Skip to content

Monitoring and Assessment

Monitoring and assessment is an essential element of good personnel security

Last Updated 22 December 2020


CPNI’s Insider Data collection study indicated that some organisations had not made regular or systematic use of their own technical or financial auditing functions to spot irregularities or unusual workplace behaviours.

In other organisations, counter-productive workplace behaviours were known in one part of the organisation, but this was not shared with other sections, resulting in delays in the organisation taking mitigating actions to reduce the risk, allowing insiders to act in the first place, or for some, to continue their activity without detection for longer than necessary.

CPNI advocates a holistic approach to protective monitoring where information about employee risks (physical, electronic audit and personnel data) are brought together under a single point of accountability and governance, to ensure a transparent, legal, ethical and proportionate protective monitoring capability.

This section will help your organisation understand:

  • why your organisation should have monitoring and assessment policies and processes in place
  • what to have in place to check that all workers (and others) are conforming and complying with your policies and systems
  • how to identify individuals who may be posing an insider risk and
  • how to prevent the insider risk turning into an insider act.

It's OK to Say

CPNI research and work with organisations has frequently highlighted the issue of under-reporting or a lack of intervention by employees when counter-productive and/or unusual behaviours are observed in the workplace. Such behaviours have often been seen to be pre-cursors to insider activity or welfare issues.

The It's OK to Say programme has been developed on the basis of in-depth end-user research with large organisations across the critical national infrastructure and follows the principles of CPNI’s ‘Embedding security behaviours: the 5 Es’. A number of materials have been produced as part of this programme – organisations should take care to ascertain the pre-requisites before implementation in order to gain maximum impact. We would not, for example, recommend running the animation without setting the context of the threat.

Additional Resources

The pages below provide further information. In particular see the Investigation and Disciplinary page for information on how to investigate employees of concern.

Follow this link to visit the Legal Considerations for Employee IT Monitoring page.

Did you find this page useful? YesNo
Thank you for your feedback. If you have any further suggestions on how this information can be made even more useful to improve your experience, feel free to share details below.
Thank you for your feedback. Sorry to hear that you haven't found this information useful. Please help us improve your experience and share how we can make this information more useful for you.