We are pleased to share with you the publication of the Security Controls Framework (SCF) V1.22. Both tracked Changed Versions and clean versions can be found on the website.
We have updated the SCF Part 2 Appendix B, specifically G4.2 and G4.3, to reflect the implementation of the BS7858:2019 standard.
Users will be able to take a risk-based decision on a length of time that is appropriate before re-screening employees to the 2019 standard. The User CIO will expect to see a policy and procedure for screening User Personnel in line with the latest version of BS7858 (or equivalent); a policy and procedure for reviewing the prior screening file of User Personnel received to ascertain whether the screening is in accordance with BS7858 (or equivalent); and evidence that the individual who would be conducting the screening has themselves been screened to BS7858 (or equivalent) or a higher standard (such as HMG Security Check or Developed Vetting).
To confirm the BSI standard specifies that any screening completed prior to 31st March 2020 remains valid and rescreening is not required. All screening that occurs after 31st March 2020 will be required to align to the BS7858:2019 standard, those organisations using BPSS screening may need to re-align their practices with the new standard.