CHECK
|
|
| |
 |
|
as at 20 April 2006
The CHECK Service was devised to supplement IA services provided by
CESG. CHECK companies are currently permitted to work on systems processing
protectively marked information up to, and including, CONFIDENTIAL
(and also SECRET with CESG approval – see S(E)N 2006/04 for
details). CHECK companies, and all members of their CHECK team, shall
at all times comply with the performance criteria (as amended from
time to time) so as not to bring the service and CESG into disrepute.
The principles below are not intended to be a comprehensive list of
the principles of CHECK. Although they form the basis of the CHECK
Service, the CHECK contract and Service Provision Guidelines should
be consulted for greater detail. The CHECK contract shall take precedence
over this document if any issue of conflict occurs.
CHECK Membership
- All CHECK companies must be able to sign-up to English law.
- Any company accepted into CHECK must have performed IT Health
Checks (ITHCs) under the company name for a minimum of 12 months.
- If an application to join CHECK is rejected it cannot be resubmitted
within a 12 month period. The decision of the assessment panel
is final and there is no appeal process for new applicants.
- All team members must be British nationals (or as a minimum
hold dual British nationality) and be able to obtain and hold
an SC clearance.
- CESG will sponsor an SC clearance, if required. Security forms
must be returned by the requested deadline. GCHQ Personnel Security
section will not pursue clearances where security forms have not
been returned following two reminders to do so. Failure to comply
will therefore result in a clearance application being stopped.
Their decision is final.
- To be accepted as a CHECK team member each individual will have
worked on a number of ITHCs over a period of at least 1 year.
Updated information on all members of a CHECK team is required
annually as part of a company’s renewal process.
- If a member of a CHECK team transfers, it is the responsibility
of the importing CHECK company to verify the status of the individual’s
clearance.
- Membership is valid for a period of 1 year at a time. CHECK
companies must renew their membership by the required date, otherwise
membership will lapse. If membership lapses the company will no
longer be able to provide ITHC services under CHECK and will be
removed from the CESG web site.
- In order to undertake work under the terms and conditions of
CHECK, a Company must hold ‘Green Light’ status, which
is achieved by at least one individual of the CHECK team having
passed the standard Network and Operating Systems Assault Course
and thus having gained Team Leader status.
CHECK Service Assault Course
- In order to sit a CHECK Service Assault Course (CSAC) the candidate
must be a current member of a CHECK team and hold a minimum of
SC clearance.
- CSAC places will be allocated according to the priority system
as listed on the CHECK web pages.
- A pass is valid for a period of 3 years, so long as the Team
Leader remains with a CHECK company. It is the responsibility
of the CHECK Team Leader to ensure that the pass is renewed, if
required, by attending a CSAC within the said period.
- Candidates who fail the CSAC will not be eligible to sit a re-test
for at least 6 months.
- The marking of the CSAC will remain confidential to CESG. Candidates
who fail will be provided with comprehensive feedback. With the
exception of this all marking paperwork will be destroyed.
CHECK Assignments
- Any ITHC must be led by a Team Leader who is present on site
for the duration of the testing. For systems handling protectively
marked material at SECRET, it is highly recommended that customers
employ a minimum of 2 CHECK Team Leaders for an ITHC.
- The CHECK company should endeavour to notify CESG at least 5
working days before the commencement of each ITHC.
- A copy of the report, in line with the published reporting guidelines,
must be sent to CESG within 4 weeks of it being issued to the
customer.
|