Personnel Security (PERSEC) still remains a challenge for DISP Members.
The Defence Industry Security Program normally requires a security clearance at some level to work on defence projects and get access to sensitive information – but not at Entry Level.
We have discussed some of the existing deficiencies relating to AS4811 here.
But what can Governance, Risk and Compliance Teams do, to fully meet:
AS4811 Suitability Screening – The objective is to ensure the integrity, identity and credentials and to provide assurance that they are worthy of trust.
ISO/IEC 27001:2013 A.7.1 – To ensure that employees and contractors are suitable for the roles for which they are considered. “When an individual is hired for a specific information security role, organisations should make sure the candidate can be trusted to take on the role.”
ISM P10: “Only trusted and vetted personnel are granted access to systems, applications and data repositories” and Security Control 0434 “Personnel undergo appropriate employment screening, and where necessary hold an appropriate security clearance, before being granted access to a system and its resources.”
A security clearance is the official status given to someone that has been checked and vetted for the eligibility and suitability to access and work with security classified resources. It gives access to certain the know how & know why information, with the higher the clearance corresponding with higher national security sensitivity.
Whether your candidate is eligible and suitable to hold a security clearance is only determined after certain levels of assessments and background checks. These assessments are done to ensure that people entrusted with access to security classified information or resources are trustworthy.
As a part of the new DISP rules, a DISP member can sponsor their own workforce’s security clearance.
Here are the two most common questions we hear about Security Clearances:
1. How can our candidates can get a Security Clearance?
A Security Clearance can only be processed through www.agsva.gov.au via DOSD. An individual cannot sponsor a clearance personally. The Security Officer is able to nominate people for clearances against a specific project and uses their own security designated position register.
2. How long does it take to get a security clearance?
Generally, the duration varies. Depending on the type of clearance required and traceability of the individual’s history it can take weeks, months or years. That is alot of risk.
Clearance Subjects – we recommend that you:
- Disclose all relevant and required information.
- Cooperate in the collection of personal documentation and corroborating evidence.
- Answer questions fully and honestly and
- Provide accurate information and personal documentation.
Usually it is only Australian citizens with a verifiable background that are eligible for an Australian government security clearance. One will be asked to provide evidence of Australian Citizenship details. Additionally, people who have stayed more than 12 months outside of Australia must be verified from independent and reliable sources. These background checks are done inside the vetting process.
Some Clearance Subjects are expected to be assessed as suitable to obtain and maintain the highest-level clearance: a Positive Vetting (PV) security clearance. Minimum mandatory check list for a PV clearance to establish person’s suitability include:
- Verification of identity
- Background checks
- Financial probity checks
- Referee checks
- Digital footprint checks
- Psychological Assessment
- Security Interview
To consider whether the Clearance Subject is suitable to hold a security clearance, at any level, they need to possess and demonstrate an appropriate level of integrity and are not vulnerable to influence or coercion. The specific character traits are:
Due to the time delays and the process itself. The employment contract conditions may include the terms –
“Subject to a security clearance being obtained and retained through ASGVA.”
The table above indicates that the higher the clearance type, the higher the risk of the clearance subject not getting a clearance. The stats are clear: Not everyone can get a national security clearance. And complex (adverse) cases add 5x delay onto the process. So a DISP company would wait months and months to get receive an outcome for the employee to start work. However, the ANAO said in December 2020 that there is a 20%-25% probability that the candidate will never start employment with you.
What can a Security team and/or HR do to make sure that the candidate they choose will be able to get through the national security vetting process smoothly and without delays?
Many delays can be avoided by “Pre-Vetting” Candidates. In other words, anticipate a national security clearance outcome before it begins.
An easy way to do this is to add this phrase into the job ad “Must be willing to undergo a background suitability screening process through Cleard life.”
Imagine it in this way: when the hiring manager or recruiter settles on the top one, two or three shortlisted candidates, they go through the Cleard life check using official vetting officers and deliver the overall result which acts as actionable intelligence, saving the risk of complex cases and time delays.
So when the defence industry company sponsor a security clearance application, HR and the Security Officer can have the peace of mind and confidence that the company has done what it can to reduce the risk of an adverse or unfavorable clearance decision or protracted process. It also raises the companies PERSEC capability through a robust, scalable third party solution – at any clearance level.
We partner with you so that your company and the candidate does need to not need to unnecessarily ‘duplicate’ the screening process (ie. we won’t ask for ID verification etc).
“It is important that all organisations in the Defence sector adequately screen their personnel, regardless of DISP. The guidance in the protective security documentation and the Australia Standards should help companies with reviewing recruitments and mitigating against issues in seeking Commonwealth security clearances. Different companies have different levels of experience in security, and some indeed may benefit from a suitability assessment service as promoted by Cleard Life.”
Andrew Dowse AO
Director, Defence Research and Engagement (Edith Cowan University)
Former Head of ICT Operations and Strategic J6 (Department of Defence of Australia)
Former Director-General, Integrated Capability Development and Capability Plans (Department of Defence of Australia)
Former Director-General, Strategy and Planning (Royal Australian Air Force)
The Australian National Audit Office noted that there was a 1:4 – 1:5 chance that your clearance subject (CS) will not get an AGSVA clearance – even at the Baseline level. Talk to us about your DISP-related pre-employment screening and help you make the right risk decisions and reduce those risks. Talk to us about our Cleard PLUS facilitation program that ‘speeds up‘ and ‘smooths out‘ the official security clearance process. It includes (a) pre-vetting advice to the employer (to anticipate a national security clearance outcome) before the e-pack is started and (b) provides help, advice & support to the CS, so that they don’t cancel unnecessarily.
DISP Member: Are Your Personnel Security (PERSEC) Measures (AS 4811 2006) Suitable?