PERSONNEL SECURITY PRACTICAL ADVICE FOR HR AND SECURITY MANAGERS

Transcription

1 PERSONNEL SECURITY PRACTICAL ADVICE FOR HR AND SECURITY MANAGERS

2 A DELICATE BALANCE Every year brings stories of organisations falling victim to the embarrassing, costly or disruptive consequences of staff misusing their access and privileges. But with the appropriate personnel security measures in place organisations can significantly reduce their exposure to intentional and unintentional insider acts. The Human Resource team has a pivotal role to play, balancing security risks against the need to ensure employees remain able to perform their duties and buy in to any new measures. It is essential that HR executives recognise the vulnerabilities and are in a position to offer advice and best practice to colleagues, amidst potentially difficult and sensitive circumstances. CPNI s range of advice and guidance can help HR and security teams to: About CPNI The Centre for the Protection of National Infrastructure (CPNI) is the government authority that provides advice on protecting the country s essential services, facilities and networks from terrorism and other threats. Though its focus is on securing the national infrastructure energy, transport, health, telecommunications etc. many businesses and organisations can benefit from its general advice for protecting staff, property and IT systems, much of which is available from Identify security measures in proportion to the risk. Reduce the risk of employing personnel likely to present a security concern. Establish that applicants and contractors are who they claim to be. Close down opportunities for abuse of the organisation s assets.

3 Practical security advice for personnel managers Staff who may look to exploit their legitimate access for unauthorised purposes can take a variety of forms: disaffected individuals, activist groups, journalists, competitors, those with links to organised crime or even those involved in terrorism. In many organisations, personnel security is still regarded as a recruitment issue rather than something to address throughout a staff member s time in employment. But ongoing personnel security measures can not only reduce vulnerabilities, they can also encourage a hugely beneficial securityconscious culture amongst staff at every level of the organisation. Identifying the right measures can be a significant challenge involving complex strategic decisions. There are legal and resource implications to consider, whilst implementing the wrong measures can prove costly and disruptive. And then there is the need to ensure changes are transparent and understood at stake is the relationship and level of trust between an organisation and its staff. CPNI advice can help personnel and security teams understand and prepare for the challenges involved. Building on the experiences of the organisations who contribute to our research, our products offer practical tips, checklists and advice to help managers adopt the right personnel measures for their own circumstances.

4 Personnel security: threats, challenges and measures Introductory guidance for those with new security, recruitment or line management responsibilities: What is personnel security Why it is important What is involved Ongoing personnel security Advice and best practice to reduce the risk of insider activity: Engaging with staff Managing contractors and short-term staff Conducting investigations

5 Document verification guidance How to distinguish genuine employee verification documents (passport, qualifications) from forgeries. Pre-employment screening guidance A one-stop guide to best practice for screening applications, including: Authenticating identity Verifying the right to work in the UK Confirming employment history and qualifications Checking criminal records These documents are available to download at Risk assessment for personnel security Using a fictional case study, this guidance document helps security and human resource managers to: Conduct personnel security risk assessments Identify insider threats Prioritise the risks Choose the appropriate counter-measures