What you will get from this whitepaper
You will gain insight into:
- risks related to access to critical infrastructure
- applicable laws and regulations and what they require of organisations
- common pitfalls in screening
And learn how to:
- implement structured screening processes
- define roles, responsibilities, and governance
- scale screening as part of business continuity
Where does it often go wrong in practice?
- Shortages of technical staff lead to the use of temporary contractors and external personnel in critical roles.
- Audit and compliance requirements are increasing. The pressure is rising and meeting these requirements is becoming more difficult.
- Insufficient control over who has access to what within the organisation. This increases exposure to fraud.
- Screening differs per project, contractor or supplier. Is this still aligned with the overall screening process?
From ad hoc screening to demonstrable control
It is no longer sufficient to screen personnel only at the point of hiring. In organisations with critical infrastructure, roles, projects, suppliers, systems and access rights change continuously. At the same time, the use of temporary staff and external parties is increasing.
Ad hoc screening no longer reflects today’s reality. When a structural approach is lacking, organisations lose oversight and consistency. This makes it difficult to demonstrate who has or had access to critical roles at any given time. It is even more challenging to determine on what basis access was granted. Regulators therefore require demonstrable control.
The whitepaper explains how organisations can structurally embed and maintain demonstrable control over these processes.
What does demonstrable control actually mean?
This means that a defined process is expected in which screening is applied consistently to everyone within the organisation, including employees, contractors and suppliers. Decisions and outcomes must be transparent and verifiable. This is essential for risk management and operational continuity in critical infrastructure.
When organisations fail to meet these requirements, this becomes evident during audits or incidents. In a sector where reliability and safety are paramount, demonstrable control is no longer optional, but a requirement.
New legislation
New legislation in the industry and energy sector places responsibilities on organisations for security, continuity and access to critical roles. Examples include the WWKE, the Energy Act and the ARIV.
Download: Maintaining control over access to critical infrastructure
Organizations that want to maintain control over critical infrastructure must implement screening as a structural process. Want to see how this works in practice? Schedule a demo and discover how organizations make this audit-proof.
Collaboration with our partner Hoffmann
Hoffmann supports organisations in creating a safe and ethical working environment. With over 60 years of experience and a team of 75 specialists in corporate investigations, forensic research, ICT security, and strategic risk management, they focus on issues such as fraud, integrity, misconduct, and cybersecurity. Each year, Hoffmann handles more than 1,300 cases, with a strong emphasis on preventing and managing workplace risks.