What you will get from this whitepaper
You will gain insight into:
- risks related to access to critical infrastructure
- applicable laws and regulations and what they require of organisations
- common pitfalls in screening
And learn how to:
- implement structured screening processes
- define roles, responsibilities, and governance
- scale screening as part of business continuity
Where does it often go wrong in practice?
- Shortages of technical staff lead to the use of temporary contractors and external personnel in critical roles.
- Audit and compliance requirements are increasing. The pressure is rising and meeting these requirements is becoming more difficult.
- Insufficient control over who has access to what within the organisation. This increases exposure to security incidents.
- Screening differs per project, contractor or supplier. Is this still aligned with the overall screening process?
From ad hoc screening to demonstrable control
It is no longer sufficient to screen personnel only at the point of hiring. In organisations with critical infrastructure, roles, projects, suppliers, systems and access rights change continuously. At the same time, the use of temporary staff and external parties is increasing.
Ad hoc screening no longer reflects today’s reality. When a structural approach is lacking, organisations lose oversight and consistency. This makes it difficult to demonstrate who has or had access to critical roles at any given time. It is even more challenging to determine on what basis access was granted. Regulators therefore require demonstrable control.
The whitepaper explains how organisations can structurally embed and maintain demonstrable control over these processes.
What does demonstrable control actually mean?
This means that a defined process is expected in which screening is applied consistently to everyone within the organisation, including employees, contractors and suppliers. Decisions and outcomes must be transparent and verifiable. This is essential for risk management and operational continuity in critical infrastructure.
When organisations fail to meet these requirements, this becomes evident during audits or incidents. In a sector where reliability and safety are paramount, demonstrable control is no longer optional, but a requirement.
New legislation
New legislation within the energy and infrastructure sectors places increased demands on organisations regarding security, continuity, and control over access to critical roles. Examples of relevant regulations include the NIS2 Directive and the Swedish Protective Security Act.
Download the white paper
Fill in the form to download our white paper Maintaining control over access to critical infrastructure. We will send it to the email address you provided in the form.