This is the old Department for Transport website. Content on this website (www2.dft.gov.uk) has not been updated since 10 June 2011. Up to date content is available from the redeveloped Department for Transport website www.dft.gov.uk. More about the redevelopment of the DfT website.

Summary of Transport Personnel Review

Contents:

Introduction - Terms of Reference
The Wider Context
Recommendations:
Personnel Security and Risk Assessment: the Way Ahead
Demonstrating Identity
National Security Vetting
Previous Employment References
Gap References
Criminal Records Checks
Contractors and Sub-Contractors
Ongoing Personnel Security
The Role of the Department for Transport
Sources of Advice on Personnel Security

Introduction

Terms of Reference

The terms of reference of the review, which were announced by the Secretary of State for Transport on 17 December 2007, are to establish whether:

  • the existing transport personnel security arrangements are correctly aligned to the terrorist threat;
  • the measures now taken to check employees are effective and proportionate, and if not, what changes might be made;
  • such differences as there are between similar fields are justified by the circumstances, and if not, what changes might be made.

The review has embraced the whole of the transport industry in the UK - sea, land and air - including those parts of it operating internationally and under foreign ownership or control. It is not confined to those parts of the industry presently subject to security requirements. It also includes firms providing services which are integral to transport – such as in-flight catering in aviation and maintenance engineering on the railways.

It defined personnel security as arrangements:

  • designed to check the identity, history and integrity of members of staff,
  • at the time of recruitment and subsequently,
  • to mitigate the risk that, through acts of terrorism, those people will endanger their colleagues or members of the public, or the assets of their employer or of others, using their employer's assets for that purpose. By endangering assets we mean not only physical attack but theft, including of information, action taken deliberately to harm the employer’s interests and the violation of IT systems;
  • enabling the employer, the Government or other public agencies to take appropriate action in those cases where there is insufficient assurance about an employee's identity, history or integrity or where a potential or actual employee appears to present an unacceptable risk.

This document summarises the main recommendations of the review.

Alongside these broad conclusions, the review made a number of more specific recommendations relating to individual modes and industry sectors. These are not set out in this summary, as they deal with the detailed mechanics of the UK's transport security regime, however they will form the basis for the Department for Transport's future dialogue with the industry. [Back To Top]

The Wider Context

The insider threat is varied and unpredictable. Personnel security measures therefore must mirror this in terms of flexibility and adaptability. This is why personnel security is multi-faceted, and its component parts can sometimes appear complex.

However, the principles of personnel security are actually straightforward. Firms need to take an end-to-end approach, starting at job application stage, and continuing throughout a successful applicant’s employment. At its most basic, personnel security requires thinking about what harm an employee could cause, and doing something to prevent it happening.

In dealing with people, it is vital that the decisions made and measures put in place are lawful, rational and fair. Risk assessment for personnel security is the key to achieving this. It also supports good business by making sure that money is spent wisely, and on the application of proportionate measures that will best counter the threat.

There is much scope for doing personnel security superficially, and badly. But risk assessment is not simply a process. Pre-employment screening and ongoing personnel security measures are not just a set of business procedures. To fully realise the security benefits requires careful and detailed consideration by the relevant experts, both in industry and government.

Personnel security is but one element of a wider protective security regime. It will never remove the need for robust physical and information security measures. But without it a firm’s wider security situation is unbalanced. Terrorists who are intent on causing harm will seek to exploit any gaps in security. It is important a firm’s employees do not become its weak point. As physical and electronic security measures – the protection from external attack – become more sophisticated, the risk that terrorists will consider the use of an insider to achieve their aims may increase. The priority the DfT and industry place on personnel security thus needs to increase in order to respond to potential changes in the nature and extent of the threat.

This is a relatively new discipline, and government and industry are still learning and developing best practice. The recommendations in this report therefore represent an opportunity to capitalise on what is already known and understood, and to take full advantage of new knowledge as it develops. Although they will never provide a 100% guarantee for personnel security, they aim to strengthen where there is weakness, and ensure all reasonable steps have been taken to protect industry and the public from the threat from the terrorist insider.

The review did not cover the transport aspects of civil nuclear safety, which is subject to a separate regulatory regime under the responsibility of the Secretary of State for Business, Enterprise and Regulatory Reform. Nor did it cover the transport by the Ministry of Defence (MOD) of its own munitions and other hazardous material. It did however take into consideration the transport of MOD material by private road and rail companies. [Back To Top]

Recommendations

Personnel Security and Risk Assessment: The Way Ahead

The Department for Transport should therefore open dialogue with the industry on the establishment of risk based analysis on personnel security. This will not be a quick process, but it underpins all the more detailed recommendations that follow, many of which point to a way forward subject to the detailed assessment of risk. [Back To Top]

Demonstrating Identity

The Department for Transport, in conjunction with CPNI, IPS and UKBA, should:

  • discuss with the industry how best to promulgate advice on the steps which can be taken to raise the standards of verification of official documents;
  • consider how it can introduce these higher standards of document verification through the exercise of its powers in the regulated parts of the industry, and incorporate those standards in the compliance inspection regime;
  • consider for the non-regulated parts of the industry how document verification standards might be applied, either through regulation or voluntarily.

The UK identity card for airside workers is a useful addition to identity assurance and, following its introduction, the Department for Transport and Home Office should consider its introduction for categories of staff in other parts of the transport industry, in the light of risk assessment. [Back To Top]

National Security Vetting

Future judgements on the application of national security vetting in the transport industry should be based on risk assessment.

The Department for Transport, in conjunction with the Cabinet Office, should engage with individual firms whose staff have or will have Counter-Terrorism Checks (CTCs) to consider the extension of the three year duration of the check. It should do this when it is satisfied that the ongoing personnel security and possibly “after-care” arrangements are satisfactory, in the light of other security checks which might be made, and subject to the assessment of risk.

In addition, to reduce CTC timescales:

  • the DfT and the Security Service consider increasing the number of staff involved in processing CTCs from their respective resources;
  • the DfT could consider lending enough staff to the Security Service to accelerate the latter’s part of the process;
  • the DfT and the Security Service explore whether charging for CTC applications could be introduced in the longer term;
  • the DfT reassesses the risk associated with the dispensation allowing airside staff to be deployed pending CTC clearance.

Consideration should be given, in the light of risk assessment, to checking the names of certain employees against security records, at a frequency which also reflects the assessment of risk. [Back To Top]

Previous Employment References

The checking of employment references should remain as part of pre-employment screening and the reference period time scales should be determined in the light of risk assessment. [Back To Top]

Gap References

With regard to the aviation industry, the Department for Transport should:

  • examine other kinds of information which might provide adequate assurance for gaps in an applicant’s employment or educational record;
  • reconsider the period (currently 14 days) for which gap references should be required;
  • on a risk assessed basis develop further proposals for discussion with the industry.

The Department should also consider the use of gap references in areas other than aviation. [Back To Top]

Criminal Records Checks

It is recommended that, subject to risk assessment:

  • the existing requirement for restricted area pass holders in aviation to undergo a Criminal Records Check (CRC) should be retained;
  • the position of other groups of transport staff should be subject to risk assessment;
  • the existing basic CRC should be retained;
  • the Department for Transport should engage with the three UK criminal record organisations so as to facilitate any future moves to introduce periodic CRCs that parts of the industry might seek.

The Department for Transport, in consultation with the industry, should introduce a requirement to obtain foreign CRCs or the nearest equivalent information in cases where CRCs are compulsory for the UK. In so doing, it should take into account: the need for risk assessment, which may point to proceeding with specific categories of staff rather than across the board; that it would not be unreasonable to decide to proceed only with new staff and not those already in post; and that it might be sensible to introduce the policy voluntarily and to build on the experience of those firms already requiring foreign CRCs so that details could first be worked up and problems ironed out flexibly. Any eventual statutory requirement could thus reflect actual industry experience. [Back To Top]

Contractors and Sub-Contractors

It is recommended that in principle:

  • DfT personnel security requirements should apply to all the firms (principal and contracting) whose activities are integral to the operation of major transport activities on a day-to-day basis;
  • that these firms should be subject to DfT inspection in their own right; and that the DfT’s compliance activities should be focused accordingly. [Back To Top]

Ongoing Personnel Security

In its future dealings with industry on personnel security, the Department for Transport should ensure that it gives sufficient prominence to the various components of ongoing personnel security, and that it considers how best to promulgate the forthcoming CPNI advice on ongoing personnel security to the industry at large, and not just those parts subject to regulation.

The police and Security Service, in conjunction with the Department for Transport, should develop their policies so that firms with employees about whom there are security concerns can receive a consistent approach and constructive advice about how to respond to those concerns brought to their notice or confirmed by one of these organisations.

The Department for Transport should ensure the promulgation of the forthcoming CPNI advice relating to the security implications of the behaviours of staff to the transport industry and follow it up in the development of policy and in compliance inspections. [Back To Top]

The Role of the Department for Transport

The Department for Transport should develop a clear position on the strategic role that personnel security will play in the future, leading to a rebalancing between its physical and personnel security priorities, and that it articulates its conclusions to the industry as a whole.

It should also consider how to change industry’s perception of its lack of understanding of commercial issues, and whether it would be practicable and fruitful to arrange short or long term secondments to that end. [Back To Top]

Sources of Advice on Personnel Security

In relation to those parts of the industry where the risk is assessed as being sufficiently high, the Department for Transport should actively promulgate the CPNI advice on personnel security and make explicit that this is the standard which it will follow in future, including for compliance purposes.

The CPNI should, in collaboration with DfT, consider in its coverage of the national infrastructure whether it could do more to reach out to transport firms to advise and educate on personnel security.

The CPNI should, in collaboration with DfT, consider whether it can tailor its personnel security advice more specifically to fit particular needs, for example transport firms with high turnover workforces or those with a significant proportion of staff from outside the UK.

The CPNI should, in collaboration with DfT, consider whether fuller use could be made of its existing methods of communication as a means of enhancing practice on personnel security, including conveying a clear understanding of the threat to which it responds. 

[Back To Top]