Ongoing Personnel Security guidance
While pre-employment screening helps ensure that an organisation recruits trustworthy individuals, people and their circumstances and attitudes change, either gradually or in response to events.
CPNI’s collection of ongoing personnel security guidance and tools can be used to help an organisation develop and plan effective practices for countering the insider threat and maintaining a motivated, engaged and productive workforce.
The Ongoing Personnel Security - A Good Practice Guide can be used to help an organisation better understand the potential threats from insiders and then take the appropriate measures to mitigate the risk. An Ongoing Personnel Security - Infographic is also available.
The application of good ongoing personnel security principles adds huge value to physical and technical security measures in a cost effective manner, promoting good leadership and management and maximising people as part of the security solution.
Remote and Overseas Working
CPNI has produced guidance to inform employers about the personnel security vulnerabilities of remote working, and a general overview of the overarching principles and key issues when using offshore centre.
More information and guidance can be found on the Remote and Overseas Working page.
Refer to our Contract Staff page to consider how contract staff may pose the same, or differing, security risks and how your organisation can effectively manage the risk of granting contractors access to your sites and assets.
The induction of new joiners is a key entry point at which their perception of security in the organisation is formed. This provides an opportunity to embed the desired security mind-set and behaviour in your employees from the outset, which is important in building and maintaining a good security culture.
Guidance on providing security information during the first 12 months of the employee lifecycle can be found on our Security messages for New Joiners webpage.
The point of exit is a significant stage in the employee lifecycle from a security perspective. There are a variety of reasons why an employee might be leaving an organisation and some of these reasons may give rise to a risk of confidentiality, integrity and availability of critical assets being compromised. Therefore it is important that effective exit and legacy controls are in place to detect and prevent any insider behaviours during the notice period and beyond.
This exit procedure guidance has been designed to support security managers, human resources advisers and others in your organisation responsible for exit procedures to encourage them to implement an effective process which helps to minimise the risks posed by employees leaving an organisation.
The implementation of a formal and thorough procedure for all staff and contractor departures will ensure the appropriate actions are taken to protect the organisation without unduly disrupting the employer-employee relationship.