Personnel security risk assessment

Personnel security risk assessment focuses on employees, their access to the organisation's assets, the risks they could pose to the organisation and the sufficiency of countermeasures. It is the foundation of the personnel security management process. It is also crucial in helping security and human resource managers communicate to senior managers the risks to which the organisation is exposed.

Very often, clear rationales for the use of particular personnel security measures are lacking and resources are not targeted in a proportionate way. CPNI's personnel security risk assessment guidance, which is illustrated using a fictional case study, aims to help security and human resource managers to:

• conduct personnel security risk assessments in a way that balances pragmatism with rigour
• prioritise the insider risks to an organisation
• identify appropriate countermeasures to mitigate against those risks
• allocate personnel security resources in a way that is cost effective and commensurate with the level of risk.