BS7858 screening explained
The British Standard for vetting personnel in secure environments. What BS7858:2019 actually requires, who needs it, and how it fits alongside DBS and SC clearance.
BS7858:2019 is the British Standard published by BSI for screening personnel employed in an environment where the security of people, property, or information is required. It is contractually required for SIA-licensed security staff, data-centre access personnel, cash-in-transit crews, secure-facility contractors, and similar roles. The standard specifies six components: identity verification, a five-year employment history, two character references, a Basic DBS check (or higher where eligible), a financial integrity check, and Right to Work verification. It is not a statutory obligation like Right to Work, but its authority comes from SIA licensing rules and industry contractual specification. BS7858 is distinct from SC/DV vetting, which is administered by UKSV and reaches considerably deeper. Turnaround is typically four to six weeks, with re-screening on a defined cycle. Social-media and digital-reputation checks are not part of BS7858 — they are increasingly added alongside as complementary OSINT layers.
The six components of a BS7858 pack
A compliant BS7858:2019 screening pack addresses six requirements. Each must be evidenced and dated within the standard’s time windows.
Identity verification
Three verified pieces of identification, covering full name, date of birth, current address, and a recent photograph. Documents verified against source rather than taken at face value.
Five-year employment history
Full employment record covering the most recent five years, with gaps over 31 days explained and verified. Each role confirmed directly with the employer, not through a reference agency.
Character references
Two character references covering the full five-year period from individuals not related to the candidate, able to confirm identity and character. Verified as genuine.
Criminal record check
A Basic DBS check (unspent convictions only) as the minimum. Roles with additional eligibility may require Standard or Enhanced DBS. The certificate must be dated within three months of commencement.
Financial integrity check
Credit reference check covering CCJs, IVAs, and bankruptcy within the last five years. Adverse findings don’t automatically disqualify but require documented assessment.
Right to Work verification
Statutory Right to Work check as required under the Immigration Act 2014. Compliance with the current Home Office prescribed list or IDVT-accredited verification.
Who actually needs BS7858?
BS7858 is contractually mandated in specific UK roles and industries. Many organisations also voluntarily adopt it as a screening baseline even where not strictly required.
SIA-licensed security staff
Door supervisors, CCTV operators, security guards, close-protection operatives — the SIA requires BS7858-compliant screening as a condition of licensing.
Data-centre operations staff
Staff with physical access to critical infrastructure, colocation facilities, or regulated-data hosting environments. Typically a contractual requirement.
Cash-in-transit and secure-logistics crews
Armed or cash-carrying roles under Bank of England or regulated-cash-services contracts.
Secure-facility contractors
Cleaners, maintenance staff, and third-party contractors with unescorted access to secure facilities. Often specified by the client contract.
Regulated commercial environments
Pharmaceutical, defence-manufacturing, or high-value retail environments where stock or access controls require vetted personnel.
Financial services support staff
Mail-room, facilities, and operations staff in banks or regulated financial environments. Some firms treat BS7858 as the baseline rather than an upper bar.
How BS7858 differs from DBS, SC, and DV
BS7858 is one layer of a broader UK vetting landscape. Understanding how it fits alongside DBS and government security-vetting levels matters when building a screening programme.
BS7858 is a standard, not a legal requirement
BS7858:2019 is published and maintained by BSI (British Standards Institution). It is contractually required by specific industries and the SIA — but it is not a statutory obligation in the way Right to Work is. Its authority comes from industry acceptance and contractual specification.
DBS is a criminal-record check; BS7858 is a screening standard
A DBS check is one input into a BS7858-compliant screening pack. BS7858 specifies the full process — identity, employment history, references, financial integrity, criminal records, Right to Work — whereas a DBS check only addresses the criminal-records element.
BS7858 does not reach SC/DV-level vetting
For central-government roles, critical-national-infrastructure access, or defence clearance, Security Check (SC) or Developed Vetting (DV) is required. These are administered by UKSV and go considerably deeper than BS7858 — interviews, financial assessments, personal history checks.
BS7858 is employer-led, not individual-led
A candidate cannot apply for BS7858 themselves. The employer (or their screening provider) conducts the checks and issues the compliance outcome. Screening certificates are not portable in the way a DBS certificate can be (via the DBS Update Service).
BS7858 plus the digital layer
BS7858:2019 is documentary and employer-verification focused. It wasn’t designed for the digital-footprint era. For security-sensitive roles, many employers now complement BS7858 with an OSINT check.
BS7858 verifies paperwork. A digital OSINT check verifies consistency — whether the candidate’s public identity aligns with the employment history and references on the BS7858 pack. Undisclosed alternate accounts, directorships, breach exposure, or location signals that don’t match stated history are surfaced alongside the compliance outcome.
Where BS7858 focuses on a five-year window, an OSINT check reaches further back through breach archives and historical web content, which can matter for high-sensitivity roles where residual digital exposure is itself a risk signal.
BLACKEYES delivers this layer from the candidate’s email address in around fifteen minutes. The eleven-section report format fits cleanly alongside a BS7858 pack as supplementary evidence — and in some environments becomes part of the routine screening baseline.
Frequently asked questions
How long does a BS7858 screening take?
Typically four to six weeks. The slowest component is usually five-year employment history verification — former employers can take two to three weeks each to respond. Well-managed screening providers can complete BS7858 in three to four weeks where the candidate’s history is continuous and verifiable. For roles with SC or DV vetting requirements, the timeline extends significantly further.
Does BS7858 need repeating?
Yes, on a defined cycle. The standard specifies periodic review — typically annually for credit status and every three years for a full re-screen, though specific industries set their own cycles. Material changes (new address, new role, adverse credit event) should trigger an update outside the normal cycle.
What’s the difference between BS7858:2012 and BS7858:2019?
The 2019 edition replaced the 2012 edition with tightened requirements around identity verification, more explicit financial integrity criteria, and updated guidance on Right to Work compliance. The 2012 edition is superseded; current screening must be conducted to the 2019 standard.
Can BS7858 be run on an international candidate?
Yes, but it becomes more complex. Employment-history verification for overseas roles requires direct contact with overseas employers (often slow, sometimes impossible). Overseas criminal record checks are the biggest challenge — each country has its own system, and some don’t issue certificates at all. Specialist international screening providers handle the edge cases.
Does BS7858 check social media or digital reputation?
No. BS7858 is documentary and employer-verification focused. Social media and digital OSINT are not part of the standard — they’re increasingly added alongside as complementary checks for secure roles where identity consistency and reputational signals matter.
What counts as adverse credit under BS7858?
The standard focuses on recent adverse findings — CCJs, IVAs, bankruptcy orders within the last five years are the main triggers. Adverse credit doesn’t automatically disqualify a candidate, but requires documented risk assessment by the employer. Some industries treat certain types of adverse credit (those indicating financial pressure or dishonesty) more seriously than others.
Is BS7858 required for remote workers?
If the role requires access to regulated systems or data that triggered BS7858 in the first place, yes — remote or on-site delivery doesn’t change the vetting requirement. The SIA’s licensing rules apply regardless of working pattern.
Complement BS7858 with digital OSINT
One email. Fifteen minutes. A source-cited digital check that sits alongside any compliant BS7858 pack.
Reports are tools, not conclusive judgements — verify material findings before reliance. See the FAQ