CPNI personnel security resource list

CPNI is the government authority provides protective physical, personnel and information security advice to the national infrastructure.



What is CPNI?

The Centre for the Protection of National Infrastructure (CPNI) is the government authority that provides protective physical, personnel and information security advice to the national infrastructure.

Personnel security

Personnel security measures help organisations manage the risk of staff or contractors exploiting their legitimate access to their premises, information and staff for unauthorised purposes.

CPNI resources

Risk assessment for personnel security

This CPNI guide focuses on employees, their access to an organisation’s assets, the risks they could pose to the organisation and the sufficiency of countermeasures. This aids a thorough and balanced response and the allocation of resources in cost effective ways commensurate with risk.

Pre employment screening and document verification

CPNI pages providing information on screening, a fundamentally important element of any personnel security regime. Offers advice and guidance on verifying identity, the right to work, employment history and qualifications, and criminal records.

Ongoing personnel security

This CPNI guide focuses on what can be done to ensure that the personnel security regime continues past the recruitment stage. It covers security culture, line management, contracting, manipulation, controlling and monitoring access and investigating employees.

This CPNI document provides guidance to employers on how to manage employee-related information disclosed to them by the security authorities. Whether the disclosure is about a member of staff working in a sensitive area suspected of being in contact with terrorists, or is about an employee managing the organisation’s finances who is falsely claiming benefits, there are common measures which the employer can take to help manage the risk.

Online social networking

A CPNI/CESG publication which offers an holistic view of the risks associated with social networking and microblogging sites (including content, malware, phishing and spam and social interactions) and gives guidance on appropriate countermeasures.

Investigating employees of concern

The ‘Investigating employees of concern’ guide offers factors to consider and best practice on all stages of an investigation.

CPNI security awareness campaign kit

Designed to help security teams promote best practice security messages across any organisation in the national infrastructure, the kit comes in CD format and includes presentations and customisable posters for your company. To obtain a copy of the campaign kit contact

CPNI personnel security DVD in hindsight

This 25 minute DVD includes chapters on recruitment, ongoing personnel security and exit procedures, and illustrates common mistakes and oversights through case study. The DVD is available by contacting

CPNI transport advisors

CPNI transport advisors work jointly with DfT to reduce the vulnerability of the national infrastructure to terrorism and other threats, keeping the UK’s essential services safer. The advisors provide advice and guidance on physical, personnel and information security and work with individual companies, transport modal sectors or across the industry. For further information please contact

CPNI training courses

CPNI offer a range of courses including ‘Risk assessment’, ‘Pre-employment screening’ and ‘Resolving suspicions about employees of concern’. These are intended for all sectors within the Critical National Infrastructure, including transport. Delegates must be sponsored by their CPNI sector advisor (see above). For more information and to request the full CPNI training brochure

Security culture review and evaluation (SeCuRE 2) tool

SeCuRE 2 can be used by organisations to shape the direction of security policies and also provides a snapshot about how employees view security in the organisation. Results are presented in graphical format to make them easy to interpret, and suggested actions are provided about improvements that could be made.

The SeCuRE 2 software tool is available on CD ROM and can be obtained by contacting your adviser or by emailing Please remember to include your address and contact details.

Transport employers terms and conditions of employment

This guidance is intended for use by employers to ensure that conduct and behaviour which could constitute a security concern is adequately accounted for in terms and conditions of employment.

Employee assurance tools

Is effective ongoing personnel security a concern in your organisation? Do you have high risk posts where you need to identify and manage employees who may be vulnerable or pose a risk?

CPNI’s new employee assurance tools (tools) can help you address these concerns, by enabling you to assess and reduce the risk of counter-productive behaviours in the workplace. These are behaviours which may have an impact on areas of significant risk within your organisation or on the assets for which you are responsible.

If you then decide to go ahead with implementation CPNI will provide you with access to the tools and further elearning in their use. Please contact the Personnel Security and Behavioural Assessment Team at CPNI if you would like to explore implementation, either by emailing or through your relevant CPNI adviser/contact.

A motivated force

A critical component of any security system is the security staff, specifically guard forces, such as those who undertake patrols, guard entrance points, and carry out security screening. Motivated, attentive and observant staff in these roles can form a highly-effective deterrent presence and final line of defence where other interventions (for example electronic security access) have failed. Conversely, demotivated staff who do not perform their role effectively can be a single point of failure within a security system.

Holistic management of employee risk

Holistic Management of Employee Risk (HoMER) is new guidance to help you manage the risk of employees’ behaviour damaging your business.