Tag Archive | "ID checks"

I can’t be trusted to get to the Gents and back without an escort


Remember me talking about Cerberus, some while ago? Not the three-headed guardian of the underworld, but the new e-forms system that the Defence Vetting Authority launched with great fanfare – well, great fanfare in the world of security clearance, anyway, o actually it was quite understated – to speed up the whole clearance process.

Guess what. It hasn’t actually worked as advertised. Quelle surprise…

121 days ago I clicked “Submit” on my electronic Cerberus application form, having recently started at the current gig for a client that requires genuine clearance. Ever since I’ve been logging on to the portal to see what’s happening, and have always been presented with the somewhat cryptic message “In progress”. Which means my file is still dragging its way through the labyrinthine machinations of the clearance process. For CTC clearance.

(For those of you unfamiliar with the clearance grades, there are basically four levels: BPSS, meaning “You are who you say you are”, CTC, meaning “We know you are who you say you are”, SC, meaning “We really do know you are”, and DV, which means “Not only do we know who you are, but we know who your friends are as well”.)

So CTC is not exactly the most difficult thing in the world to check for. In fact the DVA’s own service level states that they will process 85% of CTC applications in 30 days. So, one might assume, something has gone a little astray. However, I can’t check that since, despite my having access to the Portal to see where I’m up to, I can’t actually ask any questions, that has to come from the sponsor. So that doesn’t really help. Nor does the interesting statistic that DVA are processing 250,000 clearance requests a year. Which seems rather a lot.

So what does this actually mean? Now there’s an interesting question.

The client’s own rules say that I can’t have a building pass without clearance. So I can’t get past the front desk in the morning without an escort, my laptop bag (and carrier bag of Waitrose sandwiches) have to go through the scanner, I can’t get to the coffee shop by myself, I can’t visit the Gents and I can’t get out at the end of the day. I certainly can’t wander down the corridor to talk to my various colleagues about assorted problems, which, given I do Service Design and have to understand the end-to-end details of things, is something of a limitation.

Bizarrely, what I can do is read and review a host of technical information about the client’s infrastructure. I can talk to their staff about requirements, including discussions on access rights to services. In short, I can see all the information that clearance is intended to protect. Which, to be fair, is in the rules; someone has done a risk assessment and decided I can be trusted with that information. Which I can; after all I’ve held high level clearance before, several times.

And I’m not the only one. Until very recently one of our Technical Design people had the same problem, and he gets a lot closer to the detail than I ever need to.

So a bit of a disconnect in the process them. Basically I can do everything I need to do and read anything I need to read but I can’t be trusted to get to the Gents and back without an escort. And I’m getting just a bit too old to want people to hold my hand while I do so.

But don’t get me wrong. I take this security clearance issue very seriously indeed. I’ve been closely involved in getting the rules clarified and applied properly for several years. The rules are totally realistic and justifiable and offer a degree of protection that I fully support. But someone somewhere in the client’s security management team really needs to lift their head from JSP440 and apply just a little common sense. Don’t they?

About the author: Alan Watts

Alan has worked in IT for most of the last 35 years, and first went freelance in 1996. He has been a PCG member from its start and has been spreading the message that freelancing is a professional career choice for many years. Alan also runs Malvolio’s Blog, a personal but highly informative take on the life of the modern freelance.

Alan Watts, Principal Consultant, LPW Computer Services

© 2011 All rights reserved. Reproduction in whole or in part without permission is prohibited.

Image: Unhappy greek toilet by dan taylor

Posted in alan's blogComments (0)

One day, sanity will prevail. But I suspect I’ll have retired by then.


An interesting idea was floated this week on one of the websites I haunt. Someone was getting just a little exasperated at the identity proving process we all suffer these days, and rather than drive 50 miles to an agency’s offices to show them his passport was wondering if having a Skype video conference with the agent while holding his passport would suffice.

General response was along the lines of nice idea, but these are agencies we’re dealing with so probably not. It’s not that we have any objections to proving we are who we say we are; it is to everyone’s benefit, after all. But the whole thing is getting just a little surreal.

Start with the passport thing. What everyone fails to remember is that a passport is only proof of identity if you are the one holding it. Copies, be they full colour images, redacted black and white scans, video image, even with you in the frame – none of these are proof of anything beyond your skills with a digital camera. You have to be there, holding it, at which point the other guy can take a copy of the photo page – nothing else just that page – for their own records.

And there’s another issue. The more peripatetic contractors – like me, for instance – go through this farce several times a year. Just how safe are all these copies of a Crown documents, I wonder? And how many of them are deleted once they are no longer needed?

And given the quality of most of my communications from agencies, just how accurate are the supporting records anyway? We will never know…

The real irritation, though, is that the whole exercise is totally unnecessary. And, as usual, we have to look to those bastions of professionalism and awareness, the agencies and the Human Remains Resources teams.

Because HR are usually in the loop for hiring contractors, they only think of them as pseudo-employees. OK, that’s an old argument that bores even me, but it’s still true. Therefore the master contract the agency has with the end client’s HR team is framed in terms of employment law. This, among other things, lays fearful penalties on clients who don’t ID check their employees.

Agencies, being at the higher end of the risk averseness scale, take great care not to offend. Hence they go to great lengths to ensure everyone they touch is checked. Except I am not an employee of anyone, I am an independent supplier. I’ve checked the people I send out to work for me and am more than willing to assert that I know who they are and that they are allowed to be here. And take any penalties you care to throw at me if I’m wrong. And since I’m not the agency’s employee – much as they like to pretend we are – and certainly not the client’s, there is no legal obligation to ID check me all over again.

All that has to happen is for agencies to have two contracts with their clients: one for employees, one for freelancers. Do that and not only do a lot of contractual arguments go away – along with 90% of the threat of IR35 and the AWR of course – but they save themselves hundreds of pointless man hours a year which, you might think, would appeal to the bean counters who run most agencies these days.

But far too simple a solution will never catch on. Especially if nobody triers to sell it.

And just to close, how about this for idiocy. One guy was asked for his NI number as well as his passport and “other documentary proof of address” to get a building pass. NI numbers aren’t a proof of anything, as the Home Office is at pains to point out. For one thing, while the numbers are unique they may have been given to, or used by, more than one person. So not really a lot of good to anyone as a proof of anything.

One day, sanity will prevail. I suspect I’ll have retired by then.

About the author: Alan Watts

Alan has worked in IT for most of the last 35 years, and first went freelance in 1996. He has been a PCG member from its start and has been spreading the message that freelancing is a professional career choice for many years. Alan also runs Malvolio’s Blog, a personal but highly informative take on the life of the modern freelance.

Alan Watts, Principal Consultant, LPW Computer Services

© 2011 All rights reserved. Reproduction in whole or in part without permission is prohibited

Image: The Usual Suspects by Dylan Parker

Posted in alan's blogComments (0)

The three headed dog from hell or a huge step in the right direction?


I don’t know if anyone’s noticed, but there’s a bit of a revolution going on this weekend. Something I’ve been banging on about since early 2003 is facing a big and, to my eyes, rather significant change. And I bet 90% of the people it affects don’t even know about it.

It’s called Cerberus. OK, that’s a three headed dog from hell to some, but to others it’s a huge step change.

Cerberus is primarily a Case Management System to look after the security clearance of anyone who holds it or are put up for clearance in order to get work in any of the myriad HMG-sponsored roles that demand it. It’s aim is to simplify and standardise what is currently a fairly creaky and almost totally paper-based system.

I’ve spoken before (at great length, some may say…) about the Catch-22 of no clearance means no job but you can’t have the clearance without the job. This is especially true of contractors, who have to be able to take up new roles on fairly short order; permanent staff are usually (but not always) in a position to stay with the old job or otherwise sit around until they are allowed to start the new one. So contractors like me are the real victims of this situation to the extent that I was not allowed to apply for a role a while back to implement a system I’d designed while I was cleared, since my clearance had lapsed in the interim.

The reason for this is the blind insistence from many agencies and more than a few prime contractors is that clearance takes forever to come through and without it you can’t work. And since the rules are that you can apply for clearance without a sponsor, the net effect is the aforementioned Catch-22, and the jobs on offer go to the same old circle of those inside the fence.

But this is wrong on several counts.

Firstly the main clearance agencies have been working to get their existing systems much more efficient. DVA, who look after the MOD, routinely clear 95% of SC clearances in less than 30 days and can fast track them in as little as 10. Again using me as the example, I was cleared by one of the constabularies to the same level in two weeks flat. So time is not really an issue.

Secondly you don’t need clearance to start the job, most of the time. The basic level of BPSS is not a million miles away from the kind of ID and residency checks we are routinely asked to do for any role. BPSS allows you to access material marked up to “Restricted”, which is around 90% of it. There are a very few exceptions, where informed supervision can’t be given, and until your full clearance comes through you will have to be collected from the front gate and taken back to it, but that’s hardly a major barrier to overcome.

And finally if you only ever take your workers from the same limited gene pool, how are you ever going to improve? Hoe many projects have failed because of the lack of up-to-date skills and practices I wonder.

Cerberus will bring all the clearance records into a single database, supported by on-line e-forms to replace the paperwork. All the various clearance agencies will have access to it, led by DVA and the Home Office equivalent, which makes everything far more traceable and, more importantly, transferable (my police clearance is not accepted by DVA, even though the police checks are actually slightly more rigorous. Go figure…)

So a big step forward. The target is to get SC clearance down to 15 days and CTC to less than a week. Let’s just hope the agencies notice…

About the author: Alan Watts

Alan has worked in IT for most of the last 35 years, and first went freelance in 1996. He has been a PCG member from its start and has been spreading the message that freelancing is a professional career choice for many years. Alan also runs Malvolio’s Blog, a personal but highly informative take on the life of the modern freelance.

Alan Watts, Principal Consultant, LPW Computer Services

© 2011 All rights reserved. Reproduction in whole or in part without permission is prohibited<

Image: Herlitz Monster-Talent Monster04 by Herlitz-Monster-Deal

Posted in alan's blogComments (0)

So who are you again?


You have to feel sorry for the poor recruitment industry. I mean, after several years of being beaten up by the bean counters who run their business these days to improve throughput and efficiency, they finally get to the point where the process is as effortless as it’s going to get.

Preferred Supplier Lists mean they get first sight of any new work. Keyword searches mean they don’t actually have to talk to candidates, but simply send in the first few CVs with the right keywords. Write-only answer phones mean they can’t be contacted. Back Office systems and so called “self-billing” arrangements (which aren’t but let’s not quibble) mean payment processes are self maintaining. Life is simple and efficient.

Then Primark got prosecuted for using illegal workers

Let’s remember that agencies’ main concern is the avoidance of risk. That’s why the contracts are usually so complex; it’s mostly to ensure the agency doesn’t get caught for the mistakes of the contractors it supplies nor for any taxes or other costs the contractor or client may incur for any reason whatsoever. So naturally their reaction to Primark was typically understated.

It used to be that you could go for a job with only a cursory check on your actual existence. Of course, having actually spoken to you – or even met you in person – the agent could be reasonably sure you were who you said you were. These days, as I’ve said before, the agent would much prefer not to talk to you, much less take time away from the telesales work actually to go and meet you.

When the need to demonstrate you had checked the candidate’s ID first cropped up, this got extended to you sending a bastardised copy of your passport – not that that’s a proof if ID, of course – and maybe a utility bill or similar to prove you had a real address (none of which, needless to say, can possibly be faked).

However Primark made them realise they could be prosecuted for a whole new range of things. As a result half of the agency’s time is now taken up with people running around looking at candidates holding passports, paying other agencies to run ID checks and doing a whole host of credit checks and other activities. All this, note, before you get sent for the interview.

As an aside, there are also concerns about what happens to all this data once it’s in the agency’s hands. A typical contractor might well supply half a dozen copies of some fairly personal data in a year, and I’m pretty damned sure not too many agencies will have paid to be ISO27001 compliant.

Thing is, of course, 99% of this is totally unnecessary, since it applies to employees, not contractors. Since the agency goes to enormous lengths to demonstrate that legally you are not their employee, nor the client’s, why does this whole scenario apply at all?

Perhaps if we ever get IR35 sorted out and have a clear test for whether or not you are a supplier or an employed temporary worker, then we can stop all this pointless activity.

Meanwhile, can anyone explain why my Company Secretary can’t sign a letter asserting all my company’s staff, be they employees or directors, are allowed to work here and accepting full responsibility should that prove to be untrue?

Do that and the agencies can go back to their usual state of happy indolence again.

© 2010 All rights reserved. Reproduction in whole or in part without permission is prohibited.

Image: Vintage ITT Telephone Handset by mightyohm

Posted in alan's blogComments (0)


  • Switch Accountants for FREE

    Switch Accountants for FREEAt K&B Accountancy Group we have introduced a simple and straightforward approach to changing accountants. We’re offering contractors, consultants and freelancers the opportunity to switch to K&B Accountancy Group for FREE without the need to pay for any ‘catch up’ or retrospective accountancy fees for the previous year’s accounts and corporation tax return* *T&Cs apply

our top 5 twitter posts

twitter

contractor accountants

contractoraccts



twitter Join the conversation
Free Telephone Advice