This guidance is intended for use by employers to ensure that conduct and behaviour which could constitute a security concern is adequately accounted for in terms and conditions of employment.
Security concerns form just one aspect of terms and conditions of employment and this document is intended to support existing general and statutory guidance, such as that produced by the government and by Acas 1, and not as a replacement for it.
In drawing up such terms and conditions of employment the company should take advice from those responsible for security to ensure that security issues relevant to the company, and to individual roles within it, are properly taken into account. Discussion of terms and conditions of employment should also involve employees and their representatives.
Why is it important for employers to account for security concerns in their terms and conditions of employment?
An important implied term in every employment contract is the duty of mutual trust and confidence, which means that employers and employees must not act in a way which unreasonably and seriously damages their relationship. For example, employees are trusted not to destroy company property, and employers are trusted to follow fair contractual procedures before taking any disciplinary action against an employee. Many security concerns relate to honesty and integrity and fall within this implied contractual obligation.
Employers should be aware that an employee may be able to:
- divert their company or customer funds or other assets
- physically or electronically sabotage their operations
- allow others to access their facilities, vehicles and premises
- disclose their valuable information without authorisation or control
- appropriate their intellectual property.
with the possible consequence of:
- making terrorist attacks possible
- stealing their physical, intellectual or financial assets
- directly or indirectly benefiting their competitors
- lowering staff morale and commitment
- sending their customers elsewhere
- damaging their company reputation
- leaving them open to claims of negligence
For transparency, it is important that employers inform their employees about any rules relating to security concerns, and to any changes in those rules, so that employees understand:
- what behaviour would be deemed unacceptable
- the processes for investigating evidence of such behaviour
- the consequences if they are found to have breached these rules
This ensures that employers, employees and their representatives have a shared understanding of what is expected of employees, and the action that may be taken if those expectations are not met.
What constitutes a security concern?
Employers should consult those responsible for security within the organisation to help them determine what would constitute a security concern, and which may result in the employer taking disciplinary action. Relevant concerns may include, but are not limited to:
- unauthorised disclosure of sensitive information or intellectual property
- theft of physical, intellectual or financial assets
- financial misconduct
- violent behaviour
- membership of or support for groups which advocate violence
- damage to property
- facilitating any of the above
- breaches of company security requirements
Relevant concerns should be made clear to an employee, both through terms and conditions of employment and/or staff handbooks, with those messages reinforced in any induction programmes. If employees do take action which gives rise to security concerns, then the likely consequences of that action should be made clear in the employer’s disciplinary procedures (see the disciplinary procedures section below).
Employers may wish to consider whether or not they should require employees and job applicants to disclose any criminal convictions, or convictions of a particular nature, received prior to or during the period of employment. If it is decided that there will be such a requirement, this should be made explicit to affected individuals, and a short explanation should be provided as to precisely what information is required and why (eg all unspent convictions or only unspent convictions for offences involving violence or dishonesty, etc.) Again, it should be made clear in employers’ procedures what the likely effect particular types of offence would have on job applications, or continued employment respectively.
Where it is proportionate to the risks identified, and permitted by the law, employers may decide that particular roles should also require a criminal records check (‘disclosure’) as part of the selection process. Disclosure takes 3 forms: basic disclosure will reveal all criminal convictions considered to be unspent - job applicants can be asked to apply for basic disclosure in their own names from Disclosure Scotland or Access Northern Ireland, and submit the result to the employer. More extensive checks (standard or enhanced disclosures) may be requested by certain employers for certain, sensitive jobs. You may wish to seek HR and/or legal advice before deciding whether a criminal record check is to be required for any particular role.
If an employer decides to consider criminal convictions as part of the recruitment process (or even determines that certain criminal convictions should serve to disqualify an applicant) they would need to be sure that any such policy was compliant with the Data Protection Act 1998, and was applied fairly in each individual case. The policy should be clearly set out in company procedures, and provided to job applicants.
Guidance to employers on investigating potential misconduct, and taking disciplinary action up to and including dismissal, is readily available. 3
The ‘Acas code’ (which is a statutory code) sets out the basic requirements of fairness in handling disciplinary cases. An unreasonable failure to comply with the ‘Acas code’ can lead to an uplift of compensation awards made against employers in claims for unfair dismissal by up to 25%.
Employers may wish to consider making explicit - through terms and conditions of employment, and company disciplinary procedures, with messages reinforced during induction programmes and other training - which concerns, or what degree of severity in employee action, would lead to a particular course of disciplinary action on behalf of the company.
It is particularly important in the context of security-related conduct to make clear what action is likely to constitute gross misconduct, as that is conduct which is so serious that it overturns the contract of employment, justifying summary dismissal (ie dismissal without notice). 4 The ‘Acas guide’ sets out a non-exhaustive list of possible examples of gross misconduct. 5 Provided that these matters are brought to the attention of employees, and that fair procedures are followed in response to any potential breach, then employers are more likely to be able to defend successfully any subsequent claim for unfair dismissal.
Refusal or withdrawal of government security clearance will not, in itself, be a reason for disciplinary action; however the underlying justification for that decision may be: for example support for terrorism or criminality that merits action because of its implications for employment.
1 Such guidance includes:
3 For example, the statutory ‘Acas code’ and the accompanying ‘Acas guide’ (see at footnote 1 above).
4 See the ‘Acas code’, paragraph 23.
5 See the ‘Acas guide’, page 31.