Compliance & accreditations
The standards we hold ourselves to.
What we screenThree standards.
Three standards.
One bureau.
BS7858, BPSS and PSA — fully managed end-to-end. We pick the third-party providers, we chase the references, we sign the certificates.
Standard · BSI 2019
Security industryBS7858
The British Standard for screening individuals working where the safety of people, goods or property is paramount.
What's included
✓
Identity verification (IDV)✓
5-year address history with gap reconciliation✓
5-year employment + education history✓
Two character references + two employment references✓
Credit & AML check (CreditSafe)✓
Self-declaration of unspent convictions✓
Secondary screener sign-offSecurity & data handlingPersonal data,
Personal data,
handled like it matters.
Passports, credit files, criminal disclosure, references — the most sensitive evidence a candidate has. We treat every byte like it could be ours.
01
UK-only data residency
All evidence stored in eu-west-2 (London). No cross-border transfer without explicit consent.
02
Encryption at rest + in transit
AES-256 at rest, TLS 1.3 in transit, document-level keys rotated every 30 days.
03
Per-check consent + revocation
Every check is opt-in, revocable, and logged in an immutable audit trail.
04
Redaction-aware reporting
Org reports show outcomes, not source documents. Auditors see what they need — nothing more.
05
Retention with purpose
Evidence purged 7 years after certificate issuance, per BS7858 retention guidance.
06
Penetration tested
External pentest annually. Bug bounty in place via HackerOne (private).
DPA & policies