What is this standard about?
It details how to screen individuals who want to work in “secure” environments, defined as anywhere that an insider could steal or threaten the integrity of data, information, or other physical or intellectual assets; or threaten people’s safety.
Who is this standard for?
The security sector. The security workforce is regulated by the Security Industry Authority (SIA), which draws its powers from the Private Security Industry Act 2001. Organisations wanting to join the SIA Approved Contractor Scheme must demonstrate their compliance to relevant British Standards, including BS 7858. As well, agencies which offer employee screening packages under the Approved Contractor Scheme.
Any organization outside of the security sector which wants to screen people employed in sensitives areas such as critical infrastructure sites and those with access to sensitive information, materials or technology. This might include:
Facilities management companies
Human resource department
Retail sector
Sports/entertainment sector
Local government
Why should you use this standard?
While the vast majority of employees and contractors are honest and act with integrity, organizations are nevertheless sometimes vulnerable to insiders with access, who operate in positions of trust.
Indeed the government’s Centre for the Protection of National Infrastructure (CPNI) warns that almost all physical and electronic attacks can be assisted or conducted by an insider. Some attacks can only be committed by insiders, such as the unauthorized release of proprietary information, or the sabotage of assets that only employees can access. In addition, there are some tactics that insiders are likely to use in the course of preparing or conducting attacks including deliberate attempts to acquire information...