Thursday 11 June 2009

A Clear CRB Check means They haven’t been Caught Yet!

Vanessa George, who worked at a Portsmouth nursery, stands accused of appalling sexual offences against young children. Already media reporters are queuing up in criticising the “enhanced Criminal Records Bureau (CRB)“ check, which this apparently despicable person passed, saying the check must of either failed or the CRB checking system itself is at fault. The CRB checking system has not failed nor is the CRB system at fault, as any seasoned security professional worth his salt will know, clear staff background checks does not guarantee an individual is not a dodgy person and is not capable of doing bad things. The truth is no background security check or test can ever provide a guarantee, whether it’s checking airport workers aren’t terrorists, checking child minders are suitable to be alone with children, or a data entry clerks aren’t data thieves.

Most organisations with staff dealing with financial information, government data or child care are required to carry out a CRB checks on their employees. Personnel whom pass these checks tend to be implicitly trusted by both their employers, and by the governing bodies which make the policies to have the checks done in the first place. As I always, always say, a clear background or CRB check simply means an individual has not been caught yet! Therefore individuals within their roles, depending on the organisation, should always be considered as a potential fraudster, a terrorist or indeed a sexual offender. By all means carry out background checks on staff, but never implicitly trust humans will not do bad things given an opportunity, only by accepting this together with assessing the internal risks staff can pose within their role, can we build the right security controls within processes and systems which will protect against internal staff threats.

