Contractor guidance

by Mark Rowe

Most organisations use contractors. They typically have the same access to an organisation’s assets, including those deemed most sensitive, as directly-employed employees and yet on some occasions in some organisations, contractors are not always required to abide by the same personnel security requirements. While this may be a business-driven decision, potentially this could leave an organisation open to risk.

CPNI (Centre for the Protection of National Infrastructure) recommends that organisations use the same personnel security measures with contractors as they would with their directly employed staff. But, it is recognised that at certain times, business pressures may force organisations to use reduced or alternative measures. On these occasions, it is up to the organisation to make a risk assessment as to why they need to downgrade their personnel security standards and what alternative measures can be used instead.

Regardless of what decision is made, it is the employing organisation which owns and needs to manage effectively the risk of granting the contractor access to its sites and assets, not the contractor organisation or agency, CPNI point out.

See more at:

Related News

  • Training

    Cyber skills view

    by Mark Rowe

    The same approach to tackling so-called ‘traditional criminal activity’ should be adopted to defeat cyber criminals, according to an audit firm. Serena…


Subscribe to our weekly newsletter to stay on top of security news and events.

© 2023 Professional Security Magazine. All rights reserved.