1.0 Introduction

Many roles within defence and public sectors require prospective candidates to undergo security checks before the assignment can begin. This article will provide a brief outline of the security vetting these prospective candidates may undertake. This process is collectively known as national security vetting (NSV), and gets progressively more intrusive the higher the security clearance you require.

The first part of the article provides a brief history of security vetting and what what the United Kingdom Security Vetting organisation is. The second part will look at what security clearance is, who needs it, and how to get it. Part three outlines the various levels of security clearance, giving a brief outline of each followed by renewals, transfers, and stopping a security clearance. Part four provides information on topics such as STRAP, the role of referees, and working before getting a security clearance.

1.1 Brief History

In its 2015 National Security Strategy and Strategic Defence and Security Review, the UK Government announced that it would establish a single vetting provider.

Thus, UKSV was established in January 2017, following a merger of previous vetting services by the:

• The Foreign and Commonwealth Services (FCOS) National Security Vetting, part of the then Foreign & Commonwealth Office (FCO); and
• The Defence Business Services (DBS) National Security Vetting, part of the Ministry of Defence (MOD).

Following the merger, UKSV was part of the MOD, although security vetting policy was set by the Cabinet Office. Since April 2020, UKSV has been part of the Cabinet Office’s Government Security Group (an aspect of the Government Security Function).

Consequently, the Cabinet Office now has responsibility for all elements of security vetting, from operational delivery to policy. Some elements of the transition from the MOD have not been fully completed and UKSV is still managing legacy elements of the transition. This includes reducing its reliance on the MOD’s IT infrastructure as well as opening its own enquiry centre as service enquiries were being routed through the MOD.

• In February 2022, the NSV process was updated to include Accreditation Checks (for airport/air carrier personnel);
• In December 2022, the NSV process was updated to include Level 1B, which is taking over the Counter-Terrorism Check.

1.2 What is United Kingdom Security Vetting?

United Kingdom Security Vetting (UKSV) is the single government provider of NSV. They are the centre of excellence for security vetting and enable government to protect citizens and provide vital public services, by understanding and managing security risks.

UKSV is part of the Cabinet Office.

2.0 Background to Security Clearance

2.1 What is Security Clearance?

Security clearance is required by the UK Government to ensure that people working with ‘sensitive assets’ (whether physical, personnel, and/or information) do not pose any risk to national security by having access to these assets.

As such, it aids employers and employees to identify, manage, and mitigate risks for roles where national security concerns are a consideration. This will continue for as long as the individual holds a security clearance.

Risks for roles include protecting against threats from:

• Hostile intelligence services;
• Terrorist groups;
• Organised criminals; and
• Other pressure groups.

2.2 Who Needs Security Clearance?

Security clearance is required for anyone with any access to government assets. This means all civil servants, members of the armed forces, temporary staff in departments, and government contractors generally.

• It will allow access to UK OFFICIAL assets and occasional access to UK SECRET assets;
• It is required to work in areas where SECRET and TOP SECRET information may be overheard; and/or
• It is for individuals who require access to Public Services Network (PSN).

You will also need to be STRAP inducted (refer to 4.1 below).

2.3 How do I get Security Clearance?

If a role requires you to be security cleared, the necessary checks will be arranged by the hirer (refer to sponsor at 4.2 below) and carried out through a government agency (e.g. MOD). As a minimum, you will be asked to:

• Prove your identity (including your nationality and immigration status (right to work));
• Complete a Criminal Record Declaration Form (unspent criminal record); and
• Employment history (usually the three previous years).

Higher levels of clearance may require more intense background checks, including:

• Your criminal record (spent and unspent);
• A credit reference check; and
• A security service check.

These checks are conducted to help the hirer identify areas of risk in relation to the security clearance you are applying for. With this in mind, depending on the level of security clearance your role requires, you may be asked about:

• Your nationality, including any periods of residence or connections overseas.
• Whether your spending is sustainable.
  • It is understood that people may have debts and credit agreements to manage.
• Your mental and physical wellness.
  • But only so far as it is strictly relevant to risk management.
  • It is very unusual for any health considerations to be a cause for concern.
• Any aspects of your life or identity that you keep private.
  • Asked in the strictest confidence.
  • Only asked to understand if there is a risk of somebody using this against you maliciously.
• How you manage family connections, associations and friendships, including who might have a significant influence on you.
  • Only asked to understand if there is a risk of this influence being inappropriate.
• For civil and crown servants, whether any information you post online publicly is consistent with the civil service code and similar guidance.
  • It is understood that most people have a significant social media footprint.

Points to note:

• For legal and policy reasons, security clearance is not available on demand.
• Instead, an individual must be put through the security clearance process by a “sponsor” (refer to 4.2 below).
• This will typically be either the immediate private employer (whether self-employed or employee) or the government department engaging that individual.
• The sponsor is officially the holder of the security clearance, not the individual.
• Some organisations are what is known as ‘LIST X’ sponsors.
  • This status is given to companies that are trusted and need to clear large volumes of individuals.

2.4 NATO Clearance Notification Requests

Requests for a NATO Clearance must be submitted through the NSVS Sponsor Portal at the earliest opportunity to ensure it is provided on time. If a sponsor has an urgent request, they should email UKSV-NATOs.Group@cabinetoffice.gov.uk with ‘NATO request’ in the subject line.

Further, individuals who handle classified information owned by other international partners (e.g. the European Union (EU) or foreign governments) are also subject to specific arrangements and controls. This is termed Personnel Security Clearance (PSC).

In the UK, a PSC access to international partner classified information is based upon the individual holding a valid SC or DV (including eSC and eDV) security clearance (refer to 3.0 below for levels of security clearance).

2.5 What is Information Security?

• All information that government deals with has value.
• The government handles the wide variety of information that it generates, collects, processes, stores and exchanges appropriately to ensure:
  • The confidentiality of citizen data and commercial information;
  • Good government and the effective and efficient delivery of public services;
  • The proper protection of national security-related information; and
  • That obligations to international partners are met.
• The government expects its partners in the wider public sector, suppliers and other commercial partners who handle information on the government’s behalf to do the same.
• The government operates a Classification Policy to identify and value information according to its sensitivity and to drive the right protections.
• This comprises three levels:
  • OFFICIAL: This covers most of the day-to-day business of government, service delivery, commercial activity and policy development. OFFICIAL information can be managed with good commercial solutions that mitigate the risks faced by any large corporate organisation. In this way government can deliver securely and efficiently, and shape its services to meet the user needs.
  • SECRET: This information will typically require bespoke, sovereign protection.
  • TOP SECRET: This information will typically require bespoke, sovereign protection.
• The effective management of information is critical to safeguarding it.
• As such government organisations will consider good information management practice as the basis for their information security arrangements.

2.6 A Simplified Outline of the Process

The following is a simplified version of the NSV process as noted in the National Audit Office’s (NAO’s) 2018 report:

• Application process started:
  • Applicants must be sponsored by a valid sponsoring organisation.
  • Individual completes and submits application form to UKSV.
• Case created:
  • Official conducts pre-assessment to ensure all required information is present.
• Evidence gathered:
  • Checks against third-party databases are automatically conducted.
    • For example, the police national computer, national security database, and databases managed by credit reference agencies.
  • Interviews conducted (if necessary).
    • All Developed Vetting cases require interviews, whereas interviews are only conducted in special circumstances for Security Check cases.
  • Additional checks conducted (if necessary).
    • May include, for example, medical assessments.
• Evidence assessed.
  • Output generated (report of findings, recommendation or decision)
  • Sponsoring organisation will select one of three outputs:
    • A report of the evidence gathered, so that the sponsoring organisation can make a decision as to whether the applicant is successful or not.
    • A recommendation from UKSV as to whether the applicant should be successful or not.
    • A decision from UKSV as to whether the applicant is successful or not.
• Application:
  • Successful.
  • Unsuccessful, possibility of appeal.

2.7 How Long Will The Process Take?

The time frame for the overall process varies between individuals based on the level of security clearance they require and their personal circumstances (i.e the personal information they give and the background checks performed).

You may be interviewed fairly quickly, but once the interview has been completed it is normal for there to be a prolonged period of silence whilst work takes place in the background.

Individual’s, and their sponsors/hirers, can speed up the process by ensuring that all of the information required is available and submitted to UKSV in a timely manner.

On 07 September 2018, the NAO published a report on the UKSV process, with a follow-up report published on 16 Janaury 2023. Statistics from the 2023 report:

• 7%: The percentage of Developed Vetting (DV) clearances processed within UKSV’s 95-day target in April 2022 (as of November 2022 it was 54%).
• 15%: The percentage of Counter Terrorist Check (CTC)/Security Check (SC) clearances processed within UKSV’s 25-day target in September 2022 (as of November 2022 it was 36%).
• 255: The average number of days DV renewals clearances were taking to clear in November 2022 against a 200-day target.
• Since 2018-2019, UKSV has received an average of:
  • 164,700 CTC and SC clearances per year; and
  • 17,900 DV clearances per year.
• Complete 85% of CTC/SC clearances in 25 days (last met in July 2021 and fell to a low of 15% in September 2022).
  • In 2022-2023, 72% of SC clearances took longer than 25 days.
• Complete 85% of DV clearances in 95 days (last met in May 2021, fell to a low of 7% in April 2022).
  • In 2022-2023, nearly one-third (30%) of DV clearances have taken more than 180 days to process.
  • In 2019-2020, less than 4% took more than 180 days.

2.8 Avoiding the Most Common Errors

It is important to note that those submitting security questionnaires, generally, make some form of error, with the most common being:

• Not entering full name, including middle name(s), or other names you have been known by.
• Not correctly entering place of birth.
• Failing to add full details of all previous UK and overseas addresses.
• Failing to add full contact details (phone and email address).
• Marital status details (husband, wife, partner).
• Parent details.
• Employment and supervisor details.
• Criminal convictions.

UKSV advises that you should check your security questionnaire for accuracy and completeness (“even the post codes”).

Refer to the attached UKSV document for detailed information/advice.

3.0 Levels of Security Clearance

There are four levels of personnel security control currently available:

• Level 1: Baseline Personnel Security Standard (BPSS).
• Level 2: Counter-Terrorism Check (CTC)/Level 1B (L1B).
• Level 3: Security Check (SC).
• Level 4: Developed Vetting (DV).
• Accreditation Check (AC).

Points to note:

• The BPSS is not a security clearance whereas the CTC, SC, and DV are all formal security clearances obtained through the NSV process.
• CTC, SC, and DV also require the successful completion of the BPSS.
• It is important to note that individual’s are not allowed to disclose their level of security clearance online or on social media profiles.

Level	Outline
BPSS	1. This category includes the BPSS and the Enhanced Baseline Standard (EBS) (discussed below). 2. These are generally used as pre-employment checks. 3. The first simply ascertains the trustworthiness and reliability of a prospective candidate and the second acts as a pre-cursor to more in-depth security clearance levels.
CTC/L1B	1. This is carried out if an individual: a. Is working in proximity to public figures; b. Requires unescorted/unrestricted access to certain military, civil, industrial or commercial establishments assessed to be at particular risk from terrorist attack; c. Will be working with sensitive data or materials; and/or d. Is vulnerable to terrorist attack. 2. Normally valid for 10 years.
SC	1. Determines that an individual’s character and personal circumstances are such that they can be trusted to work in a position that involves long-term, frequent and uncontrolled access to SECRET assets. 2. This is the most common level of clearance and is for those candidates who would require access to SECRET assets or occasional controlled access to TOP SECRET assets. 3. There is also Enhanced Security Check (eSC; discussed below). 4. Normally valid for 10 years.
DV	1. This is the highest level of security clearance. 2. This is carried out if an individual: a. Will have substantial unsupervised access to TOP SECRET assets; b. Will be working with intelligence and security agencies; and/or c. Will have long term, frequent, and uncontrolled access to TOP SECRET information. 2. There is also DV Renewal and Enhanced DV (eDV) (both discussed below). 3. Normally valid for 7 years.
AC	1. For those who require an Airport Identification Card or UK Air Carrier Crew Identification Card. 2. UKSV started processing AC from 01 January 2022. 3. Normally valid for 5 years.

“Enhanced SC and enhanced DV are additional types of clearance which provide levels of assurance above SC and DV respectively, but neither is frequently used. Enhanced SC sits between SC and DV in terms of assurance.” (NAO, 2023, p.14).

3.1 Baseline Personnel Security Standard (BPSS)

“The HMG Baseline Personnel Security Standard (or ‘BPSS’) describes the pre-employment controls for all civil servants, members of the armed forces, temporary staff and government contractors generally. (Cabinet Office, 2018, p.4).

It is important to understand that the BPSS underpins the NSV process, and is “the mandatory pre-employment controls to address problems of identity fraud, illegal working and deception generally.” (Cabinet Office, 2018, p.4). It is usually the responsibility of the organisation’s human resources (HR) function.

• All individuals are subject to BPSS.
  • Prior to the NSV process (other than in exceptional circumstances).
  • Where individuals are appointed in posts overseas (e.g. staff engaged locally), and the BPSS cannot be applied, all possible related verification checks must be carried out as part of the recruitment process.
• All individuals are subject to unspent criminal record check.

As the BPSS describes the pre-employment screening controls for government, there is no requirement for these checks to be applied retrospectively where assurances have already been obtained or are in place to allow for access to government assets.

The BPSS allows an individual access to sensitive assets on a need to know basis, with the following table outlining what an individual can and cannot be allowed access to.

Access To

No Access To

1. Access to OFFICIAL assets of UK origin. 2. Occasional access to SECRET assets of UK origin in the normal course of business or during conferences or courses or briefings. 3. Custody of a small quantity of SECRET assets. 4. Entry to areas where SECRET assets are stored. 5. To work in areas where SECRET and TOP SECRET information might be overheard. 6. To use equipment capable of handling SECRET information, provided that access controls are in place. 7. User access to the Public Services Network (PSN).

1. Access to, or knowledge or custody of, assets classified CONFIDENTIAL or above, belonging to another country or international organisation (e.g. NATO). 2. An overseas agent for a contractor to have access to, or knowledge or custody of, assets classified SECRET or above, in which case a Security Check (SC) is required. 3. Access to a restricted site during an overseas visit. 4. Access to any SECRET codeword material or TOP SECRET material. 5. Logical access to the PSN (e.g. administrators who have the capability and opportunity to attack the system).

Generally, an individual must not start work until the BPSS has been satisfied.

• Employment must not commence until identity and an entitlement to undertake the work in question have been established as a minimum.
• In exceptional circumstances only (e.g. where delays would have a detrimental effect on the organisation’s business), conditional appointments may be made where they have been risk assessed and the outcome recorded.
• In all cases, the BPSS must be completed as soon as possible thereafter and certainly within three months of the employment commencing.

The Cabinet Office (2018, p.9) also suggests that contractors and agency staff should also be subject to “the same degree of checking as permanent government employees…”, whether conducting supervised or unsupervised work, and both pre- and post-appointment. This may be written into a contract for services. The National Protective Security Authority provides information on the ‘Insider Threat’.

The BPSS comprises verification of the following four core elements:

1. Identity (including name, date of birth, address, and national insurance number).
2. Nationality and immigration status (including an entitlement to undertake the work in question).
3. Employment history (for the past three years, including employers name, address, and dates).
   • Education details and/or references when the individual is new to the workforce, when these are considered necessary.
4. Criminal record check (unspent convictions only).
5. Other non-core elements include:
   • Overseas Check: required to give a reasonable account of any significant periods (6 months or more in the past three years) of time spent abroad.
   • Internet check.
   • Overseas criminal record check.

At each stage of the BPSS, any information collected should be reviewed, assessed, and then recorded on the BPSS Verification Record. If an individual refuses to provide any of the required information, this should be taken into account during the employment decision.

3.2 Enhanced Baseline Standard (EBS)

The BPSS is the recognised standard for the pre-employment screening of individuals with access to government assets. It is not a formal security clearance but its rigorous and consistent application underpins the NSV process for the CTC/ L1B, SC and DV.

Some organisations may seek references and include other enquiries (for example health), in addition to the BPSS, as part of their recruitment process.

3.3 Accreditation Check (AC)

The AC is for individuals who are to be employed in posts which:

• Require an Airport Identification Card or UK air carrier Crew Identification Card which provides unescorted access to the security restricted area of UK airports.
• Provide UK aviation security training.
• Undertake the validation of air cargo security standards overseas for carriage of cargo to the UK.

AC checks involve:

• Identity;
• Employment, education and any gaps during, at least, the preceding five years;
• Unspent criminal record; and
• A check against records held by the UK Government or its agencies.

The AC is normally valid for up to five years, provided the sponsor organisation complies with the ongoing provision of data, as required by aviation security regulations. Where this is not done, an AC clearance is valid for 12 months.

3.4 Counter-Terrorism Check (CTC)

The CTC is for individuals who are to be employed in posts which:

• Involve proximity to public figures assessed to be at particular risk from terrorist attack;
• Give access to information or material assessed to be of value to terrorists; and/or
• Involve unescorted access to certain military, civil, industrial or commercial establishments assessed to be at particular risk from terrorist attack.

CTC checks involve:

• Successful completion of the BPSS;
• Completion, by the individual, of a security questionnaire;
• A departmental/company records check which might include, for example personal files, staff reports, sick leave returns, and security records;
• A check of both spent and unspent criminal records; and
• A check of security service (MI5) records if there are any unresolved security concerns about the individual or if recommended by the security service, the individual may also be interviewed (see 4.3 below).

For CTC and above, the individual must report any changes in circumstances to their line manager, personnel security team, or security controller/manager, and can include:

• Living with someone new (as a civil partnership, married or unmarried couple), a divorce, your financial situation, or conflict of interests (e.g. loyalties or personal relationships potentially at odds with your project/work);
• Receiving a criminal conviction, or being arrested or cautioned by the police (including military police, if relevant);
• Living in shared accommodation and a new co-resident (aged 18 or over) moves in (requires revalidation and is for DV only);
• A change of nationality; and/or
• Any information you believe could potentially affect your security clearance should be reported.

3.5 Level 1B (L1B)

UKSV is currently working on a transformation of the security clearance levels. The aim of this transformation is to enhance an individual’s experience throughout the vetting process by further streamlining processes where possible. From the 31 October 2022, L1B was introduced, which will eventually supersede CTC in line with the transformation of national security clearance levels (refer to 3.4 above).

3.6 Security Check (SC)

The SC is for individuals who are to be employed in posts which:

• Require them to have long-term, frequent and uncontrolled access to SECRET assets and/or occasional, supervised access to TOP SECRET assets.
• And for individuals who:
• While not in such posts, will be in a position to directly or indirectly bring about the same degree of damage;
• Will have sufficient knowledge to obtain a comprehensive picture of a SECRET plan, policy or project;
• Are being considered for employment where it would not be possible to make reasonable career progress without security clearance for access to SECRET assets; and/or
• Require access to certain levels of classified material originating from another country or international organisation.

SC checks involve:

• Successful completion of the BPSS;
• Completion, by the individual, of a security questionnaire;
• A departmental/company records check which will include, for example personal files, staff reports, sick leave returns, and security records;
• A check of both spent and unspent criminal records;
• A check of credit and financial history with a credit reference agency
• A check of security service (MI5) records;
• Exceptionally, if there are any unresolved security concerns about the individual, or if recommended by the security service, the individual may also be interviewed (see 4.3 below);
• In the event of any unresolved financial concerns, the individual may also be required to complete a separate financial questionnaire so that a full review of personal finances can be carried out; and
• Checks may extend to third parties included on the security questionnaire.

“In recognition of the operational needs of the Naval Service [includes Royal Navy and Royal Marines], the technical sophistication of Naval Service platforms and equipment and the unpredictability of future maritime tasks, all Naval Service personnel are security vetted to a minimum of Security Check (SC) level.” (Royal Navy, BR3(1), 2017, p.63-5).

3.7 Enhanced Security Check (eSC)

The eSC is for individuals who are to be employed in posts which:

• Allow regular uncontrolled access up to SECRET assets and occasional, controlled access to TOP SECRET assets.
• It is used for specific roles where an additional level of assurance is required over SC, but not to DV level.
• Available only to those in specific roles, including the holders of:
• Posts in which there is a requirement to access SECRET code word material;
• Posts that have been designated as requiring eSC because of the level of access they confer to certain specified information systems; and/or
• Certain overseas posts that have been assessed as exposing the holder to a significant espionage threat and/or have a lower than average level of management oversight.

eSC checks involve:

• Successful completion of the BPSS;
• Completion, by the individual, of a security questionnaire, financial questionnaire, and internet questionnaire;
• A departmental/company records check which will include, for example personal files, staff reports, sick leave returns, and security records;
• A check of both spent and unspent criminal records;
• A check of credit and financial history with a credit reference agency;
• A check of security service (MI5) records;
• A detailed interview conducted by a trained investigating officer (see 4.3 below);
• Checks may extend to third parties included on the security questionnaire; and
• The full review of personal finances will include an assessment of an individual’s assets, liabilities, income and expenditure both on an individual basis and taking into account the joint position with a spouse or partner.

3.8 Developed Vetting (DV)

The DV is for individuals who are to be employed in posts which:

• Require them to have frequent and uncontrolled access to TOP SECRET assets or require any access to TOP SECRET codeword material.
• And for individuals who:
• While not in such posts, will be in a position to directly or indirectly bring about the same degree of damage;
• Require frequent and uncontrolled access to Category I nuclear material; and/or
• Require access to certain levels of classified material originating from another country or international organisation.

DV checks involve:

• Successful completion of the BPSS;
• Completion, by the individual, of a DV security questionnaire;
• A departmental/company records check which will include personal files, staff
• reports, sick leave returns. and security records;
• A check of both spent and unspent criminal records;
• A check of credit and financial history with a credit reference agency;
• A check of security service (MI5) records;
• A full review of personal finances;
• A detailed interview conducted by a trained investigating officer (see 4.3 below);
• Further enquiries, including interviews with referees (see 4.4 below) conducted by a trained investigating officer;
• Checks may extend to third parties included on the security questionnaire; and
• The full review of personal finances will include an assessment of an individual’s assets, liabilities, income and expenditure both on an individual basis and taking into account the joint position with a spouse or partner.

3.9 Enhanced Developed Vetting (eDV)

The eDV is for individuals who are to be employed in posts which:

• An additional level of assurance is required above DV.

It can only be requested by a small number of sponsors and with the prior agreement of UKSV and the Cabinet Office.

eDV checks involve:

• Completion of a DV security questionnaire (including a family and travel element);
• A check of both spent and unspent criminal records;
• Security services (MI5) check;
• Credit reference check;
• Financial investigation;
• Applicant interview (see 4.3 below);
• Supervisor/Line Manager interview;
• Referee interview (see 4.4 below);
• Checks may extend to third parties included on the security questionnaire; and
• The full review of personal finances will include an assessment of an individual’s assets, liabilities, income and expenditure both on an individual basis and taking into account the joint position with a spouse or partner.

Introduced in 2014, “initially informally known to as “DV Plus”” (Royal Navy , BR3(1), 2017, p.63-5).

3.10 Developed Vetting (DV) Renewal

If you already hold a DV clearance you will be required to renew your clearance at intervals of no more than 7 years and more frequently if the risk owner has set a shorter validity period. Your sponsor will initiate a DV renewal. This carries the same mandatory checks as a DV clearance but may exclude the referee interview.

DV Renewal checks involve:

• Successful completion of the BPSS;
• Completion, by the individual, of a DV security questionnaire;
• A departmental/company records check which will include personal files, staff
• reports, sick leave returns, and security records;
• A check of both spent and unspent criminal records;
• A check of credit and financial history with a credit reference agency;
• A check of security service (MI5) records;
• A full review of personal finances;
• A detailed interview conducted by a trained investigating officer (see 4.3 below);
• Further enquiries, including interviews with referees (see 4.4 below) conducted by a trained investigating officer;
• Checks may extend to third parties included on the security questionnaire; and
• The full review of personal finances will include an assessment of an individual’s assets, liabilities, income and expenditure both on an individual basis and taking into account the joint position with a spouse or partner.

3.11 Cabinet Policy Regarding Security Clearance Reviews

It is Cabinet Office policy that security clearances must be formally reviewed after:

• 10 years for CTC, L1B, SC, and eSC (5 years for non-List X contractors); and
• 7 years for DV and eDV (3 years for non-List X contractors).

However, the risk owner:

• Has the discretion to review a security clearance at any time up to that point;
• May adopt a policy of issuing shorter security clearances to a particular category of employee (for example, armed forces reservists or sub-contractors) as mitigation for a lower level of day-to-day personnel security oversight; and/or
• May carry out an early review in individual cases where a specific risk has been identified.

3.12 Aftercare/Security Appraisal Form (SAF)

Initial security clearance checks can only provide a snapshot at the time they are performed. Therefore it is essential that an individual’s security clearance is actively maintained inbetween any normal reviews (refer to 3.11 above). This is termed aftercare, and is (in part) facilitated via the SAF.

The SAF is completed by all holders of an eSC, DV or eDV, and by their supervisor, annually. Exceptionally, the SAF can be extended to holders of CTC, L1B, and SC.

Anyone, not just security officers, can also raise actual or potential concerns about an individual who holds security clearance via an Aftercare Incident Report (AIR) submitted through the NSV portal. This online form can be submitted anonymously or by a named individual.

3.14 Transferring a Security Clearance

For those individual’s who hold a security clearance, there may be a requirement to continue to hold the security clearance (either at the same or lower level) when they move to another organisation. For example:

• A government employee leaves the organisation and joins a different government department.
• Service personnel leave one branch of the armed forces and transfer to another service or moves on to a role in defence industry or as a MOD civilian.
• An employee of a defence contractor moves to another job and is employed by a different contractor.

In these situations, the new employing sponsor must submit a request to UKSV for the security clearance to be transferred. The ‘Transfer’ request allows UKSV to assess whether the clearance is eligible for transfer and enables the outcome to be recorded against the correct sponsor. The request can be for the security clearance to be at the same level issued to the original sponsor or at a lower level, based on the needs of the new sponsor. An example of this would be when the SC element of a DV clearance is needed by the new sponsor. It is for the sponsor to set out what is required and for UKSV to consider whether the request for transfer can be met.

Where an individual holds DV clearance which has expired, or is no longer required, the underlying SC element can be extracted to extend the expiry date at a lower level of clearance. This can be arranged through the individual’s sponsor (where required).

It is important to note:

• Clearances do not transfer automatically. It is at the discretion of the hiring organisation, following an assessment of relevant information;
• No more than one year can have elapsed between leaving one organisation and joining another which requires security clearance; and
• Residence overseas for more than 6 months (within the one year period) may be a factor.

The AC operates a different system.

3.15 Leaver Notification

• When a holder of a security clearance departs from an organisation, a Leaver Notification Form should be submitted via the NSVS Sponsor Portal.
• The reason for leaving must be provided, to ensure that any potential security issues are recorded.
• The security clearance will be lapsed upon submission of a Leaver Notification, but may be eligible for reinstatement if the individual transfers to another security cleared role within 12 months.

3.16 Industry Security Notices

Industry Security Notices (ISNs) are a means for defence personnel to highlight security changes or information to industry and contractors.

You can find relevant documents and ISNs here (gov.uk).

4.0 Miscellaneous

4.1 What is STRAP?

• “STRAP Security is a set of nationally agreed principles and procedures to enhance the “need-to-know” protection of sensitive intelligence (and related operational information) produced by the principal UK Intelligence Agencies, include MOD sources.” (MOD, 2001, p.17.3).
• STRAP is a codeword, not an acronym.
• The STRAP system adds value to the standard security measures employed for intelligence matters (i.e. TOP SECRET, SECRET, etc.).
• There are three levels, in ascending order of sensitivity and access control:
  • STRAP 1.
  • STRAP 2.
  • STRAP 3.
• STRAP Security Officers (STRAPSO) oversee the implementation of the approved STRAP security measures with the MOD and other government departments/agencies.

4.2 What is a Sponsor?

As part of the process, you will need a sponsor – usually a member of the HR function or company security controller. Your sponsor must confirm that your role requires security clearance and that they have carried out the BPSS. Once these checks have been made, your sponsor will create your clearance application and you will receive a link to fill out a security questionnaire.

If you are a civil servant or serving in armed forces, your sponsor will be allocated once it is decided that you need clearance to carry out your role. If you are a contractor, you will not be sponsored unless the company that is employing you (or you yourself, if you are a consultant) are contracted, or are in the process of being contracted, to work on one or more specific classified projects.

Now you may be thinking, why do I need a sponsor? The government states that being security cleared does not provide a guarantee of future reliability and all security clearances are kept under review to ensure that the necessary level of assurance is maintained. This review is carried out by government departments and government sponsored contractors who are responsible for the oversight and aftercare of individuals granted a security clearance.

Your sponsoring organisation will own the security clearance, so it is their responsibility to inform UKSV when you no longer need security clearance for your role, or you have left the organisation.

4.3 The Interview

The interview is a routine aspect of the eSC, DV, and eDV vetting process, but is occasionally applied for those undergoing CTC, L1B, or SC vetting.

The interview usually takes approximately three hours, but can last longer. It generally takes place during working hours is a via video call, although some are face-to-face. If face-to-face, the interview will take place at a Cabinet Office location nearest to you, although (generally under exceptional circumstances) it may take place at your home address (e.g. as a reasonable adjustment if you have health/mobility issues). You can ask a friend, colleague, or relative to attend the interview (but remember that you may have to discuss sensitive topics with them present).

A routine eSC, DV or eDV interview will cover all aspects of your life. At the interview, the vetting officer will build as complete a picture of you as possible. The purpose of this is so the government can make an informed assessment that you will be able to cope with access to sensitive information or assets at the highest levels and will not become a security risk and a threat to national security. Key themes include:

• Your loyalty, honesty and reliability, and identifying any vulnerabilities that could lead you to being bribed or blackmailed;
• Your wider family background (relationships and influences);
• Past experiences of drug taking (if any);
• Financial affairs;
• General political views;
• Foreign travel; and
• Hobbies.

If you are asked to attend an interview in relation to a CTC, Level 1B or SC application, the interview will usually cover a specific area of your life, but may extend to include questions asked in a full DV interview.

Some of the questions asked may feel intrusive, and you may be embarrassed or ashamed to answer them. However, vetting officers are not wanting answers to make moral judgements on past/current experiences/lifestyle choices, they are assessing the potential/actual effect on security risk. You may be embarrassed by something you did, but the vetting officer may find that is has little or no security significance, and it will generally not stop or restrict the granting of a security clearance. However, if you fail to inform the vetting officer of an embarrassing incident which they subsequently find out about, this brings into question your honesty and integrity and this may stop the granting of a security clearance.

As well as interviewing you, a vetting officer will also interview the most appropriate supervisors and referees you have nominated on your security questionnaire. You will not be notified when these are due to take place, so it is important to make sure your supervisors and referees are aware that they may be contacted and that you have provided their most up to date contact details.

You will also be asked to bring along a range of documents to the interview (your vetting officer will inform you which ones):

• General documents:
  • Evidence of identification, for example: birth certificate, passport (also required as evidence of travel), driving licence, identity card
  • Utility bills (for proof of address)
  • Curriculum Vitae (CV)
  • Deed Poll or certificate of declaration in respect of any change of name
  • Naturalisation or registration certificate
  • Adoption certificate
  • Marriage certificate/civil partnership documents
  • Conditional Order, Decree Nisi, Final Order or Decree Absolute
  • Separation or maintenance orders
  • Armed force discharge certificate.
• Financial documents (for you and your partner):
  • Bank statements for any current accounts (last three months)
  • Statements for credit, charge and store cards (last three months)
  • Statements for mail order accounts (last three months)
  • Details and statements of all loans and hire purchase agreements
  • Latest mortgage statement, including monthly repayments and remaining balance
  • Details of any County Court Judgements
  • Last three pay statements or payslips
  • Documents and statements connected with savings and investments
  • Any other documents which support or help to explain any figures on the Financial Questionnaire.

4.3 The Role of Referees

As part of the NSV process, the individual will be asked to choose some character referees who:

• Have known you well for a significant, recent period in your life; and
• Will be able to provide UKSV with information about you (the person being vetted).

A person cannot be compelled to be a referee, it is purely voluntary.

The referee will have to undertake an interview, which:

• Is usually conducted through a video call;
• Usually takes about one hour;
• Will cover most areas of the vetted individual’s life;
• Will consider the vetted individual’s loyalty, honesty, reliability, and whether they could be at risk of bribery or blackmail; and
• Will ask about the vetted individual’s wider family background, past experiences, health, sexual relationships and behaviour, drinking habits, experience of drug taking, financial affairs, general political views, hobbies, and foreign travel, etc.

4.4 Can I Start Work Prior to Getting Security Clearance?

Some individuals may start work whilst a security clearance is being processed in some instances (with appropriate supervision, with the pre-employment check (BPSS) or lower levels of NSV).

4.5 The Decision

The role of NSV is to determine if you will present a security risk and, in making a decision, the UKSV will take into consideration a range of factors.

• The decision on whether to grant you security clearance will be taken either by UKSV, the department or police force that requires you to hold it, or by a security unit that carries out this task on behalf of several departments.
  • The (designated) decision maker will access the UKSV Case Management System (CMS), which manages and processes all vetting cases, and is restricted to holders of SC or above.
  • The CMS allows decision makers visibility to all of the information linked to a vetting case on which to base their clearance decision.
• With this in mind, the assessment of your suitability to hold clearance will take into account all relevant information gathered during the NSV process, both favourable and unfavourable. These factors are carefully considered along with the security requirements of your role.
• The process will consider whether or not any adverse information is serious enough in itself to justify refusing or withdrawing a security clearance. If any information of security concern is discovered about you, the assessor will consider a range of factors including (where relevant) whether you have been as open as possible about it and whether you have resolved the issue, or it appears likely that you will resolve it favourably.
• When someone’s conduct raises security concerns, the factors that the assessor will consider include:
  • The seriousness of the conduct;
  • How often it has been committed the circumstances, including the reason why it took place;
  • The risk that it will make the individual vulnerable to pressure or exploitation; and/or
  • What it implies about their trustworthiness and reliability.
• When considering the security significance of personal circumstances or behaviour that can lead to vulnerability, the assessor will not allow personal and cultural bias to affect their judgement. Personal circumstances or behaviour only become of security significance if they cause vulnerability to pressure or improper influence or may cause a clearance holder to commit security breaches.
• If you are denied clearance (refer to 4.6 next), or if your clearance is withdrawn, you will be informed and if possible provided with reasons. If you are eligible to launch an internal or external appeal, you will be informed of the process. There is no requirement in law to inform someone who is being recruited by a new employer why they have been refused employment if the decision has been made on security grounds. They will be told if possible, but considerations of national security or confidentiality may prevent this.

4.6 When Can a Security Clearance be Refused or Withdrawn?

A security clearance may be refused or withdrawn where:

• There are security concerns related to an individual’s involvement or connection with activities, organisations, or individuals associated with the threats outlined in 2.1 (above) (or any similar new threats that emerge);
• Personal circumstances, current or past conduct, indicate that an individual may be susceptible to pressure or improper influence;
• Instances of dishonesty or lack of integrity cast doubt upon an individual’s reliability; and/or
• Other behaviours or circumstances indicate unreliability.

You have the right to appeal if your security clearance is refused or withdrawn.

4.7 The Appeal Process

• All government departments and other government organisations making NSV decisions are required to have an internal appeal process for people who have had a clearance denied or withdrawn.
• The right of appeal is available to the organisation’s employees (including members of the armed forces, in the case of the MOD) and to anyone who is working for it under contract, either directly or as an employee of a contracted company.
• It is not available to an applicant for employment when no job offer has been made.
• If you are refused clearance or have it withdrawn, the organisation that has made the decision should tell you whether you have the right to appeal.
• If so, they will explain the process you will need to follow.
• Depending on the organisation concerned, this may consist of two stages, with the opportunity for a further internal review at a higher level if your appeal is turned down at the first hearing.
• Once there has been an internal appeal, you will be notified in writing whether or not your appeal has been accepted.
• If your internal appeal is denied, you will be told as much as possible about the reasons why you have been judged unsuitable to hold a security clearance.
• You will then have the opportunity, if you wish, to submit a final appeal to the independent Security Vetting Appeals Panel (SVAP).
• If you decide to appeal to SVAP, you must inform them of your intention in writing within 28 days of receiving the result of your internal appeal.
• The Secretariat will explain the Panel’s procedures to you.

4.8 What If I Refuse to Undergo a Check?

“It is consistent with data protection legislation that an individual’s refusal to undergo an essential check where there are no alternatives could lead to a refusal of employment. In such cases, individuals should be made aware that it will not be possible to take them on should they refuse. This is distinct from making a particular check a condition of employment where it may not actually be necessary. From a legal point of view the important considerations are (i) that checks are carried out uniformly on a non-discriminatory basis and (ii) that privacy rights, where relevant, are respected.” (Cabinet Office, 2018, p.8).

4.9 Joint Personnel Administration

Service personnel have their security clearance level held electronically on the Joint Personnel Administration (JPA) computer system. It shows the security clearance level an individual holds as defined by the UKSV.

Summary

This article provides an outline of the national security vetting process of the UK Government to mitigate risks against personnel who have access to ‘sensitive assets’ (whether physical, personnel, and/or information).

Useful Information

• Guidance:
  • National Security Vetting Solution (NSVS) Portal: Guidance for Sponsors.
  • National Security Vetting Solution (NSVS) Portal: Guidance for Subjects.
  • National Security Vetting Solution (NSVS): Guidance for Applicants.
  • National Security Vetting Solution (NSVS): Sponsor Account Registration Guidance.
• Information:
  • UKSV National Security Vetting: Vetting Information Leaflets:
  • Referees Information Leaflet.
  • Personnel Security and Vetting Guide – A Guide to MOD Contractors.
  • Personnel Security and Vetting Guide.
  • Aftercare Information for Holders of National Security Clearance.
• Forms:
  • Change of Personal Circumstances Questionnaire: Change of Nationality.
  • Change of Personal Circumstances Questionnaire: Criminal Conviction/Arrest/Caution.
  • Change of Personal Circumstances Questionnaire: Financial Issues.
  • National Security Vetting: Change of Personal Circumstances.
  • National Security Vetting: Security Appraisal Form.
  • Financial Questionnaire: NSV003.
  • National Security Vetting: CTC, Level 1B and SC Completing Your Security Questionnaire.
  • National Security Vetting: DV Completing Your Security Questionnaire.
• Code of Practice:
  • Developed by the The Association of Independent Professionals and the Self Employed (IPSE) Security
  • Clearance Forum.
  • Describes the UK Government’s and the recruitment industry’s shared commitment to ensuring vetting requirements are applied fairly.
• Joint Service Publication (JSP):
  • JSP 440 – The Defence Manual of Security. Chapter 17. Volumes 1, 2 and 3. Issue 2. October 2001.
  • Superseded by JSP 440 – Defence Manual of Security, Resilience and Business Continuity (Industry Security Notice Number 2022/05).
  • The STRAP System was fully explained in the 2001 version of Volume 5 of JSP 440.
• Organisations:
  • Cabinet Office Government Security Group (part of the Government Security Function).
  • Government Security Profession main webpage.
  • National Protective Security Authority (NPSA).
  • United Kingdom Security Vetting (UKSV).
  • United Kingdom Visas and Immigration (UKVI).

References

Cabinet Office (2018). HMG Baseline Personnel Security Standard: Guidance on the Pre-Employment Screening of Civil Servants, Member of the Armed Forces, Temporary Staff and Government Contractors. Version 6.0 – May 2018. Available from World Wide Web: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/714002/HMG_Baseline_Personnel_Security_Standard_-_May_2018.pdf. [Accessed: 26 April, 2023].

Cabinet Office (2022) HMG Personnel Security Controls. Version 6. Available from World Wide Web: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1112598/20221031-HMG-Personnel-Security-Controls-V6.0-October-2022.docx.pdf. [Accessed: 26 April, 2023].

MOD (Ministry of Defence). (2001) JSP 440 – The Defence Manual of Security. Volumes 1, 2 and 3. Issue 2. Available from World Wide Web: https://www.scribd.com/doc/36913699/The-Defence-Manual-of-Security. [Accessed: 07 May, 2023].

NAO (National Audit Office). (2018) Investigation into National Security Vetting. Available from World Wide Web: https://www.nao.org.uk/reports/investigation-into-national-security-vetting/. [Accessed: 07 May, 2023].

NAO (National Audit Office) (2023) Investigation into the Performance of UK Security Vetting. Available from World Wide Web: https://www.nao.org.uk/reports/investigation-into-the-performance-of-uk-security-vetting/. [Accessed: 26 April, 2023].

UKSV (United Kingdom Security Vetting) (2023) United Kingdom Security Vetting. Available from World Wide Web: https://www.gov.uk/government/organisations/united-kingdom-security-vetting. [Accessed: 26 April, 2023].