordance with the requirements of BS 102000:2018”. The 2018 edition of BS 102000 will now be applied to all NSI approval schemes where the criteria for approval requires compliance with BS 102000 as a condition of NSI approval. The Standard will be applied with immediate effect, subject to the additional clarifications and guidance contained within this Technical Bulletin. Implementation timescale for Applicant Companies Applicant Companies will be audited against BS 102000:2018 with immediate effect and any Improvement Needs recorded against clauses of the Standard will have to be satisfactorily addressed before approval can be granted. Implementation timescale for existing Approved Companies Companies holding NSI approval to BS 102000:2013 will be audited to BS 102000:2018 at the next scheduled visit. NSI Technical Bulletin No. 0045 Page 2 of 14 © NSI 2018 STATUS OF BS 102000:2018 Although issued as British Standard Code of Practice, compliance with the recommendations given in BS 102000:2018 are mandatory for companies wishing to maintain NSI approval with respect to the provision of investigative services; subject to any additional clarifications and guidance included within this Technical Bulletin or issued subsequently. The recommendations given in BS 102000:2018 must therefore be regarded as requirements in relation to NSI approval for the provision of door supervision services. SUMMARY OF MAIN CHANGES The Foreword clarifies that the 2018 edition is a full revision of the standard, and introduces the following principal changes: • An enhanced definition of “investigation”; • The introduction of a definition of “person of interest”; • Updated references; and • Reconsideration of the vetting processes. In relation to vetting processes, it is no longer mandatory to security screen in accordance with BS 7858. However it is still necessary to select investigators on the basis of satisfactory checks given in sub-clause 5.1.1, which are: a) A public financial information check to determine whether an applicant or applicant’s business(es) is clear of any monetary judgment or insolvency. b) The production of a Criminal Conviction Certificate (Basic Disclosure) that is no older than three years in accordance with the Disclosure and Barring Service. c) Provision of two professional referees from whom references can be obtained. d) Interview by an individual or panel of, or on behalf of, the investigative service provider and assessment of suitability. e) Production of proof of identity and residence at the interview. f) Production of qualifications appropriate to the individual’s role. Also, there is a new Annex: Annex B (informative) – The inference cycle as applied to an investigation DETAILS OF THE CHANGES (Highlighted under the clauses of the new Standard) Comments against each clause of BS 102000:2018 detail the changes when compared with the corresponding clause within BS 102000:2013. Quotations from the standard are reproduced in bold text. NSI Technical Bulletin No. 0045 Page 3 of 14 © NSI 2018 Additional guidance is given in italics. We will consider alternative methods of achieving compliance with specified requirements where these can be demonstrated to be equivalent. CONTENTS The contents page of BS 102000:2018 shows that the six main clauses of the 2013 standard have been retained along with a new Introduction containing information about the inference cycle . Annexes A, B and C are retained (as Annexes A, C and D) along with a new Annex B . Annex A (informative) – Legislative/statutory framework for investigative services Annex B (informative) – The inference cycle as applied to an investigation Annex C (informative) – Activities associated with investigative services Annex D (informative) – Example code of conduct FOREWORD BS 102000:2018 was prepared by BSI Technical Committee GW/3, Private security management and services. The Foreword clarifies that the 2018 edition supersedes BS 102000:2013, which is withdrawn . The Foreword draws attention to the Private Security Industry Act, which contains provisions for regulating private investigations that are yet to be introduced. The Foreword clarifies that the 2018 edition is a full revision of the standard, and introduces the following principal changes: • An enhanced definition of “investigation”; • The introduction of a definition of “person of interest”; • Updated references; and • Reconsideration of the vetting processes. INTRODUCTION This new clause of the standard describes the inference cycle , which is a series of stages in an investigation process as follows: a) Suspicion b) Hypothesis c) Identification and collection of possible evidence NSI Technical Bulletin No. 0045 Page 4 of 14 © NSI 2018 d) Verification or corroboration e) Acceptance or modification of hypothesis f) Suspicion sustained, modified or rejected For a practical illustration of how the inference cycle applies in an investigation, see Annex B. 1 SCOPE The first paragraph of the scope clause is unchanged. There is a new second paragraph as follows: This British Standard is specifically designed to provide a broad set of procedures to assist the investigative provider in adhering to industry best practice; it also draws attention to the case management procedures, data handling regulations and the employment practices applicable to the investigation. This standard also recommends how the organization can demonstrate it has the financial and operational resources available to provide the services offered, and is competent and provides recourse in the event of a complaint. A second NOTE has been added: NOTE 2 A non-exhaustive list of investigative services activities is given in Annex C . 2 NORMATIVE REFERENCES The reference to BS 7858, Security screening of individuals employed in a security environment – Code of practice has been deleted. There are no normative references in this document. 3 TERMS AND DEFINITIONS The previous set of nine definitions has been increased to ten. Therefore the reference numbers for some existing definitions have changed. 3.1 New definition for client legal person requesting the investigative service 3.2 independent adjudication No change. 3.3 investigative services No significant change. NSI Technical Bulletin No. 0045 Page 5 of 14 © NSI 2018 3.4 investigative service provider No change. 3.5 investigative service provider owner No change. 3.6 investigator No change. 3.7 legal person No change. 3.8 New definition for person of interest any person who is to be interviewed in connection with an investigation and by virtue of the objective of the interview would be entitled to the rights and protection of a legal advisor, friend, appropriate adult or other representative 3.9 subcontractor (previously 3.8) No change. 3.10 surveillance (previously 3.9) No change. 4 INVESTIGATIVE SERVICE PROVIDER 4.1 Structure There are some minimal changes. In the second paragraph, the word “liquidations” has been changed to liquidations in the previous five years . Note 1 has been reworded as follows: NOTE 1 Attention is drawn to the relevant legislation for the rehabilitation of offenders, whose provisions govern such disclosure. 4.2 Finances There are no significant changes. NSI Technical Bulletin No. 0045 Page 6 of 14 © NSI 2018 4.3 Insurance No changes. 4.4 Legal compliance The text has been simplified as follows: The proposal forming part of the contract should demonstrate that the investigative service provider is aware of and compliant with the restrictions on activities imposed by relevant legislation. NOTE See Annex A for examples of relevant legislation. 4.5 Code of conduct There are no significant changes. 4.6 Subcontractors The text has been changed as follows: Subcontractors should be given written instructions on the duties to be performed and be required to comply with the investigative service provider’s code of conduct. 5 RESOURCING 5.1 Staffing: selection and screening 5.1.1 Staff The first sentence of the first paragraph has been deleted so it is no longer required to select and screen all staff in accordance with BS 7858. Similarly it is no longer required to security screen in accordance with BS 7858 if employees are acquired through a takeover. However it is still a requirement, subject to the minor changes indicated in bold typeface, to select investigators based on the following: a) A public financial information check to determine whether an applicant or applicant’s business(es) is clear of any monetary judgment or insolvency. b) The production of a Criminal Conviction Certificate (Basic Disclosure) that is no older than three years in accordance with the Disclosure and Barring Service . 1 c) Provision of two professional referees from whom references can be obtained. d) Interview by an individual or panel of, or on behalf of, the investigative service provider and assessment of suitability. NSI Technical Bulletin No. 0045 Page 7 of 14 © NSI 2018 e) Production of proof of identity and residence at the interview. f) Production of qualifications appropriate to the individual’s role . Also the following footnote has been added: 1 See [last viewed 31 July 2018]. 5.1.2 Subcontractors The first sentence of the first paragraph has been amended as follows: Subcontractors should be selected and screened in accordance with 5.1.1, items a) to f). It is no longer required to security screen subcontractors in accordance with BS 7858. There are no other changes. 5.1.3 Changes to circumstances No changes. 5.2 Health No changes. 5.3 Licensing status The first paragraph has been amended as follows: A record of the current status of relevant licences should be maintained and regularly reviewed, at least on an annual basis . Regular checks should be carried out to confirm that staff requiring licences comply with the terms and conditions of their licence at all times. The first and third paragraphs of the 2013 edition have been merged as shown above. 5.4 Training 5.4.1 Policy No changes. 5.4.2 Induction No changes. NSI Technical Bulletin No. 0045 Page 8 of 14 © NSI 2018 5.4.3 Competence There are no changes apart from item d) being amended to remove the word “(techniques)” so as to read simply: d) Surveillance. 5.4.4 Continuous professional development The first paragraph has been amended as follows: The investigative service provider should monitor the effectiveness of all investigators and provide refresher or remedial training as soon as practicable . This recognizes that refresher or remedial training is always likely to be necessary from time to time. There are no other changes. 5.4.5 Training records No changes. 5.5 Identification No changes. 5.6 Premises There are no changes apart from the addition of a new Note as follows: NOTE Further information on the management of electronic data can be found in BS EN ISO/IEC 27001. 5.7 Equipment There are no changes apart from the re-wording of the Note as follows: NOTE Attention is drawn to the need for equipment to also meet legislative and regulatory requirements. 6 CLIENT INSTRUCTIONS 6.1 Scope of investigative services The text of 6.1 has been amended as follows: Written instructions should be obtained from the client, specifying the parameters and extent of the investigation, with clearly identified objectives. Where the client provides instructions NSI Technical Bulletin No. 0045 Page 9 of 14 © NSI 2018 verbally during the course of the investigation , the investigative service provider should document these for future reference to be confirmed in writing between the client and the investigator as soon as is reasonably practicable . The words “When possible,” have been deleted from the beginning of the paragraph making the requirements much firmer. 6.2 Due diligence 6.2.1 Conflict of interest There are no changes apart from deletion of the Note that appears in the 2013 edition. 6.2.2 Identity of client The text of 6.2.2 has been amended as follows: The investigative service provider should ensure that they know the identity of the prospective client, or be satisfied as to the bona fides of an intermediary and that they [the prospective client] have an ethical and legitimate reason for requesting the investigation. 6.2.3 Management of information The wording of Note 2 has been amended as follows: NOTE 2 Attention is drawn to the provisions of data protection legislation, and civil and criminal procedure disclosure provisions. The fourth paragraph has been amended as follows: Information stored in an electronic retrieval system should be regularly backed-up and stored separately. NOTE 3 Further information on the management of electronic data can be found in BS EN ISO/IEC 27001. There is nothing significant in the above changes. Note 4 in the 2013 edition has been raised to a full recommendation as follows: Information relating to a contract should be maintained for at least six years after termination. 6.3 Conducting the investigation 6.3.1 Planning There are no changes. NSI Technical Bulletin No. 0045 Page 10 of 14 © NSI 2018 6.3.2 Information gathering There are no significant changes apart from: c) 1) iii) Delete “suspects”, now reads confirming identities; c) 1) xi) Delete “suspicion”, now reads “taking prompt action to calm any grievance where indications of responsibility or involvement are proved to be unfounded;” c) 2) Delete “suspects”, now reads “accurately recording and interpreting relevant facts, and establishing, where possible, their level of involvement ; and” c) 3) Delete “legible” and “suspects”, now reads “producing accurate and evidentially compliant statements, including corrections, alterations and additions which have been agreed and endorsed by interviewees .” f) 3) Add “Northern Ireland”, now reads “understanding the differences between English, Welsh, Scottish and Northern Ireland law where necessary;” 6.3.3 Analysis and review There are no changes. 6.3.4 Completion of investigation There are no changes apart from a slight amendment of the NOTE, which now reads: NOTE Attention is drawn to the provisions of data protection legislation. Attention is drawn to the Data Protection Act 2018 ANNEXES Annexes A, B and C are retained (as Annexes A, C and D) along with a new Annex B . Annex A (informative) – Legislative/statutory framework for investigative services Annex B (informative) – The inference cycle as applied to an investigation Annex C (informative) – Activities associated with investigative services Annex D (informative) – Example code of conduct Further details are given below. NSI Technical Bulletin No. 0045 Page 11 of 14 © NSI 2018 ANNEX A (INFORMATIVE) LEGISLATIVE/STATUTORY FRAMEWORK FOR INVESTIGATIVE SERVICES Annex A has been re-written to indicate (1) legislation considered essential for the provision of investigative services and (2) legislation considered desirable in terms of investigative service, subject to the nature and scope of the services provided. Also brief explanatory text about the legislation has been deleted. Consequently the text of Annex A now reads: Knowledge of the following legislation is considered essential in terms of the provision of investigative services. a) The Data Protection Act 2018 [3] and provisions of the General Data Protection Regulations [4]. b) Regulation of Investigatory Powers Act 2000 [5] or the Regulation of Investigatory Powers (Scotland) Act 2000 [6]. c) The Human Rights Act 1998 [7]. d) The Protection from Harassment Act 1997 [8]. e) The Computer Misuse Act 1990 [9]. f) The Private Security Industry Act 2001 [1]. g) The Criminal Procedure and Investigations Act 1996 [10] and the Criminal Procedure (Scotland) Act 1995, as amended [11]. h) The Civil Procedure Rules 1998 [12], Part 31 (Disclosure). Knowledge of the following legislation is considered desirable in terms of investigative service, subject to the nature and scope of the services provided. 1) The Consumer Credit Act 1974, as amended [13]. 2) The Police and Criminal Evidence Act 1984 (PACE) [14] and the PACE codes of practice [15]; and the Criminal Procedure Rules 2015 [16]. 3) The Public Interest Disclosure Act 1998 [17]. 4) The Freedom of Information Act 2000 [18] and the Freedom of Information (Scotland) Act 2002 [19]. 5) The Protection of Freedoms Act 2012 [20]. 6) The Money Laundering Regulations 2007 [21]. 7) The Bribery Act 2010 [22]. 8) The Fraud Act 2006 [23]. 9) The Theft Act 1968 [24]. 10) The Consumer Insurance (Disclosure and Representations) Act 2012 [25]. 11) The Equality Act 2010 [26]. NSI Technical Bulletin No. 0045 Page 12 of 14 © NSI 2018 ANNEX B (INFORMATIVE) THE INFERENCE CYCLE AS APPLIED TO AN INVESTIGATION This is a new Annex with information as to how the inference cycle applies in an investigation.Table B.1 provides a practical example of how the inference cycle applies: Table B.1 — The inference cycle as applied to an investigation State of enquiry Definition Examples Suspicion Result of initial call for service 1) A caller reports an assault. 2) A road traffic collision has occurred. 3) An employee has disclosed bad practice. Hypothesis The initial impressions at the incident scene; or the result of client’s input; or the result of initial witness input 1) The caller names the attacker. 2) Road conditions suggest bad driving. 3) A systems check is requested. Identification of possible evidence Documentary evidence Physical evidence Detailed witness evidence (as dictated by circumstances of the case) 1) Forensic, CCTV, witnesses identified. 2) Measurements, dash-cam footage, witnesses identified, street plans are created. 3) Protocols are checked, witnesses are interviewed. Collection of evidence Taking of statements Gathering and submission of forensic evidence Collection of exhibits Witness interviews Documentary collection 1) Witnesses interviewed, wounds photographed, alleged assailant interviewed. 2) Witnesses interviewed, dash-cam footage reviewed, drivers interviewed. 3) Witnesses interviewed, system adherence checked. Verification Corroboration Forensic results Evidence checked against other evidence to see if it supports or contradicts. Actions taken as arising. Acceptance or modification of hypothesis Result of analysis of the collected evidence – what does it indicate? 1) Assailant is/isn’t guilty. 2) Driver is/isn’t liable. 3) System is/isn’t being complied with. Suspicion Sustained: prosecute/claim/report Modified: return to identification or collection stage Rejected: return to suspicion stage 1) Prosecution or not. 2) Liable or not. 3) System is valid, modified or replaced. NSI Technical Bulletin No. 0045 Page 13 of 14 © NSI 2018 ANNEX C (INFORMATIVE) ACTIVITIES ASSOCIATED WITH INVESTIGATIVE SERVICES This Annex was Annex B in the 2013 edition of the standard. There are no significant changes apart from: Item j) Due diligence: Add item 5) as follows: 5) public interest disclosure (whistleblowing). Item o) Employment investigations: Add items 1) to 6) as follows: 1) health and safety; 2) disciplinary; 3) grievance including harassment, discrimination and victimization; 4) sickness/absence; 5) performance management; and 6) compliance. Item p) Other investigations: Add new section “Other investigations” with items 1) and 2) as follows: 1) asset tracing; and 2) competitor intelligence. ANNEX D (INFORMATIVE) EXAMPLE CODE OF CONDUCT This Annex was Annex C in the 2013 edition of the standard. There are no changes to the content. BIBLIOGRAPHY References in the Bibliography have been updated as required, including some additions and deletions. The listing of changes below does not cover updates to the same document (for example change of date of publication). Standards publications Added: NSI Technical Bulletin No. 0045 Page 14 of 14 © NSI 2018 BS 7858, Security screening of individuals employed in a security environment — Code of practice Deleted: PD 5454, Guide for the storage and exhibition of archival materials. Other publications Added: [2] CORNWALL, H. The industrial espionage handbook . London: Century Books, 1991. [4] EUROPEAN COMMUNITIES. Regulation (EU) 2016/679. Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Luxembourg: Office for Official Publications of the European Communities, 2016. [15] GREAT BRITAIN. PACE codes of practice. London: The Stationery Office. [Available at: www.gov.uk/guidance/police-and-criminal-evidence-act-1984-pace-codes-of-practice#pace- codes-of-practice]. [26] GREAT BRITAIN. Equality Act 2010. London: The Stationery Office. [Available at: www. legislation.gov.uk/ukpga/2010/15/contents] Not included from 2013 edition: [2] GREAT BRITAIN. The Rehabilitation of Offenders Act 1974, as amended London: TSO. [9] OFFICE OF FAIR TRADING (OFT). Debt Collection Guidance . London: OFT. 2003. (http://www.actcredit.com/OFT-Debt-Collection-Guidance.pdf). [15] GREAT BRITAIN. The Criminal Justice and Public Order Act 1994. London: TSO. [17] GREAT BRITAIN. The Crime and Disorder Act 1998. London: TSO. [20] COUNCIL OF EUROPE. Convention for the Protection of Human Rights and Fundamental Freedoms, as amended by Protocols No. 11 and 14. Rome: Council of Europe. 1950. [28] MINISTRY OF JUSTICE. The Civil Procedure Rules, Part 31: Disclosure and inspection of documents. London: Ministry of Justice. ( http://www.justice.gov.uk/courts/procedure-rules/civil/rules/part31 ).
