Call IT Support Email IT Support

Pre-employment Checks

Defining the University’s approach to vetting of employees and their continued information security responsibilities.

Policy Statement

This control procedure defines the University’s approach to vetting of employees and their continued information security responsibilities, and directly supports the following policy statement from the Information Security Policy:

The university’s security policies and expectations for acceptable use will be communicated to all users to ensure that they understand their responsibilities. Information security education and training will be made available to all staff, and poor and inappropriate behaviour will be addressed.

Where practical, security responsibilities will be included in role descriptions, person specifications and personal development plans.

Audience

This procedure is intended to be read and understood by all employees and contractors. It is of particular relevance to HR staff and recruiting managers.

Control Statements

Employees, contractors and third party users must understand their responsibilities in respect of University information, and checks should be conducted to ensure they are suitable for the roles they are considered for, prior to being granted any access to Univeristy systems or information.

  1. Screening
  2. Third party requirements for screening
  3. Terms and conditions of employment 

1. Screening

Background verification checks on all candidates for employment, contractors, and third party users should be carried out by Human Resources. Checks will be proportionate to the business requirements, the classification of the information to be accessed, and any perceived risks.

The process for conducting verification checks and subsequent offers of employment are documented in University’s Recruitment and Selection Policy.

Candidate data that is collected as part of the University’s recruitment process will be handled in accordance with HR policies and procedures.

2. Third party requirements for screening

Occasionally a third party will request additional screening of a University employee in order to grant access to information, for example where a research project is using HMG information. Such requests will be considered on a case-by-case basis by the Legal and HR teams.

3. Terms and conditions of employment 

As part of their contractual obligation, users must agree to and sign their offer letter and contractual terms and conditions. Employment contracts will state employee obligations and responsibilities for complying with University policies and procedures including those associated with information security.

Employee contracts contain a confidentiality statement outlining that as part of the offer of employment, individiauls understand the confidential nature of the information they access, that they will not use the information for unauthorised purposes and that they will return or destroy any information or assets when their employment terminates.

Compliance

Failure to comply with this procedure could result in action in line with the University’s Disciplinary Procedure or Capability Procedure.

Compliance checks will be undertaken by the University’s Information Governance functions. The results of compliance checks, their risk assessment and their remediation will be managed by the Information Security Board.

Related documents

This control procedure needs to be understood in the context of the other policies and procedures constituting the University’s Information Security Management System.

Browse Information Security policies and control procedures

Review

A review of this policy will be undertaken by the Information Security team annually or more frequently as required, and will be approved by the Information Governance Board.

Information Security