The failure of the UK’s security vetting provider to process applications on time has the potential to affect the government’s ability to conduct official business, including high-risk and high-profile projects, according to an investigation by the National Audit Office. This comes at a time when threats to the UK are considered to have increased in scale, diversity, and complexity.

National security vetting permits individuals access to government information, locations or equipment, depending on their level of clearance. In January 2017 a single vetting provider was established, United Kingdom Security Vetting (UKSV), to consider applications for staff including civil servants, contractors and specialists such as those in the armed forces. The three most common categories of vetting are Counter Terrorist Check (CTC), Security Check (SC) and Developed Vetting (DV), the latter allowing access to more sensitive assets.

By January 2018, concerns were being raised by government departments about significant delays in getting individuals vetted. The NAO’s investigation has found that the government’s decision to establish a single vetting provider was not supported by an assessment of the expected benefits, costs and risks. In 2016, UKSV’s programme board repeatedly rated risks associated with the merger of the previous two main providers of vetting services as high.

Despite an increase in the cost of staff to process cases, the number of cases waiting to be completed by UKSV increased continuously until August 2017. In February 2017 it began work to improve CTC and SC performance, but by July 2018 UKSV still had approximately 25,600 open cases. In an effort to reduce the growing number of open DV cases, the Government Security Board has agreed to temporary changes to the process, including postponing some DV renewal cases and allowing some interviews to be conducted over the phone.

UKSV did not meet all its targets for clearing CTC and SC cases within its target timeframe until January 2018, a year after being created; however it has continued to meet its targets since. It does not expect to meet its DV performance targets until at least December 2018 and has consistently failed to meet its targets for reviewing individuals who have already been vetted.

Resources needed by UKSV to process cases are costing more than the two vetting bodies that UKSV replaced. In December 2017, nearly a year after it was created, UKSV determined that it needed a total workforce of 595 to fulfil its role as a single vetting provider, but despite having the approval to increase staff, UKSV has never had more than 507 full-time staff. Resignations at UKSV have increased and it continues to rely on overtime, agency staff, and contracting retired former staff to fill vacant posts and process applications. In 2017-18 staff costs were £19 million, 17% more than the combined staff costs of the previous organisations in 2014-15. UKSV has not yet been able to recruit its required workforce despite efforts to do so.

The rise in the number of unprocessed cases followed the implementation of an IT upgrade, which was intended to create a single system to process applications. At one point following its introduction, nearly 8,500 files containing personal data were unreadable and 93% of automated checks against the police national computer failed. Officials had to re-process failed checks manually, reload files and recover data, and conduct additional assurance checks. Parts of UKSV continued to operate using a paper-based system until April 2018, when the IT upgrade was fully implemented.

Cabinet Office, which is responsible for vetting policy, recently estimated that delays to vetting have caused inefficiencies costing £17 million each year. Cabinet Office considers that the IT system is still experiencing issues with speed. In May 2018, it began developing a replacement system, which it plans to have in place by January 2020, alongside further reforms to national security vetting processes.

“Considering the pressures facing government, the last thing we need is a non-functioning vetting system. An effective system needs to be put in place urgently to ensure the government is able to use its staff effectively, giving them access to the right information, locations and equipment.”

 

Amyas Morse, the head of the NAO

Read the full report

Investigation into national security vetting

Notes for editors

1. Press notices and reports are available from the date of publication on the NAO website. Hard copies can be obtained by using the relevant links on our website. 2. The National Audit Office scrutinises public spending for Parliament and is independent of government. The Comptroller and Auditor General (C&AG), Sir Amyas Morse KCB, is an Officer of the House of Commons and leads the NAO, which employs some 785 people. The C&AG certifies the accounts of all government departments and many other public sector bodies. He has statutory authority to examine and report to Parliament on whether departments and the bodies they fund have used their resources efficiently, effectively, and with economy. Our studies evaluate the value for money of public spending, nationally and locally. Our recommendations and reports on good practice help government improve public services. Our work led to audited savings of £741 million in 2017. 3. Before 2017, most national security vetting within the UK was provided by two organisations: Defence Business Services National Security Vetting (DBS; part of the Ministry of Defence), and Foreign and Commonwealth Services National Security Vetting (FCOS; a trading fund of the Foreign and Commonwealth Office).  In 2015, Government’s National Security Strategy and Strategic Defence and Security Review announced that it would establish a single vetting provider based on the Ministry of Defence (MOD) model. 4. The Cabinet Office is responsible for vetting policy, and sets vetting standards that UKSV must follow. UKSV is responsible for delivering vetting services. As its parent department, the MOD is responsible for the performance and oversight of UKSV. 5. The £17 million annual estimated cost of the inefficiencies caused by delays in vetting is based on the Cabinet Office business case for reforms to national security vetting, which is yet to be formally approved. This is currently the only estimate available for the inefficiencies caused by NSVS. 6. Cabinet Office promoted the MOD model, as it believed that:
  • the MOD had the capability, and could readily scale the capacity;
  • the costs of security vetting could count towards the two per cent of gross domestic product defence spending target; and
  • the MOD's protected budget could assure funding will be available for vetting.
7. The most recent National Security Risk Assessment considers the threats faced by the UK to have increased in scale, diversity and complexity. 8. The Government Security Board, a collection of the main customers of vetting and the Cabinet Office, agreed UKSV could make some temporary changes to the DV process to help UKSV recover DV performance.