BS7858 vs BPSS: Quick Comparison Guide for Employers

When we're training HR teams on security screening, one of the most common questions we hear is: "Do I need BS7858 or BPSS, or both?" After 18 years of helping employers get this right, we know the confusion is real. Both standards sound similar, both involve background checks, and both are essential in certain sectors. But they're designed for completely different purposes, and choosing the wrong one can leave your organisation exposed or wasting resources on unnecessary checks.

In our BS7858 training guide for UK employers, we covered the screening standard in detail. Today, we're putting both standards side by side so you can see exactly which one your organisation needs.

The Core Difference: What Each Standard Actually Protects

Here's the fundamental distinction that often gets missed in quick online searches: BS7858 protects physical security environments, whilst BPSS protects information security environments.

BS7858 was developed for roles where employees have access to restricted areas, handle valuable assets, or work in sensitive physical locations. Think security guards, event stewards, aviation ground staff, or anyone with keys to secure premises. The standard focuses on reliability and trustworthiness in physical security contexts.

BPSS (Baseline Personnel Security Standard) is a government standard designed specifically for anyone accessing government assets, information, or premises at a basic level. It's the foundation security clearance level in the UK government security vetting framework. If you're handling government information classified as "Official" or working on government contracts, BPSS is your starting point.

We had a client last month who runs both a private security firm and a separate IT consultancy doing government contract work. They assumed one screening standard would cover both businesses. It doesn't. The security firm needed BS7858 Screening Standard Course training for their guards, whilst the IT consultancy needed BPSS Security Screening Standard Course training for their developers. Two businesses, two completely different screening requirements.

What's Included: Component Breakdown

BS7858 Components

The BS7858 employer responsibilities we covered earlier this week include:

• Right to Work verification

• Five-year employment history with documented gaps

• Five-year address history

• Criminal record check (DBS or equivalent)

• Identity verification (using multiple documents)

• Two references (typically employer references)

• Credit check (in specific circumstances)

The employment history requirement is particularly thorough under BS7858. You need a complete, unbroken five-year timeline. If someone had three jobs during that period, you verify all three. If they were unemployed for six months, that gap must be documented and explained.

BPSS Components

BPSS requires four mandatory elements:

• Identity verification

• Right to Work check

• Employment history (typically three years, though this can vary)

• Criminal record check (unspent convictions only in most cases)

Notice what's different? BPSS doesn't routinely require credit checks or multiple references. The employment history is shorter (usually three years rather than five). The criminal record check focuses on unspent convictions, though this depends on the specific role and department requirements.

However, BPSS has one critical component BS7858 doesn't: verification must follow government standards precisely. Every check needs to meet specific Cabinet Office requirements, and there's no flexibility in the verification methods.

Training Tip from Graham and Vivianne Johnson:

The biggest mistake we see is employers thinking they can "upgrade" a BS7858 check to meet BPSS requirements by adding a few extra checks. It doesn't work that way. The verification methodologies are different, the documentation standards are different, and government departments won't accept BS7858 as equivalent to BPSS, even if you've done more checks. Start with the right standard from the beginning.

Who Needs Which Standard?

You Need BS7858 If:

• You employ security guards or door supervisors

• Your staff work in aviation security (ground crew, cargo handlers)

• You run an event security or stewarding company

• Employees have access to high-value goods or restricted areas

• You're in retail security or loss prevention

• Staff handle keys, access cards, or security systems

• You work in facilities management with security responsibilities

Many of these sectors have regulatory requirements specifically naming BS7858. The BS8406 Event Steward Standard Course builds on BS7858 principles for event-specific roles, whilst our Airside Screening Standard & GSAT Training Course addresses aviation security requirements.

You Need BPSS If:

• You hold government contracts

• Staff access government IT systems

• Employees work in government buildings

• You handle "Official" classified information

• You're a supplier to central government departments

• Staff work on defence contracts at basic level

• You provide services to local authorities requiring security clearance

BPSS is non-negotiable for government work. There's no "close enough" option. If the contract states BPSS, that's exactly what you need.

You Need Both If:

Some organisations genuinely need both standards. A facilities management company with government contracts might need BPSS for administrative staff accessing government systems, and BS7858 for security personnel controlling physical access.

We trained a large facilities management firm last year that had confused the two standards for three years. They'd been conducting BS7858 checks on everyone, including staff working on government contracts. When a government audit identified the discrepancy, they had to re-screen 47 employees to BPSS standards. The cost in time, resources, and contract risk was significant.

Implementation Differences

The step-by-step implementation process we detailed on Wednesday applies specifically to BS7858. BPSS implementation follows a different route because you're working within government frameworks.

BS7858 Implementation

You can implement BS7858 in-house or use accredited screening providers. The standard gives you flexibility in how you conduct checks, as long as you meet the core requirements. Many employers combine internal processes (like reference requests) with external providers for criminal record checks.

Our Creating a Screening Policy & Framework Course helps you build robust BS7858 processes that work for your organisation's specific needs.

BPSS Implementation

BPSS must be conducted following Cabinet Office guidelines precisely. There's less flexibility because you're meeting government security standards. Most organisations use accredited suppliers for BPSS checks, though some larger employers with government approval can conduct certain elements in-house.

The verification standards are stricter. For identity verification under BPSS, you need to follow specific document combinations and validation methods. Get it wrong, and government departments won't accept the clearance.

Cost and Timeline Comparison

BS7858 Costs

Typical BS7858 screening costs range from £50-150 per person, depending on which checks you include and whether you use external providers. The process usually takes 2-4 weeks, though common mistakes can extend this significantly.

You control many of the variables. Need to expedite reference checks? You can contact referees directly. Want to conduct address history verification in-house? You can develop that process.

BPSS Costs

BPSS screening typically costs £75-200 per person through accredited providers. Timeline is usually 2-3 weeks for straightforward cases, but government verification processes mean less control over timings.

You can't shortcut BPSS checks. If a government database takes five days to respond, you wait five days. This is particularly important when planning onboarding timelines for government contract staff.

Ongoing Compliance: Maintenance Requirements

BS7858 recommends periodic re-screening, typically every three years, though specific sectors may have different requirements. You set your own re-screening schedule based on risk assessment. Our Continuous Employee Background Checks & Monitoring Course covers best practices for ongoing compliance.

BPSS requires re-screening when certain events occur (gaps in employment, overseas travel, changes in circumstances) or at regular intervals determined by the employing department. Government departments may require annual reviews or re-verification every three years.

Data Protection and Record Keeping

Both standards must comply with GDPR, but the record-keeping requirements differ slightly.

For BS7858, you decide retention periods based on legitimate business needs and legal requirements. Most employers keep screening records for six years after employment ends, balancing legal obligations with data minimisation principles. Our GDPR Training Course covers these requirements in detail.

For BPSS, government guidance specifies certain record-keeping requirements, particularly for audit purposes. You need to demonstrate compliance with Cabinet Office standards, which may require keeping specific documentation for set periods.

The Data Protection Policies & Procedures UK Course helps you build compliant systems for both standards.

Common Confusion Scenarios We See in Training

"I need security clearance for my staff, so I need BS7858, right?"

Not necessarily. "Security clearance" in government contexts usually means BPSS or higher levels (Counter-Terrorist Check, Security Check, Developed Vetting). BS7858 isn't a security clearance in the government sense, it's a screening standard for commercial security roles.

"Can I use my employees' BS7858 checks to bid for government contracts?"

No. Government contracts requiring security clearance need BPSS as a minimum. You'll need to re-screen staff to BPSS standards. As we covered in common BS7858 mistakes, assuming one standard covers everything is a frequent and costly error.

"BPSS sounds simpler with fewer components. Should I just do that instead of BS7858?"

Only if you actually need BPSS for government work. BPSS without a government contract requirement is inappropriate because you're applying government security standards to a non-government context. Each standard exists for specific purposes. Use the one that matches your actual needs.

Making the Right Choice for Your Organisation

Start by asking these three questions:

1. Do you work with government? If yes, BPSS is required for relevant roles. If no, move to question two.

2. Do you provide physical security services or employ people with access to restricted areas? If yes, BS7858 is likely required or strongly recommended. If no, move to question three.

3. Do you need baseline screening for roles that don't fit either category? Consider developing screening processes based on risk assessment, potentially drawing elements from both standards as appropriate.

Our Pre-Employment Screening & Vetting Essentials Course helps you build screening programmes for any role, using risk-based approaches when BS7858 or BPSS don't directly apply.

What We're Covering Next Week

Next Monday, we're starting a deep dive into DBS checks training for UK employers. DBS checks form part of both BS7858 and BPSS screening, but they're complex enough to deserve detailed attention on their own. We'll cover which level of DBS check you actually need, common application mistakes, and how to make risk-based hiring decisions when checks reveal criminal records.

For now, if you're still uncertain which standard applies to your organisation, our BS7858 Screening Standard Course and BPSS Security Screening Standard Course both start by helping you determine applicability before moving into implementation details.

You can also explore our complete guide to employee screening and vetting training in the UK for the broader context of where these standards fit within your overall screening programme.

The key is understanding that BS7858 and BPSS aren't competing standards where you choose the "better" one. They're complementary standards designed for different purposes. Get the foundation right by choosing the correct standard for your actual requirements, and the rest of your screening programme will follow far more smoothly.

Graham and Vivianne Johnson have trained thousands of UK employers on screening and vetting compliance over 18 years. For more guidance on building effective screening programmes, visit VH Courses or email sales@vhcourses.com.