MI5 guidance on limiting threats from inside your organisation
The UK's intelligence service offers advice on limiting the risk of threats from inside your organisation.
1. Establish the bona fides of potential employees. Ask the individual to provide full name, date of birth and address with a supporting document such as a passport or driving licence with photograph.
2. Ask to see a recent utility bill(s) for the appropriate address.
3. Accept only original documents - copies can conceal tampering.
4. Request proof of academic or professional qualifications.
5. Take up references from school, college, university and previous employers (again, insist on originals), and check with the authors that they are genuine.
6. Ask for details of unspent convictions, where allowed under the Rehabilitation of Offenders Act, 1974. Individuals in England and Wales will soon be able to obtain statements, known as 'basic disclosures', from the Criminal Records Bureau (CRB) on payment of a small fee. In certain circumstances, for example, where the post involves working with children or vulnerable adults, employers who are registered with the CRB may seek details on a job applicant. Remember, however, that a conviction - spent or unspent - need not be a bar to employment.
7. Where relevant, seek proof of right to work in the UK.
8. Remind applicants that supplying false information, or failing to disclose material information, may be grounds for dismissal.
9. Make it easy for staff to discuss their concerns and problems confidentially and informally, and to voice concerns they may have about others. Operate a security awareness programme to remind managers and staff of potential threats, both internal and external, and of their role in countering them.
10. Operate a 'need to know' policy where possible, minimising access to confidential locations, assets or information to only those staff who need it.
11. Consider random searching on entry and exit of staff in particularly sensitive areas, making allowance for the fact that this is intrusive and that staff need to appreciate the reasons for it.
12. Prevent staff from taking unnecessary items such as outdoor coats, large bags, IT equipment or mobile phones into areas where there is sensitive information that could be copied or stolen.
