A practical guide to compliance frameworks

Every organisation is required by law to carry out Right to Work (RTW) checks on their employees. However, for some businesses, a RTW check isn’t enough. Certain sectors (or roles) require more comprehensive checks to be completed before a candidate starts their role.

In this guide, we explain what candidate onboarding compliance frameworks are, explore why they’re important, what the common screening standards are, and outline the risks of getting them wrong. We’ll also show how Tifo Comply helps organisations manage their candidate screening and onboarding process with confidence.

What are compliance frameworks?

A compliance framework is a structured set of rules, checks, and evidence requirements used to assess candidates during onboarding. In practice, it defines:

• Which pre-employment checks are required
• What documents and evidence must be collected
• How information should be verified, stored, and audited

These frameworks are often set by government bodies, industry standards, or client contracts. They help ensure that only suitable and trustworthy candidates are placed into roles, especially those involving sensitive data, secure environments, or national infrastructure.

A clear compliance framework helps organisations:

• Reduce security, legal, and operational risk
• Meet regulatory and contractual obligations
• Pass audits with confidence
• Create a consistent, repeatable onboarding process
  

What are the common compliance frameworks?

Different industries and roles require different levels of screening. Below are three of the most common compliance frameworks used in the UK.

BPSS checks (Baseline Personnel Security Standard)

BPSS is the minimum level of screening for individuals working with, or on behalf of, the UK government. A BPSS check typically involves:

• Right to Work checks in the UK
• Identity verification
• Employment history checks (usually covering the last three years)
• Basic Criminal record checks for unspent convictions

BPSS screening helps ensure individuals are suitable to access government information, assets, and premises. It provides baseline assurance around identity, employment history, and criminality. For organisations in the public sector supply chain, BPSS compliance is often mandatory and forms the foundation for higher-level security checks.

CTC checks (Counter Terrorist Check)

A CTC is a higher level of vetting required for roles involving access to sensitive information, locations, or assets that could be targeted by terrorism. CTC checks build on BPSS screening and may include:

• All BPSS checks
• A detailed security questionnaire
• Checks against security and intelligence databases

CTC screening assesses whether an individual may be vulnerable to pressure, influence, or exploitation that could pose a national security risk.

These checks are commonly required in defence, transport, utilities, and other critical infrastructure sectors, where the consequences of a breach are significant.

BS7858 checks (security screening for secure environments)

BS7858 is a British Standard for screening people working in security-sensitive roles, such as guarding, surveillance, monitoring, or access control. BS7858 screening typically requires:

• Identity verification
• Right to Work checks
• A five-year employment history, including explanations for gaps
• Criminal record checks
• Character or professional references

Individuals working in secure environments are trusted with access to people, property, and systems. BS7858 screening helps ensure those individuals are reliable and suitable for positions of trust.

Many organisations must demonstrate BS7858 compliance to win or retain security-related contracts.

What are the consequences of getting a compliance check wrong?

Although compliance checks aren’t always required by law, so there might not be an automatic fine for failing to carry them out correctly, failing to meet the correct compliance framework can have serious implications for your organisation.

Common consequences include:

• Regulatory or contractual non-compliance
• Failed audits and operational delays
• Loss of client trust or termination of contracts
• Increased security and data protection risks
• Long-term reputational damage

Even small errors, such as missing documents, inconsistent checks, or outdated records can leave organisations exposed.

How Tifo Comply streamlines your candidate onboarding

Managing BPSS, CTC, and BS7858 checks doesn’t need to involve spreadsheets, email chasing, or manual tracking.

With over 50 different electronic ID and background checks, Tifo Comply streamlines your candidate screening and onboarding process. Our software automatically chases candidates and referees, so you don’t have to. And because all the documents are collected in one place, there’s no need for external emails, spreadsheets, multiple third-party platforms or complicated file structures. It delivers everything you’d expect from a modern, cloud-based system.

With Tifo Comply, you can:

• Reduce compliance admin by up to 50%
• Access real-time candidate progress tracking (See exactly where every candidate sits in their BPSS journey — no more inbox searching or status calls.)
• Integrate it seamlessly into your CRM for a consistent process across teams
• Receive automated reminders & SLA tracking
• Give clients visibility (if required) – (Provide secure client-level access to view onboarding progress and download audit reports — reducing update requests to your team.)
• Create bespoke compliance profiles tailored to roles, clients, or projects
• Collect and verify onboarding documents required for BPSS, CTC, BS7858, and other screening standards
• Adapt quickly as regulations, business needs, or client requirements change
• Maintain clear audit trails and create audit packs at the click of a button
• Automate employment history validation and capture full 3-year (or 5-year) employment history digitally. It also flags gaps automatically, and prompts candidates to complete missing information, removing back-and-forth emails.

Tifo is also ISO 27001 and Cyber Essentials Plus accredited, demonstrating our commitment to protecting sensitive candidate data throughout the onboarding process.

Confident, compliant onboarding

Compliance frameworks exist to protect organisations, clients, and candidates, but managing them shouldn’t slow your business down. Tifo Comply makes managing your compliance obligations easier and quicker than ever before. Compliance becomes part of a smooth, efficient onboarding experience, giving you peace of mind and more time to focus on growing your business.

To learn more about Tifo Comply ’s software solutions or to schedule a demo, email enquiries@tifo.team.