Risk assessment for personnel security – a guide is the title of a document available free from CPNI (the Government Centre for the Protection of National Infrastructure).
The CPNI says that personnel security risk assessment focuses on employees, their access to the organisation’s assets, the risks they could pose to the organisation and the sufficiency of countermeasures. It is the foundation of the personnel security management process. It is also crucial in helping security and human resource managers communicate to senior managers the risks to which the organisation is exposed.
Very often, clear rationales for the use of particular personnel security measures are lacking and resources are not targeted in a proportionate way. CPNI’s personnel security risk assessment guidance, which is illustrated using a fictional case study, aims to help security and human resource managers to:
conduct personnel security risk assessments in a way that balances pragmatism with rigour
prioritise the insider risks to an organisation
identify appropriate countermeasures to mitigate against those risks
allocate personnel security resources in a way that is cost effective and commensurate with the level of risk.
You can download the full 44-page document from the what’s new section of the CPNI website: