BS7858 Employer Responsibilities: Your Complete Checklist

In our BS7858 training guide yesterday, we covered the fundamentals of the BS7858 standard. Today, I want to get practical. After 18 years of training employers on BS7858 screening, I've seen brilliant organisations stumble not because they didn't understand the standard, but because they weren't entirely clear on what their actual responsibilities were.

Just last month, a facilities management company came to one of our coaching sessions convinced they were fully compliant. When we examined their practices, we found significant gaps in documentation, risk assessments, and record-keeping that would fail an audit.

The thing about BS7858 is that it's not just about ticking boxes. It's about taking genuine responsibility for the screening process from start to finish. Let me walk you through your actual responsibilities as an employer implementing BS7858.

Understanding Your Role in the BS7858 Process

First things first: when you adopt BS7858, you're not outsourcing responsibility to a screening provider. Even if you use a third-party screening company, you remain entirely responsible for the screening decisions and outcomes.

The screening provider gives you verified information, but you decide what that information means for your organisation. Your overarching responsibility is to establish and maintain a screening framework that meets BS7858 requirements whilst being appropriate for your organisation's specific risk profile.

Pre-Screening Responsibilities: Getting the Foundation Right

Before you start screening individuals, you've got important groundwork to establish. Your first responsibility is conducting proper risk assessments for each role. Not generic labels, but genuine analysis of what risks each position presents. What access will this person have? What damage could they do? What information will they handle?

You're responsible for establishing clear screening criteria before you start. What will you check? What verification methods will you use? What decision-making framework will guide you when results come back with issues? These decisions need documenting in your screening policy.

Creating and maintaining a comprehensive screening policy is non-negotiable. This policy needs to outline your entire approach, from risk assessment through to ongoing monitoring. It should cover who gets screened, what gets checked, how decisions are made, how records are kept, and what happens with exceptions.

You're also responsible for establishing proper consent mechanisms. Before you screen anyone, you need their informed, explicit consent. This means explaining what you'll check, why you're checking it, who will see the results, and how you'll store the information. We cover this extensively in our GDPR Training Course, because consent under GDPR has specific requirements that many employers get wrong.

During Screening: Managing the Process

Once screening is underway, your responsibilities shift to process management and quality control. You're responsible for ensuring that all required checks are actually completed to the standard you've set.

You must verify the identity of the person being screened properly. BS7858 has specific requirements here, typically meaning checking original documents in person and keeping copies, though digital identity verification methods may also be appropriate based on your risk assessment.

Employment history verification is your responsibility too. This means confirming all periods of employment or activity for the specified period, usually the past five years. Gaps need explaining and documenting.

Criminal record checks are obviously part of BS7858. If you're using DBS checks, you're responsible for requesting the appropriate level of check. However, you're entirely responsible for what you do with the results. A DBS certificate doesn't come with a "pass" or "fail" stamp. It provides information, and you must make a risk-based decision about what that information means for your specific role and organisation. Our Understanding DBS Checks course breaks down these responsibilities clearly.

Address verification and right to work checks are your responsibilities too. For right to work, there's no wiggle room – you must comply with Home Office requirements, and failure can result in civil penalties. We cover this in our Right to Work Checks & Legal Requirements course.

Throughout the screening process, you're responsible for maintaining confidentiality and data security. Screening information is particularly sensitive personal data under GDPR, and you must handle it accordingly.

Decision-Making: Your Most Critical Responsibility

When screening results come back, you're responsible for making fair, consistent, and defensible decisions based on those results. You need a clear decision-making framework that addresses how you'll weigh different issues, your approach to spent convictions, and how you consider the nature, seriousness, and relevance of any disclosed information.

Your decision-making must be proportionate to the role and the risk. A minor motoring offence is relevant to a driving job but probably not to a desk-based role. You need to think through these nuances and document your reasoning.

Consistency is crucial. If you reject one person for an issue but accept another with a similar issue in a similar role, you need to be able to explain why.

When issues arise, you're responsible for giving individuals the opportunity to explain. If a criminal record check reveals a conviction, the individual should have the chance to provide context before you make your decision.

Documentation: Proving You've Met Your Responsibilities

Proper documentation trips up even sophisticated organisations. You must keep proper records of your entire screening process and decisions. This isn't just good practice, it's a BS7858 requirement and a GDPR requirement.

You need to document what checks you conducted, when you conducted them, what the results were, what decision you made, and why. These records need to be secure, accessible to those who need them, and retained for an appropriate period.

Your documentation must demonstrate that you've obtained proper consent, complied with data protection requirements, and that your decisions were fair and proportionate. If you're ever audited, your documentation is your evidence.

Ongoing Responsibilities: Screening Isn't One-and-Done

Screening is not a one-time event. You have ongoing responsibilities once someone is cleared and working for you. You're responsible for implementing ongoing monitoring where appropriate. This might mean regular re-screening, continuous criminal record monitoring, or other arrangements depending on the role and risk.

You must also respond to new information appropriately. If you learn that an employee has been arrested, charged, or convicted during their employment, you have a responsibility to assess whether this affects their suitability for their role.

Training your staff is another ongoing responsibility. Anyone involved in your screening process needs proper training. We offer various training options, including our Pre-Employment Screening & Vetting Essentials course and our expert coaching sessions.

Your screening policy needs regular review and updating. Regulations change, your business changes, risks evolve. An annual review is sensible as a minimum.

When Things Go Wrong: Your Responsibilities in Problem Situations

Despite your best efforts, issues will arise. You must investigate thoroughly and fairly. If you suspect false information, you can't just immediately dismiss someone. You need to gather facts, give them opportunity to explain, and follow a proper process.

You're responsible for corrective action that's proportionate to the issue. Your response must fit the facts. You also have responsibilities around reporting in some circumstances. Depending on your sector, you might need to report certain findings to regulators or industry bodies.

Documentation becomes even more critical when problems arise. Everything you discover, every decision you make, every step you take needs recording.

Balancing Responsibilities with Proportionality

Your responsibilities must be balanced with proportionality. BS7858 requires a risk-based approach, not a blanket approach where everyone gets identical screening regardless of their role.

You're responsible for screening appropriately for each role, not for screening as heavily as possible in every situation. Over-screening wastes resources and invades privacy unnecessarily. Under-screening exposes you to risks you should have mitigated. Getting this balance right is a key responsibility.

Your Responsibilities Under Data Protection Law

Your screening activities are subject to GDPR and the Data Protection Act 2018. You must have a lawful basis for processing screening data, usually consent for prospective employees or legitimate interests for existing employees.

You're responsible for processing personal data fairly, lawfully, and transparently. This means clear privacy notices, proper consent processes, and honest communication. Data minimisation is your responsibility too – only collect information that's necessary.

Security of screening data is critical. This is highly sensitive personal data requiring technical security (encrypted storage, access controls) and organisational security (staff training, clear policies).

Individuals' rights under GDPR apply to screening data. People can request access to their screening information, request correction of inaccurate information, and in some circumstances request erasure. Our Data Protection Policies & Procedures course covers these responsibilities in detail.

Working with Screening Providers: Shared but Not Equal Responsibility

Most organisations use third-party screening providers, creating a shared responsibility situation that needs careful management. You remain ultimately responsible for screening decisions and outcomes, but your screening provider has responsibilities too.

You're responsible for choosing a reputable, competent screening provider. Do your due diligence. Check their accreditations, their processes, their data security, their track record.

You must establish clear agreements about what the provider will do and what you'll do. Who's verifying identity? Who's deciding what level of criminal record check is appropriate? Who's maintaining records?

When results come back, remember: the screening provider gives you verified information, but you make the employment decision.

Creating Your BS7858 Responsibility Framework

Start with comprehensive risk assessments of all your roles. Be honest and thorough about what risks each role presents. Develop a detailed screening policy that addresses all the responsibilities outlined in this article.

Create clear procedures that turn your policy into practical action. Establish a decision-making framework with clear criteria and guidelines. Set up proper training for everyone involved in screening.

Implement robust documentation and record-keeping systems. Build in regular review and audit processes. We walk through this process in detail in our Creating a Screening Policy & Framework course.

Tomorrow: Implementing BS7858 Step-by-Step

Understanding your responsibilities is crucial, but knowing how to actually implement BS7858 in practice is equally important. Tomorrow, in our step-by-step implementation guide, I'll walk you through exactly how to put all this into practice, from establishing your screening framework through to ongoing management.

We'll cover the practical details: what documents you need, what systems to set up, how to train your team, and how to ensure smooth operations day-to-day. If today's article was about what you're responsible for, tomorrow's is about how you actually deliver on those responsibilities.

For now, though, take stock of your current position. Are you meeting all these responsibilities? Do you have gaps in your framework? Are there areas where you're unsure of your obligations? These questions matter, because meeting your BS7858 responsibilities isn't just about compliance. It's about building a screening system that genuinely protects your organisation and treats individuals fairly.

And if you're feeling like you need more support, that's what we're here for. Our training courses provide detailed guidance on every aspect of BS7858 screening, and our coaching services offer personalised support tailored to your specific situation.

The burden of responsibility might seem heavy, but getting it right brings real benefits: better hires, stronger security, clearer processes, and the confidence that you're doing right by both your organisation and the people you screen. That's worth the effort.

Want to deepen your understanding of BS7858 screening and employer responsibilities? Explore our complete guide to employee screening and vetting training or book one of our expert coaching sessions for personalised guidance on implementing BS7858 in your organisation.