The failure of the UK’s security vetting provider to process applications on time has the potential to affect the government’s ability to conduct official business, including high-risk and high-profile projects, according to an investigation by the National Audit Office. This comes at a time when threats to the UK are considered to have increased in scale, diversity, and complexity.
National security vetting permits individuals access to government information, locations or equipment, depending on their level of clearance. In January 2017 a single vetting provider was established, United Kingdom Security Vetting (UKSV), to consider applications for staff including civil servants, contractors and specialists such as those in the armed forces. The three most common categories of vetting are Counter Terrorist Check (CTC), Security Check (SC) and Developed Vetting (DV), the latter allowing access to more sensitive assets.
By January 2018, concerns were being raised by government departments about significant delays in getting individuals vetted. The NAO’s investigation has found that the government’s decision to establish a single vetting provider was not supported by an assessment of the expected benefits, costs and risks. In 2016, UKSV’s programme board repeatedly rated risks associated with the merger of the previous two main providers of vetting services as high.
Despite an increase in the cost of staff to process cases, the number of cases waiting to be completed by UKSV increased continuously until August 2017. In February 2017 it began work to improve CTC and SC performance, but by July 2018 UKSV still had approximately 25,600 open cases. In an effort to reduce the growing number of open DV cases, the Government Security Board has agreed to temporary changes to the process, including postponing some DV renewal cases and allowing some interviews to be conducted over the phone.
UKSV did not meet all its targets for clearing CTC and SC cases within its target timeframe until January 2018, a year after being created; however it has continued to meet its targets since. It does not expect to meet its DV performance targets until at least December 2018 and has consistently failed to meet its targets for reviewing individuals who have already been vetted.
Resources needed by UKSV to process cases are costing more than the two vetting bodies that UKSV replaced. In December 2017, nearly a year after it was created, UKSV determined that it needed a total workforce of 595 to fulfil its role as a single vetting provider, but despite having the approval to increase staff, UKSV has never had more than 507 full-time staff. Resignations at UKSV have increased and it continues to rely on overtime, agency staff, and contracting retired former staff to fill vacant posts and process applications. In 2017-18 staff costs were £19 million, 17% more than the combined staff costs of the previous organisations in 2014-15. UKSV has not yet been able to recruit its required workforce despite efforts to do so.
The rise in the number of unprocessed cases followed the implementation of an IT upgrade, which was intended to create a single system to process applications. At one point following its introduction, nearly 8,500 files containing personal data were unreadable and 93% of automated checks against the police national computer failed. Officials had to re-process failed checks manually, reload files and recover data, and conduct additional assurance checks. Parts of UKSV continued to operate using a paper-based system until April 2018, when the IT upgrade was fully implemented.
Cabinet Office, which is responsible for vetting policy, recently estimated that delays to vetting have caused inefficiencies costing £17 million each year. Cabinet Office considers that the IT system is still experiencing issues with speed. In May 2018, it began developing a replacement system, which it plans to have in place by January 2020, alongside further reforms to national security vetting processes.