BS 7858:2019 pdf download

BS 7858:2019 pdf download.Screening of individuals working in a secure environment – Code of practice
5 Risk management
The organization should only employ individuals whose career or history indicates that they would be suitable for the role, given that such employment might allow opportunities for ilicit personal gain, or the possibilities of being compromised, or opportunities for creating any other breaches of confidentiality, trust and safety. NOTE 1 Attention is drawn to UK employment law, commercial insurance cover and the applicable terms and conditions of employment. NOTE2 In some cases, where the verification procedures cannot be completed satisfactorily, employment might be prevented, terminated or an employment offer withdrawn. It is emphasized that this is not necessarily an indication of unsuitability; it might simply not have been possible to obtain the required positive evidence.
6 Individuals employed in screening
6.1 General
The screening controller(s) and screening administrator[s) should be screened in accordance with the recommendations of this British Standard. An individual should not screen themselves. The screening controller(s) and screening administrator(s) should sign a confidentiality agreement (sometimes known as a non-disclosure agreement), covering both the period of employment and post-employment, relating to the disclosure of the organization’ s confidential information and/or material with respect to individuals and employees past, present and future. Where the tasks of interviewing, screening and deciding whether to employ and whether to terminate employment are carried out by separate departments, all departments should be co-ordinated, with particular attention given to the division of functions and authority between each department for internal control purposes. NOTE Attention is drawn to the difference between personal opinion and fact when recording information about individuals. 6.2 Training People engaged in screening should be trained for the duties envisaged. Training should fully cover the recommendations given in this British Standard, the essential elements of all data protection legislation and awareness of relevant regulatory requirements. NOTE 1 The organization might wish to consider sending the screening controller and the screening administrator(s) involved in such activities on appropriate external courses organized for this purpose. Training should also cover the implications of not complying with this British Standard. NOTE 2 These implications can include breach of contract, legal action, insurance cover, reputational damage and regulatory enforcement. Training should be reviewed at least annually to ensure that competency is maintained. particular attention given to the division of functions and authority between each department for internal control purposes. NOTE Attention is drawn to the difference between personal opinion and fact when recording information about individuals.
6.2 Training
People engaged in screening should be trained for the duties envisaged. Training should fully cover the recommendations given in this British Standard, the essential elements of all data protection legislation and awareness of relevant regulatory requirements. NOTE 1 The organization might wish to consider sending the screening controller and the screening administrator(s) involved in such activities on appropriate external courses organized for this purpose. Training should also cover the implications of not complying with this British Standard. NOTE 2 These implications can include breach of contract, legal action, insurance cover, reputational damage and regulatory enforcement. Training should be reviewed at least annually to ensure tha