Remember me talking about Cerberus , some while ago? Not the three-headed guardian of the underworld, but the new e-forms system that the Defence Vetting Authority launched with great fanfare – well, great fanfare in the world of security clearance, anyway, o actually it was quite understated – to speed up the whole clearance process.
Guess what. It hasn’t actually worked as advertised. Quelle surprise…
121 days ago I clicked “Submit” on my electronic Cerberus application form, having recently started at the current gig for a client that requires genuine clearance . Ever since I’ve been logging on to the portal to see what’s happening, and have always been presented with the somewhat cryptic message “In progress”. Which means my file is still dragging its way through the labyrinthine machinations of the clearance process. For CTC clearance.
(For those of you unfamiliar with the clearance grades, there are basically four levels: BPSS, meaning “You are who you say you are”, CTC, meaning “We know you are who you say you are”, SC, meaning “We really do know you are”, and DV, which means “Not only do we know who you are, but we know who your friends are as well”.)
So CTC is not exactly the most difficult thing in the world to check for. In fact the DVA’s own service level states that they will process 85% of CTC applications in 30 days. So, one might assume, something has gone a little astray. However, I can’t check that since, despite my having access to the Portal to see where I’m up to, I can’t actually ask any questions, that has to come from the sponsor. So that doesn’t really help. Nor does the interesting statistic that DVA are processing 250,000 clearance requests a year. Which seems rather a lot.
So what does this actually mean? Now there’s an interesting question.
The client’s own rules say that I can’t have a building pass without clearance. So I can’t get past the front desk in the morning without an escort, my laptop bag (and carrier bag of Waitrose sandwiches) have to go through the scanner, I can’t get to the coffee shop by myself, I can’t visit the Gents and I can’t get out at the end of the day. I certainly can’t wander down the corridor to talk to my various colleagues about assorted problems, which, given I do Service Design and have to understand the end-to-end details of things, is something of a limitation.
Bizarrely, what I can do is read and review a host of technical information about the client’s infrastructure. I can talk to their staff about requirements, including discussions on access rights to services. In short, I can see all the information that clearance is intended to protect. Which, to be fair, is in the rules; someone has done a risk assessment  and decided I can be trusted with that information. Which I can; after all I’ve held high level clearance before, several times.
And I’m not the only one. Until very recently one of our Technical Design people had the same problem, and he gets a lot closer to the detail than I ever need to.
So a bit of a disconnect in the process them. Basically I can do everything I need to do and read anything I need to read but I can’t be trusted to get to the Gents and back without an escort. And I’m getting just a bit too old to want people to hold my hand while I do so.
But don’t get me wrong. I take this security clearance  issue very seriously indeed. I’ve been closely involved in getting the rules clarified and applied properly for several years. The rules are totally realistic and justifiable and offer a degree of protection that I fully support. But someone somewhere in the client’s security management team really needs to lift their head from JSP440 and apply just a little common sense. Don’t they?
About the author: Alan Watts
Alan has worked in IT for most of the last 35 years, and first went freelance in 1996. He has been a PCG member from its start and has been spreading the message that freelancing is a professional career choice for many years. Alan also runs Malvolio’s Blog, a personal but highly informative take on the life of the modern freelance.
Alan Watts, Principal Consultant, LPW Computer Services 
© 2011 All rights reserved. Reproduction in whole or in part without permission is prohibited.
Image: Unhappy greek toilet  by dan taylor