Home > Your ideas > Submissions > Cleard Life Vetting Agency

Cleard Life Vetting Agency


Hello Glyn Davis and APS Review Panel

The Review Panel, in its deliberations, no doubt are considering the implications of changes to the operation of the Protective Security Policy Framework (PSPF) which came into effect at the beginning of this month but, noting that the Review Panel may not to have had the benefit of hearing from industry practitioners, yet, we want to offer some observations that may assist the APS Review Panel's perspectives.

The changes to the PSPF impose significant additional requirements with the inclusion of financial dimensions for ‘Baseline’ vetting and expanded pre-employment screening tests. The extension of financial history checking to the largest category of security clearances will generate an additional load on the resources of AGSVA and its industry partners, potentially adding further stress to the already challenging timeframes for concluding these processes by introducing additional data points to be assessed by the vetting officer. The revisions to Personnel Security element 12 (PERSEC 12): Eligibility and suitability of personnel now require employing entities to obtain assurance of a person’s suitability to access Australian Government resources (and compliance with a range of concomitant safeguards) as a pre-employment screening process. As the Principal of one of AGSVA’s most highly-rated Industry Vetting Panel members, I believe these changes – while vital to strengthening confidence in the integrity of the workforce delivering government services – will pose a range of challenges that require fresh thinking and innovative solutions.

I attach for Panel members’ consideration a copy of a newsletter – Vetting Vantage Point – that discusses a range of issues associated with implementing the recent PSPF changes and that points to some potential solutions, including the innovative application of leading-edge technologies. The approaches advocated in the newsletter directly address the PSPF implementation challenges without risking any dilution of standards: the Attorney General’s Adjudicative Guidelines are applied throughout.

I would welcome the opportunity to meet with you to expand on these trends.


Edward Barker

Cleard Life Vetting Agency | www.cleard.life | Ph 02-6171-4171 | Fx 02-6100-9483.

PDF icon Download (787.92 KB)
Automatic Transcription: 


“Is vetting 1 million citizens to stop 1,800 rogue users,
at a cost of $627m, necessary?”

Revisions to the Protective Security Policy Framework (PSPF) were activated this month, with important changes to

PSPF: 12 Eligibility and suitability of personnel” placing personnel security front and centre. Cyber security concerns

continue to feature strongly in public discourse: the community is concerned about how institutions, both public and

private, manage data, and those who manage data know that each breach brings greater costs1.

Integrity and confidence in the APS features strongly in current and future capability requirements of many Agencies.
Confidentiality and integrity are identified specifically in Corporate Plans as key strategic risk areas. As an AGSVA

Industry Vetting Panel (IVP) member processing around 8-10% of all PV clearances, we understand the need to ensure

that Commonwealth resources are kept safe. As suitability experts, who understand the Attorney General's

Adjudicative Guidelines better than most, we offer you our vantage point and on how these changes may have

significant implications

Personnel security and cyber security are intrinsically linked. IBM data2 shows that only 40% of data breaches originate

outside an organisation. Malicious intent by insiders account for more than 44% of breaches and more than 15% of

breaches are caused by inadvertent action: improved suitability screening can only improve these disturbing figures.

Source: IBM.

Data breach after data breach, is costing $2.4m per breach

The people you trust most could be planning the next big cyber attack on your company

-PAGE 1-

Let’s look at the PSPF changes

Change #1 Strengthening Baseline Clearances.

The Baseline Security Clearance is now expanded: financial history checks are now required for all clearance levels,
including Baseline:3

This is a significant validation and strengthening of this level’s clearance relevance, given that the 2015 independent

Review of Whole-of-Government Internal Regulation (Belcher Red Tape Review4) proposed scraping the Baseline

Clearance. As one of the Adjudicative Guideline’s “Factor Areas” is “Financial Considerations”, the inclusion of this

element at this level bolsters the number of data points to be assessed by the vetting officer. The requirement for

financial history records to be checked for Baseline clearances recognises the relationship between misdemeanour by

trusted insiders and the financial pressures of modern living. Enhanced screening of this factor in security clearances

will mitigate the risk posed by undisclosed adverse financial histories.



-PAGE 2-

The PSPF requires anyone who accesses Commonwealth systems to be screened for suitability5

The meaning of the term ‘suitability’ is laid out in the PSPF Adjudicative Guidelines called “Suitability Indicators” –
namely Honesty, Trustworthy, Tolerant, Maturity, Loyalty and Resilience (HTTMLR). The risk for the successful

implementation of this change is that agencies may seek to interpret the meaning of ‘suitable’ in sub-optimal ways

and, in the pursuit of efficiency, routinely outsource this additional assurance to their recruitment panels.


-PAGE 3-

The recruitment business model is conflicted, however. It asks Recruiters to deliver competence and talent.
Disqualifying candidates based on a background check or character is the antithesis of the recruitment model. Because

of this, some of the nation’s largest agencies just duplicate this process: they have the recruiter recommend candidates

who are ‘possibly’ suitable and then the agency does its own security / suitability checks.

In practice, the ‘security check department’ inside the agency often analyses a ‘black mark’ database check, such as

National Criminal History Check, which costs a little more than a few dollars. It’s official, often legislatively mandated

and therefore has some value. But its use as a standard of character, or to comply with suitability indicators (HTTMLR),
is fallacious. Even going a step further to include a Statutory Declaration which in effect says, “I declare that I am a

good person with good character” may have some deterrent value but offers little substantive assurance. Referee

checks about the candidate’s prior work performance may also have limited value since referees are commonly

nominated on an assumption of a broadly favourable commentary. The limited value offered by these approaches falls

short of the genuine, substantive assurances that the PSPF is articulating.

Scoping documents6 used in a recent Royal Commission, Researchers described the combination of a “Police Check +
Referee Check” as being 'futile' for safeguarding organisations. That is why the Sex Abuse RC Recommendations

included better and more rigorous initial and ongoing screening practices.

We live in a society that trades in trust. If what lies beneath a candidate's profile is never properly screened for

trustworthiness, then there remains a large mass of residual risk.

Let’s consider the practical implications

Should agencies or entities covered by the PSPF “use security clearances where they need additional assurance of

the suitability and integrity of personnel” as PSPF#12 now recommends?

Let’s examine a small number of agencies with requirements to engage either flexible workforces or allow systems

access by multiple external parties.

Australian Bureau of Statistics (ABS): The ABS has a temporary workforce of approximately 17,000 for its Census

collection activities; even with the growth in on-line completion of the Census, a large proportion of the ABS’
temporary workforce engages directly with citizens, including entering their properties, and conveying material

containing some of the most sensitive data gathered by the Australian Government. What would be the community’s

expectation of a minimum level of clearance for a representative of the ABS who they might allow into their homes?
A Baseline Clearance is surely the minimum.

Australian Electoral Commission (AEC): The AEC has approximately 75,000 temporary election workers charged with

servicing the most fundamental democratic entitlement, the right to vote. AEC temporary election workers have

access to records of up to 15.5 million Australian voters, and handle the ballot papers that reflect the will of the voters

in electing their government. What would be the voters’ expectations of a minimum level if clearance for someone

entrusted with those responsibilities? Even a Baseline Clearance would not offer assurance about freedom from

foreign interference but it would markedly enhance the current standards under which only 30% or so of the workforce

has any form of screening.


-PAGE 4-

Australia’s Digital Health Agency: The former privacy commissioner Malcolm Crompton7 said of digital health records

that they “will not be secure unless a widespread audit of every GP clinic in Australia is conducted. It may well be

military-grade [security] on the central servers of the My Health Record system [but] it’s demonstrably not military-
grade for all of those 900,000 practitioners.”

If the Australia Digital Health Agency, with its 900,000 users require access to Commonwealth systems to create, read,
update, delete sensitive personal information, then a Baseline Clearance should be considered a logical and

appropriate product that provides ‘additional assurances’ of the user’s suitability to access a commonwealth system.

Consider the financial impact on the Commonwealth and Taxpayer:
If the ABS orders Baseline Clearances x $637ea = $10m
If the AEC orders Baseline Clearances x $637ea = $44m
If the ADHA orders Baseline Clearances x $637ea = $573m Total = $627m

If you extrapolate this concept out to other Agencies and other programs of work, you can see how PERSEC is

conceivably a billion industry. However, to put that into perspective, the AGSVA’s Industry Vetting Panel, who process

up to 95% of clearances, has a budget of around $40million per year. This is about the same amount of money that

Queensland Train Drivers received – just for overtime - last year.

Cyber attacks rise in Australia's data breach numbers Cyber attacks rise in Australia's data breach numbers Health sector

continues to have most incidents. https://www.itnews.com.au/news/cyber-attacks-rise-in-australias-data-breach-numbers-

-PAGE 5-

As a nation, how willing are we, how prepared are we to strengthen PERSEC in order

to have safer, more secure and prosperous workplaces?

The 2018 ANAO Audit of AGSVA also revealed around 1:1131 Baseline cases are initially considered adverse and

awarded a WITHHOLD recommendation (a polite way to describe them is complex.)

As you can see from the above graphic, the higher the clearance level and the higher the number of people assessed

to be unsuitable. That is because we have incrementally more data points to analyse. Now that the Baseline Clearance

process has been beefed up to include finances, this 1:1131 ratio could easily become 1:500, which means that 1,800

trusted insiders accessing commonwealth resources are deemed unsuitable.

-PAGE 6-

Change #2 Pre-employment suitability occurs before employment is offered

The PSPF#12.C.1.6 also states that the pre-employment suitability screen should be done after the merit list is

complete, but before an employment contract is offered.

This change was advocated in the Journal of the Australian Institute of Professional Intelligence Officers Volume 25

Issue 2 (2017), in an article called “Breaking down barriers through proactive effective vetting management.”

But, can anyone imagine delivering a pre-employment suitability clearance, within

days, for potentially hundreds if not thousands of people?
The work that my team of security vetting officers do, to get to reach an adverse recommendation takes time to come

to, while remaining lawfully compliant. 1 in 4 complaints to the Human Right Commission being classified as Criminal

Record Discrimination.

-PAGE 7-

-PAGE 8-
Questions to consider:
Q. Does the Australian preemployment screening industry (including AGSVA) have capacity and


Quality: How is the consistency of suitability determinations being managed or controlled at the


Capable: Is the pre-employment industry capable of delivering PSPF-compliant suitability screening?

Throughput: Does the industry have the ability to process the volumes required to meet current and

future demand?

Timeliness: Can vetting / preemployment screening decisions be achieved inside the shortlisting


Q. With NDIS Suitability Clearance currently being developed, WWCC doing their own thing at the

State Level plus an “Aged Care Suitability Clearance” coming down the track (via the latest Royal

Commission), does coordination and standardisation need to be addressed pre-emptively in order to

limit inconsistent vetting practices and bring everyone back to the AG’s PSPF standards and

suitability indicators of HTTMLR?

Q. Have Entities/Agencies considered and budgeted for these pre-engagement and subsequent

annual check activities?

Q. Is outsourcing suitability assessments to recruitment agencies the appropriate method to resolve

the issue?

Q. Will the PSPF-defined suitability standards truly be practiced in reality? Do you want them to be?

Q. Can the AGSVA with their expertise in vetting and the PSPF, able to meet the demand outlined in

this report?

Q. Is the AGSVA willing and able to create new products that cater to its customer’s non-national

security / suitability clearance demands?

Q. Does the AGSVA have its hands full with national security clearances? (processing just 10,000

Baseline per year)

Q. Is there a void that can be filled by other vetting groups in the ‘non-national security vetting’

-PAGE 9-
Enter AI

What if there was a PSPF-compliant suitability clearance that claims

to be able to meet this demand head on?
We have developed the world’s first AI vetting platform. Designed by Australian intelligence, security, vetting and

suitability experts we have been able to streamline the suitability aspects of the pre-employment screen, without

duplicating Agency’s work (to establish identity).

We have demo'd 'Stephanie' in front of AGSVA, ASD and ASIO at a recent Crown Vetting All Staff Vetting Conference

on the Sunshine Coast and continue those discussions with our partners. The AGSVA is the Commonwealth's natural

channel and mechanism for vetting services. With our AI platform, we can augment and assist the AGSVA and

potentially other state-based vetting groups (eg. WWCC) to deliver capability and consistent standards at scale.

Importantly we can do this at a fraction of the cost of the official AGSVA Baseline clearance.

We are willing to discuss our vantage point further in a public hearing or in a private setting.

Author: Edward Barker

Founder, Cleard Life 02-6171 -4171

Principal, Crown Vetting 02-6111-2970

PO Box 1616, Tuggeranong, ACT, 2901

PO Box 617, Maroochydore, QLD, 4575

-PAGE 10-