BPSS Compliance: The Gaps Most Government Contractors Are Still Getting Wrong
On 20 April 2026, the House of Lords held a formal parliamentary debate on the state of UK security vetting. What peers said was stark. They described the system as limited, flawed, untransparent, incompetent and inadequate, with formal demands for root and branch reform of how vetting is carried out across government and its contractors.
This is the framework that sits at the top of the chain. What underpins all of it, the absolute baseline that every higher level of national security clearance depends on, is BPSS. The Baseline Personnel Security Standard. And in 18 years of running a specialist screening and vetting company, what I saw again and again was that most organisations applying BPSS were not applying it correctly.
The problems at the top get the headlines. The problems on the ground are quieter. And they are far more common.
What Most Organisations Get Wrong
I have seen BPSS applied, or attempted, across government contracting, defence, critical national infrastructure and healthcare. The organisations doing it rarely believed they had a problem. Most thought they were compliant. Most were not.
The gap is almost always the same. Organisations know that BPSS is a requirement. They run some checks, keep a file and assume that is enough. What they do not do is understand what BPSS actually requires at a granular level, what documentation must be held and what an auditor will be looking for when they arrive.
In 18 years of reviewing screening files, I saw employment history with unexplained gaps, right to work checks completed at the point of hire but never re-verified when a time limited document expired, overseas history noted but not investigated and criminal record checks carried out using the wrong DBS level. In almost every case, nobody in the organisation knew any of it was wrong.
What BPSS Actually Requires
BPSS is built on four components. Right to work. Identity verification. Criminal record check. Employment history. Every one has specific requirements. None are optional. And each has a consistent point of failure that I saw play out, across hundreds of files, across years of doing this work.
Right to Work
Right to work must be verified correctly and documented at the outset. Where a candidate holds time limited permission to work in the UK, the employer must re-verify that permission before it expires. This is one of the most consistently missed elements in any BPSS file I ever reviewed. The initial check is done. The follow up never happens. The statutory excuse lapses silently, sometimes years before anyone notices.
Identity Verification
BPSS requires verification of identity, not simply sight of a document. That means confirming the document is genuine, that it belongs to the person presenting it and that it connects to a real and consistent identity. Many organisations tick this box by looking at a passport. That is not identity verification. If the document has not been checked for authenticity and no cross referencing has been done, the identity component of BPSS has not been completed properly.
Criminal Record
BPSS requires a basic DBS check, covering unspent convictions only. Some organisations run the wrong level. Others run no check at all and rely on a self declaration from the candidate. A self declaration is not a DBS check. It is a question. It does not satisfy the requirement.
Employment History
This is where I saw the most consistent failures. BPSS requires a verified employment history covering a minimum of three years, or back to the point the individual left full time education if that is more recent. Every gap must be accounted for. Every period of overseas employment must be investigated.
In practice, organisations would accept what the candidate provided, send reference requests and file whatever came back. If a referee did not respond, nothing happened. If there was a gap described as a career break, it was accepted without question. None of that is compliant BPSS and all of it would fail an audit.
Overseas History
If a candidate has lived or worked outside the UK during the relevant period, BPSS requires that history to be investigated. That means attempting to obtain overseas criminal record information for any country where the candidate resided for three months or more. Many organisations have no process for this at all. Some do not know it is a requirement. It is not optional, and its absence is one of the most common BPSS failures I encountered.
The Audit Trail
BPSS is not just about running the checks. It is about demonstrating to an auditor that the checks were run correctly, what the results were and what decision was made as a result. This is where organisations fall apart even when the checks themselves were done properly. Checks ran. Results came in. Decisions were made. None of it was recorded in a way that could be shown to anyone six months later. If you cannot show it, as far as an auditor is concerned, it did not happen.
What It Costs You When It Goes Wrong
Contract loss is the most immediate risk. Government contracts typically include BPSS as a contractual obligation. Failure to apply it correctly is a breach of that contract, and organisations have lost contracts as a direct result of BPSS audit failures.
Right to work failure within BPSS carries its own statutory consequences. If a time limited document expires without re-verification, the employer loses their statutory excuse. The civil penalty for employing someone without the right to work is up to £60,000 per worker. It is the absence of the correct process that triggers it, not necessarily any deliberate wrongdoing on the employer's part.
Reputational damage in defence, government contracting and critical national infrastructure is lasting. An audit failure that results in contract loss in this space follows an organisation for years.
Charlotte Can Answer This Right Now
If any of what I have described sounds familiar, the answer is not another online search. It is not a guidance document to read when you have a spare hour.
Charlotte is my AI knowledge twin. She is built entirely on 18 years of real operational experience across 68 specialist topic areas covering every aspect of UK employment screening, vetting compliance, governance and risk. She is not a generic AI tool pointed at websites. She is the closest thing to having me available to your organisation at any hour of every day.
Ask Charlotte anything about BPSS, right to work, overseas checks, employment history verification, documentation or audit preparation and you get a clear, practical, expert answer at the exact point the decision needs to be made.
To give you a sense of what Charlotte can do on this topic, here is the question I put to her and the answer she came back with.
Question put to Charlotte: We have a government contract starting in three months. Our HR team has never run BPSS before. What are the most common mistakes organisations make and how do we avoid them?
Charlotte's answer: The most common mistake is treating BPSS as a checklist rather than a standard with specific evidential requirements. Three areas consistently fail. First, employment history verification stops at requesting references rather than confirming them and investigating every gap in the three year history. Second, overseas history is either missed entirely or acknowledged without any attempt to obtain overseas criminal record information for countries where the candidate lived for three months or more. Third, right to work documents are verified at the point of hire but never re-verified when time limited permissions expire. Build a process that documents every check, every result and every decision before your contract starts. That documentation is what protects you when an auditor arrives.
Charlotte provides expert guidance based on 18 years of real operational experience in UK employment screening and vetting. She does not provide legal advice. For legal matters specific to your organisation, always consult a qualified solicitor.
Getting access to Charlotte requires an initial setup of £500 and an ongoing monthly access fee of £895. There are no charges per user, no charges per seat and no limits on use across your organisation. Access runs month to month with no long term commitment. Start with the seven day free trial at https://vettinghub.co.uk/trial. Full access. Real questions. Real answers. No risk.
Related Posts Worth Reading
If you are still working out where BPSS sits in relation to other screening standards your organisation might need, the post I published last week covers how BPSS compares to BS7858 and how to identify which standard applies to your situation: https://vettinghub.co.uk/post/bs7858-vs-bpss-which-screening-standard-applies-to-your-organisation
Right to work is a core component of BPSS and carries serious legal consequences of its own if it goes wrong. If you want to understand the full right to work obligation, including how to maintain a statutory excuse correctly and what the civil penalty regime looks like in practice, this post covers it in full: https://vettinghub.co.uk/post/right-to-work-checks-employer-compliance-guide-2026
Frequently Asked Questions
What does BPSS stand for and who needs it?
BPSS stands for Baseline Personnel Security Standard. It is the mandatory screening standard for civil servants, members of the armed forces, temporary staff in government departments and contractors working on government contracts. It is also widely applied in defence, critical national infrastructure and other sensitive sectors where the employing organisation sets it as a contractual requirement.
How far back does BPSS employment history verification go?
BPSS requires a verified employment history covering a minimum of three years, or back to the point the individual left full time education if that is more recent. Every gap must be investigated and documented. Overseas employment during this period must also be investigated, including attempts to obtain overseas criminal record information for any country where the candidate lived for three months or more.
What level of DBS check does BPSS require?
BPSS requires a basic DBS check, which covers unspent convictions only. A self declaration from the candidate is not an acceptable substitute for a DBS check and does not satisfy the requirement. Some roles require a higher level of DBS check for separate reasons, but the basic check is the specific BPSS requirement.
Does BPSS have an expiry date?
BPSS does not have a formal expiry date. Re-verification is required when an individual moves between employers, when there has been a break in government employment of more than 12 months or when a significant role change occurs. Time limited right to work documents must also be re-verified before they expire regardless of whether a full re-screen is otherwise triggered.
Start With a Real Question
The best way to understand what Charlotte can do for your BPSS process is to ask her a real question yourself. The seven day free trial at https://vettinghub.co.uk/trial gives you full access for seven days with no sign-up risk and nothing to cancel if she is not right for you.
A single setup fee of £500 deploys Charlotte securely into your organisation or platform. Ongoing monthly access is £895, with no charges per user, no long term contracts and no limits on use. Charlotte covers 68 specialist topic areas across employment screening, vetting compliance, governance and risk. She is available from the moment she is deployed, every hour of every day, at the exact point screening decisions are being made.
