National Security Inspectorate Sentinel House, 5 Reform Road, Maidenhead, SL6 8BY E: nsi @nsi.org.uk | W: nsi.org.uk Page 1 of 19 © NSI 2019 D ate : 08 November 2019 To: All NSI approved companies and applicants where security screening to BS 7858 is referenced as part of the scheme criteria TECHNICAL BULLETIN No: 0049 Publication of BS 7858:2019 – Screening of individuals working in a secure environment – Code of Practice BS 7858:2019 was published on the 30 th September 2019 and is available from the BSI or NSI through the Standards on Subscription service for approved companies . Implementation timescale for applicant companies Applicant companies will b e audited against BS 7858:2019 with immediate effect and any Improvement Needs recorded against clauses of the Standard will have to be satisfactori ly addressed before approval can be granted. Implementation timescale for existing approved companies Existing NSI approved companies have until 31 st March 2020 to comply with the new standard. With immediate effect, BS 7858:2019 will be used as the basis for NSI auditing of security screening. In the interim , we may raise Auditor Notes for any of the requirements within the new Standard that are not fully satisfied. If you do not address any Auditor Notes satisfactorily then these will be treated as Improv ement Observation / Improvement Need Reports post 31 st March 2020. Details of the changes Where the actual wording of the Standard is quoted, it is reproduced in bold text. Where it is considered relevant, further clarification is included in italics. Plea se note this is not a definitive list of all the changes to BS 7858:2019. Only the significant changes to BS 7858 are detailed below. There have been numerous editorial changes and minor amendments to the Standard and you should refer to BS 7858:2019 if yo u are at all unsure about any of the recommendations included within this Technical Bulletin . ________________________________ ________________________________ ________________________________ _________ Technical Bulletin No: 0049 Page 2 of 19 © NSI 2019 Screening of individuals working in a secure environment – Code of Practice The Title has changed to remove the phrase ‘ security environment ’ and it is replaced with ‘ Secure environment ’. T hroughout the Standard , the term ‘secure’ replaces the term ‘security’ where it relates to screening or the working environment . Introduction This British Standard provides organizations who engage individuals working in a secu re environment with a methodology to reduce risk exposure in terms of their human resources and to give a high level of confidence in recruiting and the setting to work of individuals. This methodology of screening individuals takes a top down approach, i. e. responsibility for this process remains with top management. Top management can delegate accountability for certain roles and tasks; however, they remain responsible for this process. This methodology is driven by risk and it is incumbent on the organiz ation to apply risk management good practice when deciding how this methodology is implemented into their organization’s processes so that it consistently delivers the desired outcomes. It is important that the organization ensures that all individuals emp loyed in the screening process (see Clause 6), and those with the authority to offer employment, maintain high standards of honesty and integrity in view of the special circumstances of the environment in which they are employed. A new entry of a n informat ive Introduction providing a brief oversight of the key objectives of the Standard. 1 Scope This British Standard gives recommendations for the screening of individuals, working in a secure environment where the security and/or safety of people, goods and services, data or property is a requirement of the employing organization’s operations and/or where such screening is in the public int erest. NOTE 1 “Property” includes intellectual and physical property as well as cash and valuables. NOTE 2 Some insurers require BS 7858 as a part of the policy conditions and have additional requirements for screening, e.g. a longer screening period. This British Standard applies equally to all individuals in relevant employment, including full‑time and part – time employees, sole traders, partnerships, temporary and permanent employees, and to all levels of seniority, including directors. The objective Technical Bulletin No: 0049 Page 3 of 19 © NSI 2019 of s creening is to obtain sufficient information to enable organizations to make an informed decision on employing an individual in a secure environment. This British Standard does not cover the other elements of recruitment and selection that take place when employing people. It is assumed that screening would be an additional process added to existing recruitment and selection processes, for example this British Standard does not cover the application process, right to work status or specific competency in t he job role. The final sentence in the scope is a new introduction and illustrates that screening is only part of the recruitment process and must be used in addition to other recruitment tasks, e.g. determining right to work status, checking for appropria te qualification , etc. 3 Terms and definitions The def inition of executive is removed and replaced by the phrase ‘authorized person’. Both definitions ‘wet signature’ and ‘writing’ present in the 2012 edition are also removed from the 2019 edition. 3.2 C onditional employment period after limited screening has been completed and employment has commenced ahead of the completion of full screening NOTE Successful completion of screening is one criterion upon which the decision to grant confirmed employment is based. T he re – phrased definition of conditional employment includes clarity that employment can commence during the screening process . 3.6 organization person or group of people that has its own functions with responsibilities, authorities and relation ships to achieve its objectives NOTE The concept of organization includes, but is not limited to sole – trader, company, corporation, firm, enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated or no t, public or private. An organization , in addition to a company, can also refer to individuals or groups of people with their own functions or responsibilities. 3.7 outsource arrangement where an external organization performs part of an organization’s fu nction or process Technical Bulletin No: 0049 Page 4 of 19 © NSI 2019 ‘Outsource’ is a new definition . 3.8 process set of interrelated or interacting activities which transforms inputs into outputs ‘Process’ is a new definition . 3.10 screening administrator individual within an organization engaged in screening or a third party providing screening services ‘ S creening administrator’ was defined as a screening officer in the 2012 edition . 3.15 top management person or group of people who directs and controls an organization at the highest level NOTE Top management has the power to delegate authority and provide resources within the organization. ‘Top Management’ is a new definition. 4 Top management commitment Top management should: a) be committed to satisfying the recommendations of this British Standar d; b) ensure that the resources and infrastructure needed for the screening process are available; c) direct and support persons to contribute to the effectiveness of the screening process; and d) ensure that the responsibilities and authorities for releva nt roles are assigned and communicated within the organization. There is an emphasis within the Standard that ‘Top management’ should be committed to taking overall responsibility for the screening process. 5 Risk management The organization should only em ploy individuals whose career or history indicates that they would be suitable for the role, given that such employment might allow opportunities for illicit personal gain, or the possibilities of being compromised, or opportunities for creating any other breaches of confidentiality, trust and safety. Technical Bulletin No: 0049 Page 5 of 19 © NSI 2019 NOTE 1 Attention is drawn to UK employment law, commercial insurance cover and the applicable terms and conditions of employment. NOTE 2 In some cases, where the verification procedures cannot be completed sat isfactorily, employment might be prevented, terminated or an employment offer withdrawn. It is emphasized that this is not necessarily an indication of unsuitability; it might simply not have been possible to obtain the required positive evidence. This now provides a more concise requirement. Requirements regarding individuals employed to perform screening tasks have been removed from this clause and are now included in a new dedicated clause (6). 6 Individuals employed in screening 6.2 Training People engaged in screening should be trained for the duties envisaged. Training should fully cover the recommendations given in this British Standard, the essential elements of all data protection legislation and awareness of relevant regulatory requirements. NOTE 1 The organization might wish to consider sending the screening controller and the screening administrator(s) involved in such activities on appropriate external courses organized for this purpose. Training should also cover the implications of not co mplying with this British Standard. NOTE 2 These implications can include breach of contract, legal action, insurance cover, reputational damage and regulatory enforcement. Training should be reviewed at least annually to ensure that competency is maintain ed. Training records should be accurately maintained. All training provided online should be recorded electronically. All other training should be signed by the trainee, countersigned by the trainer and retained. Where a certificate of training is provided by a recognized and relative sector – competent training organization, a copy should be retained. Specific references to the data protection Act and SIA licensing are removed in favour of a more generic reference to relevant regulatory requirements. Trainin g should cover implications resulting from non – conformance to this Standard and be reviewed on an annual basis. W here an official certificate of training is available , it should be retained with the training records. 6.3 Outsourced screening Where any ele ment of the screening process is outsourced, the organization should ensure that the relevant recommendations given in this British Standard are applied. The organization should retain ultimate responsibility for the outsourced screening process and should review the completed screening file in accordance with 7.7. Technical Bulletin No: 0049 Page 6 of 19 © NSI 2019 NOTE The organization is advised to consider the desirability of third – party certification for outsourced screening services. The organization shall retain ultimate responsibility for any outsou rced screening and should review the completed screening file. 7 Screening process 7.1 General The organization should carry out screening in accordance with this British Standard prior to the engagement of individuals for relevant employment or to their being transferred to relevant employment from other duties. NOTE 1 For acquisitions and transfers see Clause 10. Where labour is subcontracted see Clause 8. The organization should ensure that employees already in relevant employment are screened in accord ance with this British Standard. NOTE 2 Attention is drawn to the relevant data protection legislation and the Employment Rights Act 1996 [1]. NOTE 3 It is not a provision of this British Standard that employees already screened to previous editions of BS 7858 are re – screened, provided evidence of previous screening can be clearly demonstrated. NOTE 4 The organization may supply, on request, a copy of all screening records for previously employed individuals to that individual’s new employer. Where a copy o f the screening records is requested, the employee’s express consent is needed. The screening process should be carried out in accordance with this British Standard, regardless of an individual’s previous employment, even if that employment was in a secur e environment. NOTE 5 Attention is drawn to the Rehabilitation of Offenders Act 1974 [2], the Rehabilitation of Offenders (Scotland) Act 1974 [3] and the Rehabilitation of Offenders (Northern Ireland) Order 1978 [4]. NOTE 6 Attention is drawn to new and em erging technologies for assessing the character and suitability of individuals. For some roles it might be prudent to seek additional information using best practice social media and other open source internet checks to provide greater insights and reduce risk. For guidance, see the FCA Financial Crime Guide [5]. Technical Bulletin No: 0049 Page 7 of 19 © NSI 2019 Where any element of the screening process is automated, the recommendations of this British Standard should be followed. It is noted (4) that following an employee’s express consent , a previous employer may supply , on request , a copy of screening records to a new employer. It is also noted (6) that , in addition to the requirements of this Standard, the use of social media and open source internet profiling may be utilised for some rol es. Any element of the screening process that is automated must meet the requirements of the Standard . 7.2 Administration The screening controller should ensure that screening data is held confidentially and stored securely to prevent unauthorized access and alteration. NOTE 1 Attention is drawn to the relevant data protection legislation. NOTE 2 With regard to the storage of electronic data, attention is drawn to the following standards: BS EN ISO/IEC 27001, BS EN ISO/IEC 27002 and BS 7799‑3. The organiza tion’s screening working practices should be regularly reviewed and updated if necessary and should deal with such matters as clearing desks, locking filing cabinets, etc. at the end of the working day; disposing of confidential waste (including spoiled do cuments, etc.); the control of access to data, recordings of telephone conversations, etc. Organizations should maintain the following in electronic or paper format: a) a separate file for each individual subjected to screening. The files of all individual s currently employed but still subject to completion of screening should be identified separately from other employee files; and b) verification progress sheets (or equivalent) for each individual subjected to screening. Where applicable, records should cl early indicate that an individual is conditionally employed but still subject to completion of screening. Records should show prominently the dates on which such employment commenced and is to cease if screening is not completed within 12 or 16 weeks after the date of commencement, dependent on the screening period. Specific references to data protection have been removed from the notes in the clause and replaced with more generic reference to applicable legislation. The requirement to retain the employees screening file during their employm ent is removed from this clause ( see cla use 11 for details of data/file retention ) . Technical Bulletin No: 0049 Page 8 of 19 © NSI 2019 7 .3.2 Information required The organization should request the following information at the appropriate point of the screening process. a) The individual’s personal details including: 1) full name, including forename(s) and surname/family name(s); 2) other and/or previous forename(s) and surname/family name(s) used during the screening period; 3) aliases, i.e. any name(s) used in addition to current or previous name(s) during the screening period; 4) full address history, including “from” and “to” dates, for the past five years; 5) date of birth; 6) National Insurance number; 7) evidence of right to work in the UK; and NOTE 1 For further i nformation, see www.gov.uk/check‑job‑applicant‑right‑to‑work and www.gov.uk/government/publications/acceptable – right – to – work – documents – an – employers – guide . 8) SIA (Security Industry Authority) licence number and expiry date (if held). NOTE 2 SIA licensing ensures that private security operatives are “fit and proper” persons who are properly trained and qualified to do their job. For further information about SIA licensing, refer to www.sia.homeoffice.gov.uk . b) Details of the individual’s education, employment, periods of self – employment (see 7.7), unemployment and gaps in employment (including car eer breaks, etc.) throughout the screening period. NOTE 3 If an individual does not want the organization to contact their current employer until an offer is made, see 7.3.3a). Organizations should extend the screening period to account for: 1) contractual or legislative considerations; and/or 2) specific industry standards. c) Details of all cautions or convictions for criminal offences, including motoring offences and pending actions. Technical Bulletin No: 0049 Page 9 of 19 © NSI 2019 NOTE 4 Attention is drawn to the Rehabilitation of Offenders Act 1974 [2], the Rehabilitation of Offenders (Scotland) Act 1974 [3] and the Rehabilitation of Offenders (Northern Ireland) Order 1978 [4]. d) Details of all bankruptcy proceedings and court judgments (including satisfied), financial judgments in the civ il court made against the individual and individual voluntary arrangements with creditors in line with the relevant screening period. e) An acknowledgement that misrepresentation, or failure to disclose material facts, either during application or througho ut employment could constitute grounds for withdrawal of an employment offer or termination of employment and/or legal action. f) A statement, in writing, authorizing the organization to approach current and former employers, government departments, educat ional establishments, etc. for verification of a continuous record of their career and history (see 7.3.3). NOTE 5 Authorization may be in the form of either a signature or electronic confirmation. For verification of identity of signatories to electronic documents, attention is drawn to the Electronic Communications Act 2000 [6]. NOTE 6 An example of the text that can be used is given in Annex A, Form 3, which can be used as a separate form or as part of the application form. g) A declaration signed by the individual which acknowledges that employment is subject to satisfactory screening, that the individual consents to being screened and will provide information as required, that information provided is correct, and that any false statements or omissions c ould lead to termination of employment (a suitable example is provided in Annex A, Form 3). Note 1 provides a reference to websites where guidance to and checking the status of the right to work in the UK and can be found. The requirement for a character r eference and to obtain the name of a referee has been rem oved from this Standard as it was open to abuse. All bankruptcy proceedings and court judgments should be reviewed for a period in line with the relevant screening period, the 2012 edition required a period of the previous 6 years. It is noted (5) that the Electronic Communications Act 2000 provides detail for the verification of electronic signatures. 7.3.4 Interview Organizations should interview the individual before any offer of employment is made. Technical Bulletin No: 0049 Page 10 of 19 © NSI 2019 The Note in the 2012 edition suggesting a preference for a face to face interview is removed in the 2019 edition. 7.4 Preliminary checks Preliminary checks should, as a minimum, include the following for each individual being screened. a) Establishm ent of a screening file in accordance with 7.2a). b) All information requested in accordance with 7.3.2 has been supplied and a full review of the information provided to confirm that the individual is likely to complete screening. c) Confirmation of ident ity including verification of documents. NOTE 1 Acceptable identity documents are as in accordance with Group A and Group B of the DBS (Disclosure and Barring Service) website: www.gov.uk/government/publications/dbs‑identity‑checking‑guidelines . Wherever possible, the supporting documentation should be photographic, i.e. passport or photo identification driver’s licence. Verification should include visual inspection o f original documents and retention of a copy. The visual inspection should compare details within the document against the physically present individual and check for si gns of tampering or alteration. Organizations should also carry out verification checks according to the following circumstances. 1) Individual holding a valid and current SIA licence: the organization should see the original licence and verify it against the public register of licence holders. The document details should be cross – checked against other information provided by the individual. A copy of the public register search result should be retained on file. NOTE 2 Further verification of identity documents may be carried out at the discretion of the organization. 2) Individual not hold ing a valid and current SIA licence: the organization should be able to demonstrate that they have taken necessary steps to confirm the identity of the individual. A copy of the document(s) produced should be retained in the screening file together with de tails of who examined and copied the original document and evidence of any additional electronic check(s). Details within the document(s) should be cross – checked against other information provided by the individual. Technical Bulletin No: 0049 Page 11 of 19 © NSI 2019 NOTE 3 Further guidance on document veri fication can be found at www.cpni.gov.uk/preemployment – screening . d) Confirmation of current addres s. Copies of the documents should be retained in the screening file, with details of who examined an d copied the original document. Any documents presented to establish proof of address should be checked for authenticity. e) Global watchlist check. Cross – r eferencing the individual’s name(s) against various sanctions, watchlists and fraud databases, including, but not limited to, the HM Treasury’s consolidated list of financial sanctions targets in the UK (see www.hm – treasury.gov.uk/fin_sanctions_index.htm ). NOTE 4 The organization may agree acceptance of risk procedures with their insurers. If a match is found and advice is required, contact th e Office of Financial Sanctions ( www.gov.uk/government/organisations/office‑of‑financial‑sanctions‑implementati on ). f) The individual’s public record information: the organization should establish these details by direct reference through a credit reference agency or its agent. The organization should include the following official public record information in the search: 1) confirmation that the individual is listed on the electoral roll; 2) if not listed on the electoral roll, confirmation that the individual is known at the current address of residence; 3) linked postal address for the previous five years should also be searched to ensure no adverse information is listed; 4) county court judgments (CCJs) including IVAs; 5) bankruptcy orders; 6) aliases; and 7) date of birth. NOTE 5 An individual’s public record information is not a credit check. If an individual has opted out of appearing on the electoral roll, other forms of evidence su ch as recent utility bills, bank statements, etc. should be requested to confirm the individual’s current address of residence. If a concern appears during the search, the individual should be invited by the organization to make representation about the c oncern. If the organization is satisfied Technical Bulletin No: 0049 Page 12 of 19 © NSI 2019 with the individual’s representation and the organization is satisfied that the individual’s financial history does not constitute a risk as described in Clause 5, the following should apply. i) If single or multipl e CCJ(s) are in excess of £10 000 (whether satisfied or not), top management or an authorized person, having reviewed the documentation, signs to accept the risk. ii) If the individual is bankrupt, top management or an authorized person, having reviewed th e documentation, signs to accept the risk. iii) If the individual is or was a director of another organization, top management or an authorized person of the employing organization, having reviewed the documentation, signs to accept the risk. NOTE 6 A Comp anies House search might be advisable. NOTE 7 The organization may agree acceptance of risk procedures on a block or on an individual basis with their insurers. NOTE 8 Attention is drawn to the relevant data protection legislation Some notes have been removed. An additional check is required (e) against Global watchlists , e.g. HM Treasury’s consolidated list of financi al sanctions targets in the UK. It is also noted that organiz ations may request acceptance from their insurance pro vider where a match against a watchlist is found. Acceptable identity documents may be in accordance with Disclosure and Barring Services group A & B document requirements (c) . Where a subject is found to be or have been a director during the screening pe riod , it is no ted (6 & 8) that Companies House may be used as a recourse. 7.5.2 Limited screening In addition to the preliminary checks (see 7.4), the screening file should contain the following. a) Confirmation of a continuous record of career and history (see 7.7) for a minimum period of three years immediately prior to the date of application (or back to the age of 16 if this date is more recent). Evidence can be obtained orally, or by written confirmation or documentary evidence (see 7.7). Where evidenc e is obtained, the identity of the individual and organization supplying the information should be confirmed. When contacted by telephone, the telephone number called should be ascertained independently. A telephone number supplied by the individual being screened should not be relied upon. Technical Bulletin No: 0049 Page 13 of 19 © NSI 2019 b) The name of the screening administrator responsible and the name of the screening controller who reviewed the file to confirm that the limited screening has been completed. NOTE Forms 1 and 2 in Annex A (or other equ ally effective means) are examples that could be used to monitor and record all actions taken and retained in the screening file. Where an individual is offered conditional employment following limited screening but before full screening has been completed , the terms and conditions of their employment should clearly state that confirmed employment is subject to satisfactory completion of full screening within the period allowed (see 7.6) and that conditional employment ends if full screening is not complete d satisfactorily within the time period allowed. Clarity is introduced that the screening checks should be contained in a screening file . The source of any evidence gathered as confirmation of a continuous employment record , be it written or verbal , shall be recorded. The requirement for a Character reference is removed. In addition to recording the name of the screening controller who reviewed and confirmed completion of the limited screening, the name of the responsible screening administrator should also be recorded . 7.6 Period allowed for completion of full screening for individuals in conditional employment Full screening should be completed within the following time periods: a) for 5 – year screening, not later than 12 weeks after conditional emplo yment has commenced; or b) for 10 – year screening, not later than 16 weeks after conditional employment has commenced. Cases extending beyond the maximum time period may be extended by up to four weeks subject to evidence that written requests to verify inf ormation supplied have been made and subject to approval by top management or an authorized person. The decision to extend should be recorded, retained and easily accessible on request. Where screening has not been completed successfully, an individual sho uld not continue in relevant employment. NOTE The extension of the screening period is not intended to be used to cover for a shortage of screening personnel. Technical Bulletin No: 0049 Page 14 of 19 © NSI 2019 The Periods of appropriate screening are now defined as 5 years as a minimum and 10 years where a longer period is required . It is also noted that the provision to extend the duration of the screening process by up to 4 weeks beyond the required times should not be used due to a shortage of screening personnel . 7.7 Completion of screening (verificati on of information) Verification of information should be completed within the period allowed for completion of screening (see 7.6). If an organization acquires the full BS 7858 screening file from a previous employer or an outsourced screening provider, t he screening file of the relevant individuals should be reviewed in accordance with this British Standard and the information provided may be used as confirmation of all or part of the information required [see 7.7a) to j)]. If it cannot be established fro m records that screening in accordance with this British Standard has already taken place for any member of staff in relevant employment, then screening should be undertaken within the screening period (see 7.6), commencing on the date conditional employme nt began. For screening purposes, the organization should establish by direct reference to current and former employers, government departments, educational authorities, etc., with confirmation from them in writing, the details of education, employment, p eriods of self – employment and unemployment of the individual being screened for the whole of the screening period (see 7.6) with no unverified periods greater than 31 days. Where it is not possible to establish by direct reference to current and former em ployers, the organization should follow the additional guidance in obtaining acceptable documentary evidence to verify the relevant period [see 7.7i)]. Where text or other electronic messaging is used, the contact details for the person providing an electronic reference should be verified. This should be through direct contact, and verifying the source and integrity of text messages or emails. Records of how this is achieved should be maintained. For screening purposes, the organization should seek verification of the following, with confirmation obtained in writing and copies retained. a) Date of leaving full – time education: if this falls within the scre ening period, it should be confirmed. b) Periods and type of employment (e.g. full – time, part – time, casual or occasional): these should be obtained from previous employers, although a current employer should not be contacted without the individual’s prior written permission. Technical Bulletin No: 0049 Page 15 of 19 © NSI 2019 Where it is not poss ible to obtain confirmation from a previous employer, the screening administrator should seek documentary evidence to verify the period of employment. Examples of potential evidence should include NI records or two or more different items from: payslips (s tart and finish of a period of employment), P60 for each year, P45 (to show date of leaving), redundancy letter (confirming end of a period of employment), contract of employment (to show start of employment), bank statements (to show regular payment of wa ges/salary), proof of long service, company identification, any correspondence from the employer to the employee over the period. NOTE 1 When undertaking screening, it is important to be sure that the source of information and documentary evidence is genui ne. c) Periods of registered unemployment: these should be obtained from the Department for Work and Pensions (DWP), or other government agencies. If a government department states that records are unavailable, the period for which the record is not availa ble should be treated as an unverified period. d) Periods of self – employment: examples of acceptable evidence include documents from HM Revenue and Customs, banks, accountants, solicitors, trade or client references, etc., as appropriate. e) Career breaks: for periods where an individual has not been in employment and not registered as unemployed, e.g. voluntary career break, stay – at – home parent, unpaid family carer. The screening administrator should establish the reason for the break and request documenta ry evidence to support the explanation. Acceptable evidence should be relevant to the situation. f) Periods of residence abroad: confirmation should be obtained where possible by, for example, approaches to employers, dates obtained from passports and work permits. g) Periods of extended travel abroad (longer than 31 days): for periods where an individual has been abroad, confirmation of dates should be sought by the screening administrator to satisfy themselves that, from the evidence submitted, it is reas onable to conclude that the individual was abroad during the dates specified. NOTE 2 Acceptable evidence could include airline tickets, holiday booking paperwork, visa and passport stamps, card payment/bank statement, currency exchange receipts, mobile pho ne bill, employment references whilst working abroad. h) Career and history record incomplete: where the record of career and history is incomplete, the screening administrator should seek documentary evidence to verify the duration and the reasons for the incomplete record. Acceptable evidence should be relevant to the gap and support the applicant’s explanation for that period. Technical Bulletin No: 0049 Page 16 of 19 © NSI 2019 i) Statutory declaration: only when the screening process in accordance with this clause cannot be demonstrably completed, a stat utory declaration made before a solicitor, commissioner for oaths, notary public or justice of the peace by the individual being screened, may be used as an alternative (see Annex A, Form 4). A statutory declaration should only be used to cover: 1) one unv erified period of no more than six months in the most recent five years of the screening period; or 2) unverified period(s) not exceeding a total of six months in any five – year period in the preceding years where screening is undertaken for a period longer than five years. This procedure should only be used with the prior documented approval of top management. NOTE 3 Form 5 given in Annex A can be used to document the approval of top management. j) The organization should ensure that at least one of the fol lowing is either held by, or has been obtained for, the individual being screened: 1 ) a SIA licence for the appropriate sector (if applicable); 2) a NPCC Appendix C check (police letter) under t he NPCC Security Systems Policy ; or 3) a Disclosure from the appropriate government body . NOTE 4 In the case of a security systems company operating in England, Wales or Northern Ireland, 7.7j)2) would be required unless the company is one that does not need to be registered with the police (for example, a company t hat does not do any police – calling security systems, or is in a police area where the police force does not apply the Appendix C check and the check is not available from other police forces). NOTE 5 Attention is drawn to the obligations set out in the St andard and Explanatory Guide published by the Disclosure and Barring Service [7]. NOTE 6 Where an individual is employed in a position that is likely to bring them into contact with children or vulnerable adults, e.g. child and adult workforce, a higher l evel of disclosure might be necessary. It might be necessary for individuals to provide information about themselves in order to complete the verification procedures. NOTE 7 Effective screening is dependent upon those having knowledge of the individual being screened supplying information and references. It is hoped that individuals and organizations would co – operate in supplying information and references when requested, unless there are good and substantial reasons for not doing so. Technical Bulletin No: 0049 Page 17 of 19 © NSI 2019 An organization sho uld not make an offer of confirmed employment unless full screening has been completed satisfactorily. There is a new entry requiring organiz ations to review and confi rm compliance with the Standard for any BS 7858 full screening file from a previous emplo yer or third party screening service provider. Where a gap is found in the screening file , conditional employment may begin along with the commencement of the screening process. A new entry requires that an individual or organization providing any text or electronic message that is used as part of the screening process must be verified using direct contact, and a record of how this is achieved must also be maintained. The requirement to confirm any fulltime education period has been simplified to requir e an y period of full time education that falls within the screening period. New entry giving guidance on confirming periods of employment where it is not possible to obtain information from a previous employer. New entry detailing requirements where career bre ak periods fall within the screening period. A new requirement for the screening administrator to obtain verification documentation as evidence of any incomplete career history. A statutory declaration used to cover unverified periods in a career history t hat does not exceed a total of 6 months must be approved by ‘Top Management’ by means of a documented approval. The references to ACPO are updated to reference NPCC. 7.8 Review of screening progress The screening controller should operate a systematic administrative system, which ensures that progress is reviewed for each employee throughout the screening period. A verification progress sheet (or other equally effective means) should be used to record the action taken. NOTE an example verification progr ess sheet is given in Annex A, Form 2. This Clause is re – phrased to emphasise the screening progress rather than the screening process. 9 Ancillary staff The recommendations given in this British Standard should be applied to all ancillary staff who have a ccess to sensitive information, assets or equipment. The organization should have in place procedures which ensure that individuals who have not been screened are restricted from having access to sensitive information, assets or equipment. Technical Bulletin No: 0049 Page 18 of 19 © NSI 2019 This requirement now applies to all ‘Ancillary staff’ the 2012 edition restricted the requirement to ‘Ancillary staff’ in relevant employment . 10 Acquisitions and transfers If an organization acquires the business or an undertaking of another organization and the operatio ns of the combined organization are such as to require screening for part or all of the transferring business or undertaking, the screening of all relevant individuals in the transferring business or undertaking should be reviewed. NOTE 1 Where an employee liability information (ELI) document is provided by the transferring organization and meets the recommendations of this British Standard, this may be used as confirmation of employment. If it cannot be established from records that screening in accordance with this British Standard has already taken place for any member of staff in relevant employment, screening should be undertaken within the screening period, commencing on the date of acquisition or transfer of the business or undertaking. Any previously unscreened employee who, as a result of the acquisition or transfer, is employed in a position requiring screening should also be screened in accordance with this British Standard. NOTE 2 Where retrospective screening discloses transferred employees who a re unable to meet the recommendations of this British Standard, attention is drawn to the Employment Rights Act 1996 [1]. NOTE 3 Attention is drawn to the relevant data protection legislation and the Transfer of undertakings (Protection of Employment) Regu lations 2006 [9]. It is noted (1) that an employee liability information document (ELI) provided by a transferring organization that meets the requirements of the Standard may be used as confirmation of employment. Attention is drawn to the Transfer of Undertakings (Protection of Employment) Regulations 2006. 11 Records 11.1 Records of those unsuccessful at preliminary screening The screening file of those unsuccessful at preliminary screening should be retained for a minimum of 12 months and disposed o f securely. New entry . Technical Bulletin No: 0049 Page 19 of 19 © NSI 2019 11.2 Records held during employment The screening file should be retained during employment. New entry. 11.3 Records held after cessation of employment After cessation of employment, the following records should be retained for seven years: a) written provision of information (see 7.3); b) a signed statement in accordance with 7.3.2e); c) proof of identity; d) confirmation of continuous record of career and history; e) verification progress sheet (see Annex A, Form 2) or equivalent; f) employment verification; g) statutory declaration (see Annex A, Form 4); and h) acceptance of risk (see Annex A, Form 5). This clause h as minor changes in line with alterat ions found elsewhere in the Standard and provides requirements for records to be held in the screening file. Annex A (informative) Annex A provides less prescriptive examples of forms that can be used to assist the recording of screening in line with the Standard . Organization s can develop and produce their own fo rms as appropriate to meet the requirements of the Standard .