What is BS7858 Standard?
The British Standards Institution (BSI) has recently revised the British Standard for Security Screening of Security Personnel (BS7858:2004). The new code of practice BS7858:2019 came into effect at the end of September 2020, substituting the revoked BS7858:2012 revised standard, which was rescinded on the 31st March 2020. The BS7858 standard has become progressively more crucial when it comes to the protection of individuals, goods & services, estate, and personal data. The BS7858 safeguards such elements by guaranteeing that the veracity of the person authorised to access such sensitive data is certified and retains as such.
There is a lot of misrepresentation circulating regarding the changes to BS7858 Standard which CRI Group, as the only company in the Middle East and Asian region with an implemented BS 7858:2019 standard and BS 102000:2018 code of practice for investigative services and ISO27001 (Information Security Management System) certification, want to help clean up.
Why is the standard so important?
It is no secret that confidence is key when it comes to the mass of decision ruling. Instilling confidence in its personnel is critical for all organisations and their triumph, particularly when said personnel oversees susceptible individuals, valuable resources or data protection. Organisations have to be able to guarantee that their security personnel have been subordinate to the best meticulous screening process. This ensures pleased clients, as well as pleased personnel as the foundation to a fortunate and reliable organisation, begins from within. The BS7585 aids organisations to avoid scandals such as:
- British Airways (BA): fined £20 million by the UK’s data protection authority over data security failings which permitted unauthorised access to be acquired to private data and payment card information concerning more than 400,000 of its consumers
- Sina Weibo: when hackers stole the private data of 172 million users – this included real names, site usernames, gender, location, and phone numbers. The data was sold on the dark web for a mere ¥1,799 ($250) but caused considerable harm, distress and chaos to the daily lives of Weibo’s users.
- Canva: the Australian graphic design tool suffered an attack that exposed 137 million users email addresses, usernames, names, cities of residence. The hackers also managed to view, but not steal, files with a partial credit card and payment data.
The revised BS7858 has been made clear that the responsibility and accountability for the security and effectiveness of the vetting process rest with the organisation itself and leading management. The BS7858:2019 connects with the move we have seen worldwide to corporate social responsibility and compliance and follows that trend. Other occurrences of the movement consist of instances such as the GDPR (April 2016) and the FCA (Dec 2020) which both expect leading management to be practical in their approach to compliance.
As a significant volume of data requires authentication in a screening process, several organisations may find executing an employee screening and vetting process to be highly complex. Additionally, the degree of evaluation of the applicant’s provisional data must be carried out effectively as well as promptly and include specific checks, such as credit checks or checks against the Financial Services Register.
BSI brought the BS7858 Standard to 2021 with the inclusion of:
Right to Work checks in line with Disclosure and Barring Service (DBS) identity requirements:
In antithesis to common acceptance, the BS7858-compliant vetting checks do not need to include DBS checks. This is due to the fact that the Security Industry Authority (SIA) oversees these criminal record checks as part of an individual’s registration process. Nevertheless, they do continue to be a measure of best practice, and the revised Standard firmly contends in its favour. See 7.3.2 (c) and 7.7. (j) in the 7858 Standard. Organisations can also refer to the SIA’s ‘Get Licensed’ handbook which asserts that when an operative is in connection with children or susceptible adults, the Standard or an alternate heightened degree of admission should be deemed essential.
Global watchlist checks during the application process
7.4 (c) of the BS7858 Standard comprises the compulsory requirement to examine a variety of international watchlists, sanctions and fraud databases. Hitherto to this, the Standard simply asked the examining of the HMG sanctions list.
Social media checks as an advised best practice for pre-and post-employment
Personnel social media posts could generate problems for organisations that are operational in protected and regulated conditions; BSI has updated the BS7858 Standard to consider this matter. The BS7858:2019 Standard urges organisations to complete social media screening pre and post-employment.
Searching for supplementary data utilizing best practice social media and additional open-source internet checks can support your organisation with superior perceptions and decrease your employee risk.
For extra assistance on social media and further knowledge on the perils of social media within your organisation, please see our article and free playbook on “Risks of Cybercrime & Social Media“. A complete Guide on How to Protect Your Organisation and Team!
Other significant changes of the BS7858 Standard:
- Removal of character references
- Approval to passing on pre-employment screening records from vocation to vocation.
- Conditional Offer: Formerly, there were two steps an employer was obliged to follow before making an offer of conditional employment; fulfilling the stipulated preliminary checks and adequately fulfilling limited screening on the subject. The new standard initiated the third element on top of the other two conditions – to commence a risk review and confirm that “the degree of risk in the envisioned employment has been evaluated and is deemed to be acceptable and documented” and consequently, the organisation is happy to extend the offer based on their evaluation and the candidate’s risk profile.
- Preservation of candidates’ background screening records during their employment. Ineffective applicants records can be retained for 12 months while for ex-employees, particular records can be kept for an additional seven years after the employment ended.
- All groups involved in carrying out BS7858 vetting should be prepared for envisioned obligations.
It is clear to see that the BS7858 standard is crucial for employment in not only the security region but each region of employment; pre-employment screening expending the updated BS7858 standards promises that each member of the public, from manual labourers to office workers, can maintain life in a safe environment.
If the new standard still feels a little daunting to you, why not consider booking a free 30-minute consultation with one of our experts here at CRI Group? Our specialists have years of experience and are qualified to offer your organisation personalised guidance to fit your professional requirements. Don’t hesitate, get in touch today and stay ahead of the vetting rules and regulations.
Zafar I. Anjum, is Group CEO of CRI Group (www.crigroup.com), a global supplier of investigative, forensic accounting, integrity due diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London, with offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China and USA, CRI is licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM.
Zafar Anjum, MSc, MS, LLM, CFE, CII, MABI, MICA, Int. Dip. (Fin. Crime), Int. Dip. (GRC)
CRI Group Chief Executive Officer
37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA, United Kingdom
t: +44 207 8681415 | m: +44 7588 454959 | e: firstname.lastname@example.org