BS7858 vs BPSS: Which Screening Standard Applies to Your Organisation and Why the Difference Matters

April 22, 2026

In April 2026, it emerged that Peter Mandelson had failed his security vetting for the role of UK ambassador to the United States. A senior civil servant overrode that decision and granted top security clearance regardless. That civil servant has since been removed from office. The Prime Minister's chief of staff publicly called for the vetting process to be fundamentally overhauled.

Whatever your view of the politics, the story raises a question every organisation supplying people into government roles or roles connected to government work should be asking right now. What does proper vetting actually look like? Who decides which standard applies? And what happens when the wrong process is followed?

For most UK employers, the confusion begins with two acronyms: BS7858 and BPSS. They are not the same thing. I have lost count of the number of organisations that treat them as if they are.

What Most Organisations Get Wrong

In 18 years of running a screening company, I saw this confusion play out again and again. A security contractor would tell me their people were BPSS compliant because they had been screened under BS7858. A facilities management company would apply BPSS to a team of security officers when BS7858 was what the client contract actually required. A government supplier would assume their existing screening process covered both standards without ever checking what either one actually said.

The consequences were not always immediate. That is exactly the problem. You can apply the wrong standard for months, sometimes years, before a client audit, a contract renewal or a security incident pulls it into the light.

Both standards involve background checks. Both operate in sectors where people are trusted with assets, information and access. That surface similarity is where the confusion takes root. But they exist for different purposes, require different things and carry different obligations.

What Each Standard Actually Requires

What BPSS Actually Is

BPSS stands for Baseline Personnel Security Standard. It is the recognised government screening standard for anyone who has access to government assets in the course of their work. That means civil servants, members of the armed forces, temporary staff placed in government departments and contractors working on government contracts.

BPSS is a government standard, set and owned by the Cabinet Office. It covers four specific areas: identity verification, right to work in the UK, a criminal record check covering unspent convictions and employment history for the previous three years. It is not a formal security clearance. It is the foundation that must be in place before any higher level of national security vetting, such as Counter Terrorist Check, Security Check or Developed Vetting, can begin.

If your organisation supplies people to government clients or employs anyone who will access government premises, data or assets, BPSS is your baseline requirement. It is not optional in those contexts.

What BS7858 Actually Is

BS7858 is a British Standard published by the British Standards Institution. It is a code of practice for the screening of individuals working in a security environment. Developed originally for the private security sector, its reach has expanded considerably. It now applies across facilities management, aviation, healthcare, financial services and any sector where people have unescorted access to sensitive sites, assets or information.

BS7858 is more demanding than BPSS in several areas. It requires five years of verifiable employment history, not three. It requires a credit check. It requires overseas criminal record checks for any period of six months or more spent abroad within the relevant history window. It sets specific requirements around how information is recorded, stored and assessed, with an ongoing audit trail that must be available at any point.

For organisations operating under the Security Industry Authority Approved Contractor Scheme, BS7858 compliance is a regulatory requirement. Fail an audit and your ACS status is under threat.

Where the Confusion Comes From and How to Cut Through It

Both standards check identity. Both check criminal records. Both review employment history. That overlap is what leads so many organisations to assume that doing one means they have done the other. It does not follow.

BPSS has specific requirements around nationality and immigration status that BS7858 does not replicate in the same form. A government client asking you to confirm BPSS compliance is asking a specific, formal question. The answer needs to be specific and formal to match.

The practical question to ask is this. Do your people access government assets, premises or information? You need BPSS. Do your people work in a security environment with unescorted access to sensitive sites or assets? You need BS7858. Do they do both? You need to demonstrate compliance with both, evidenced separately, not assumed from one.

What Getting It Wrong Actually Costs You

Getting this wrong does not usually produce an immediate penalty. The consequences arrive later and they tend to be significant.

A government client audit reveals your BPSS compliance is not actually BPSS compliant. Your contract is at risk. Your people may be stood down while the gap is remedied. The cost in lost hours, emergency remediation and damaged trust with the client is rarely small.

An SIA audit finds your BS7858 process does not meet the standard. Your Approved Contractor Scheme status comes under review. The commercial consequences for a security company losing ACS status are severe.

If a security incident occurs and the screening process becomes a legal matter, the difference between having properly evidenced both standards and having assumed one covered the other is not a technical detail. It becomes the central argument.

Charlotte Is the Answer to This Kind of Question

When a question like this lands on your desk, you need an answer you can trust immediately. Not a web search. Not a call to a consultant who will charge you for the privilege of telling you to read the standard. An expert available right now, at any hour.

That is what Charlotte is. She is my AI knowledge twin, built on 18 years of real operational experience across 352 compliance topics covering the full scope of UK employment screening, vetting, compliance and risk. Ask her about BPSS, BS7858, how they interact, what each one requires and what you need to evidence, and you get a clear, practical, expert answer without delay.

To give you a sense of what Charlotte can do on this topic, here is the question I put to her and the answer she came back with.

Question put to Charlotte: We supply contractors to a government department. They have asked us to confirm our people are BPSS compliant. Our contractors are already screened under BS7858. Does BS7858 satisfy the BPSS requirement?
Charlotte's answer: Not automatically, no. BS7858 is more comprehensive than BPSS in several areas but it does not replicate every BPSS requirement. BPSS has specific obligations around nationality and immigration status verification that go beyond what BS7858 mandates in the same form. You need to confirm that your BS7858 process includes a right to work check, an identity verification step that meets BPSS requirements and a criminal record check covering unspent convictions, with employment history covering at least three years and all gaps addressed. If those elements are present and documented in a way that maps to the BPSS specification, you may be able to demonstrate compliance with both. But you should review your process against the BPSS specification directly before confirming compliance to your government client.
Charlotte provides expert guidance based on 18 years of real operational experience in UK employment screening and vetting. She does not provide legal advice. For legal matters specific to your organisation, always consult a qualified solicitor.

Your Vetting Hub subscription also includes 18 CPD certified vetting and screening courses and 22 digital compliance toolkits, all built from real operational experience and all available from day one. They are there when you need the depth. Everything is included for £79 per person per month, with nothing extra to buy.

Related Courses

The following courses are included in your subscription and cover this topic in depth.

BPSS Screening: Understanding the Standard and Meeting It
BS7858 Screening Standard: Audit Ready Compliance
Employment Screening Essentials: The Complete Professional Guide

Related Toolkits

The following toolkits are ready to download from day one and are included in your subscription.

BPSS Evidence and Clearance Checklist
BS7858 Employer and Manager Guidance Toolkit
BS7858 Employer Quick Reference Guide
Screening Roles and Responsibilities Matrix

Frequently Asked Questions

Does BS7858 compliance mean you are automatically BPSS compliant?

No. The two standards overlap in several areas but one does not automatically satisfy the other. BPSS has specific requirements around nationality and immigration status that BS7858 does not replicate in the same form. If your BS7858 process happens to cover every BPSS element and you can evidence it against the BPSS specification, you may be able to demonstrate compliance with both. But you cannot assume that without checking it properly.

Who needs BPSS screening?

Anyone whose work involves access to government assets, premises or information. That includes civil servants, members of the armed forces, temporary staff placed in government departments and contractors working on government contracts. Responsibility for completing BPSS sits with the employing organisation, not with the government client.

Who needs BS7858 screening?

Organisations in the security sector, facilities management, aviation, healthcare and any environment where staff have unescorted access to sensitive sites, assets or information. For organisations operating under the SIA Approved Contractor Scheme, BS7858 is a regulatory requirement and is subject to audit.

Can one person need both BPSS and BS7858?

Yes, and it is more common than many people realise. A security officer placed on a government contract is a clear example. They need BS7858 because of the nature of their role and BPSS because of the nature of the client. Both must be satisfied and evidenced separately. One does not stand in for the other.

What happens if I apply the wrong standard?

The consequences depend on context but they are rarely minor. In a government contracting situation, the wrong standard can put your contract at risk and result in your people being stood down while the gap is fixed. In an SIA audit, failing to meet BS7858 requirements can put your Approved Contractor Scheme status under review. In either case, the cost of fixing it afterwards is significantly higher than the cost of getting it right from the beginning.

Try Charlotte Yourself

The clearest way to understand what Charlotte can do on this topic, and on any of the 352 topics she covers, is to ask her a question yourself. The free demo is at https://demo.vettinghub.co.uk/charlotte-demo. No sign up required. Try it.

The full Vetting Hub subscription gives you Charlotte across all 352 topics, the 18 CPD certified vetting and screening courses built from real operational experience and the 22 digital compliance toolkits, from day one, for £79 per person per month. Everything your organisation needs to screen and vet people correctly, in one place, available from the moment you subscribe.