Scroll to top
Request Consultation
Security Vetting and Background Checks: A Corporate Guide

Security Intelligence

Security Vetting and Background Checks: A Corporate Guide

A practical guide to security vetting and background checks for corporate organisations. Covers the purpose of vetting and the main check types.

Marcus Webb, Security Operations Adviser 10 December 2025 2 min read

Background checks and security vetting are the mechanisms by which organisations verify that the people they are employing, contracting, or partnering with are who they say they are and present an acceptable risk. In the security context, vetting serves two functions: it identifies individuals who may pose an insider threat, and it provides legal and governance protection for the organisation against negligent hiring claims.

The Purpose of Vetting

Organisations vet prospective personnel to:

Verify identity and credentials. Confirm that the person is who they say they are and holds the qualifications and experience they claim. CV fraud is more common than most hiring managers assume.

Identify criminal history. Identify criminal history relevant to the role and the organisation’s security requirements. Not all criminal history disqualifies a candidate, but it should be known and assessed.

Assess financial integrity. For roles with financial access or authority, credit history checks identify individuals with significant financial difficulties who may be susceptible to insider threat.

Verify employment history. Confirm claimed employment history and identify gaps. Reference checks assess professional conduct in previous roles.

Check regulatory lists. For regulated industries (financial services, healthcare, education), check against relevant disqualification or restriction databases.

Proportionality: Matching Vetting to Role Risk

Vetting should be proportionate to the sensitivity of the role:

Standard roles. Identity verification, right to work, employment history verification, reference check, basic DBS check where appropriate.

Roles with sensitive asset access. Enhanced DBS, financial credit check, extended employment history, professional reference from direct line managers.

Security-critical roles (data centre access, executive support, close protection officers). Full employment history, enhanced DBS, credit check, and in some cases, social media screening and additional police checks.

Board-level and senior executive roles. Comprehensive vetting including enhanced DBS, credit check, directorship history, reputational due diligence, and in some sectors, regulatory register checks.

Vetting must comply with:

  • UK GDPR and the Data Protection Act 2018 (lawful basis for processing personal data)
  • The Rehabilitation of Offenders Act 1974 (spent convictions)
  • The Equality Act 2010 (vetting must not be discriminatory)
  • Sector-specific regulations (FCA, CQC, Ofsted, DBS requirements)

For security vetting and background check services for close protection and security personnel, see our executive protection page.

For tailored support on the issues covered here, see our executive protection service and bodyguard hire service.

FAQ

Frequently Asked Questions

An enhanced DBS (Disclosure and Barring Service) check is the most detailed level of criminal record check available in England and Wales. It includes all criminal history including spent convictions, cautions, and in some cases, relevant non-conviction information held by police. It is required (not just recommended) for roles working with children and vulnerable adults. For other roles with access to sensitive assets, enhanced DBS checks are often used as best practice. The DBS check is England and Wales specific; Scotland uses Disclosure Scotland and Northern Ireland uses AccessNI.

It depends on the check type and the role. The Rehabilitation of Offenders Act 1974 (ROA) allows spent convictions to be kept private for standard jobs, but this protection does not apply to certain roles (working with children, financial services, legal, security). For roles where the ROA exception applies, enhanced DBS checks will disclose all convictions regardless of age. Employment history verification and reference checking typically covers the previous 5-10 years depending on the organisation’s policy.

Not automatically. A DBS disclosure requires a considered assessment of: the nature of the offence, how long ago it occurred, whether it is relevant to the role, and any mitigating factors. Blanket policies that reject anyone with any criminal record are generally not compliant with employment law. The assessment should be documented, proportionate, and should give the candidate an opportunity to explain.

Findings should be assessed against the role, with a consistent, documented process and respect for data protection and fair-treatment obligations. A disclosure is considered in context rather than treated as an automatic bar, and candidates are given a chance to explain where appropriate.

For sensitive positions, vetting is not a one-off event: periodic re-checks, clear processes for staff to report changes in circumstances, and monitoring proportionate to the role help manage risk that emerges after hiring. The depth should match the sensitivity of the access involved.
Get in Touch

Request a Consultation

Describe your security requirements below. All enquiries are confidential and handled by licensed consultants.

Confidential. Your details are never shared with third parties.