Manage their security clearance
PER018
Managing a national security clearance holder includes monitoring any concerning behaviour, reporting and responding to security incidents involving them, managing their emergency access to information, assets, or work locations, and managing changes to their security clearance level.
You also need to understand what’s involved with reviewing, extending, sharing (leveraging), or transferring a clearance.
Monitor for concerning behaviour
If you’re managing a clearance holder, you must monitor their behaviour for any concerns to do with security, poor performance, or unacceptable conduct. Monitoring also means watching for any signs that could suggest the person is unreliable or susceptible to pressure. Pay particular attention if the clearance holder:
- is under 20 years old (their character is still forming)
- is unwilling to talk about matters, but is clearly unhappy
- has few friends and appears to be alienated from their colleagues.
A sense of perspective is required when considering these factors. And remember to act within your normal ‘duty of care’ responsibilities as a manager.
If you discover a behavioural issue, you must use your organisation’s tools and policies to identify, support, and manage the clearance holder through any resolution process.
Report and respond to security incidents
Effectively managing security incidents and investigations is a basic part of good security.
Your organisation must keep records of all:
- security infringements, including breaches of organisation policy and procedures that lead to a compromise of the national interest
- security breaches, such as an accidental or unintentional failure to observe the requirements for handling classified information or assets
- security violations, including a deliberate action that leads, or could lead, to a compromise of classified information, assets, or work locations.
Provide details of clearance holders security breaches to the NZSIS
If you think a clearance holder has breached security, your chief security officer (CSO) needs to assess the situation and identify the response, which may include advising the New Zealand Security Intelligence Service (NZSIS) or the Government Communications Security Bureau (GCSB).
Review for cause
A ‘review for cause’ is a review of a clearance holder when your organisation identifies security concerns that could affect their suitability to retain a clearance. The NZSIS carries out the review.
Your organisation can initiate a review for cause in response to any security concerns raised about a clearance holder.
Security concerns would normally relate to significant changes in the clearance holder’s personal circumstances, attitude, or behaviour.
Concerns about the clearance holder can come from:
- the clearance holder
- the clearance holder’s colleagues or supervisor(s)
- any other person who reasonably believes the clearance holder’s personal circumstances, attitude, or behaviour has changed.
Suspend access if necessary
If your organisation is investigating a clearance holder because of a security violation, your CSO should suspend their access to classified information, assets, or work locations until the investigation (which may include a review for cause) is complete.
Revoke a clearance if necessary
Regardless of any recommendation from a review for cause, your chief executive has the right to revoke a national security clearance if they consider the security concerns, breaches, or violations are too frequent or of a sufficiently serious nature.
More information
Manage emergency access to classified information, assets, or work locations
Sometimes an emergency may give rise to an urgent operational need for a clearance holder to access classified information, assets, or work locations above their clearance level. Your chief executive or their delegate can grant this. If the authority is delegated, it must be recorded in writing.
What ‘emergency access’ means
Emergency access means your organisation has confirmed an urgent and critical operational need for access to specific information, assets, or work locations and there is not enough time to complete vetting checks and grant a clearance at a higher level.
Emergency access must be:
- only to specified information, assets, or work locations required for the emergency
- only for the duration of the emergency
- governed by a very strict application of the need-to-know principle
- provided at no more than one level above a person’s current clearance*
- supervised by a manager with a suitable clearance.
Emergency access to sensitive compartment information (SCI) need to be approved by the GCSB.
*For example, if a clearance holder’s current clearance is CONFIDENTIAL, their manager (with a suitable clearance) may supervise them to view SECRET material while the emergency lasts.
Recording, briefing, and debriefing requirements
The manager must record that the emergency access has been granted and brief the clearance holder appropriately.
The clearance holder must acknowledge that their manager has briefed them before being granted access. Your organisation should record this acknowledgement in writing.
Your organisation must also debrief the clearance holder when the emergency ends.
Limits to using emergency access
You must not use emergency access to grant a clearance holder access:
- for administrative or management purposes (such as helping them gain a position)
- when they are on reassigned duties while waiting for a security vetting recommendation (including a reclassification)
- to classified information, assets, or work locations that carry an endorsement or compartmented marking.
You must not grant emergency access to information, assets, or work locations marked CONFIDENTIAL or higher to anyone who does not hold a clearance.
Manage changes to security clearance levels
Sometimes a clearance holder’s clearance level or status will change. Your organisation’s CSO must tell the NZSIS whenever a clearance is:
- granted or declined
- upgraded or downgraded
- suspended or renewed
- transferred or leveraged (shared with another organisation)
- extended
Review clearances after 5 years
A national security clearance expires after 5 years (or sooner if your organisation has granted it for a shorter term) or when the clearance holder leaves their employment.
The clearance holder’s manager is responsible for managing the process to ensure the clearance continues, even if the clearance level changes.
Renewing a clearance
To renew a clearance, your CSO must first assess the clearance holder’s ongoing suitability to hold a clearance. If the assessment result is positive, the CSO can submit a security vetting request to the NZSIS and they review the clearance.
Your CSO must have trust and confidence in the clearance holder’s ability to gain a favourable recommendation from the NZSIS before they submit a security vetting request. To make such an assessment, your CSO must exercise their own judgement and view all information available to them objectively.
Your organisation should initiate a renewal of a clearance by the NZSIS early enough to maintain continuity of the clearance unless the person:
- is no longer in a position requiring a clearance, or
- has left New Zealand Government employment.
Extend a clearance – example scenarios
Your organisation may extend a clearance for up to 6 months at a time, up to a total of 12 months.
The renewal process won’t be complete before the clearance expires
- Your clearance holder is in the process of getting their clearance renewed, but it doesn’t look like the renewal will come through before the clearance expires, so you extend the clearance for 6 months.
- Your clearance holder is deployed overseas so they can’t complete their renewal forms. They’re expected to return in 6 months, so you extend the clearance for 6 months. After 5 months, you realise the clearance holder won’t be returning soon and still can’t fill in their forms. You then extend their clearance for a further 6 months.
This clearance can’t be extended again because it has reached its maximum extension time of 12 months.
The clearance expires before the end of a contract
A clearance is due to expire but the clearance holder’s contract runs for 3 weeks beyond the expiry date. The clearance holder doesn’t need a clearance after their contract ends, so instead of renewing the clearance, you extend it for 1 month.
You want to extend a clearance for a second time
Your clearance holder has their clearance extended for 1 month by their sponsoring organisation. Later on, the sponsoring organisation extends the clearance for another 6 months. These two extensions add up to 7 months, so the organisation has 5 months left for any further extension(s) out of the 12-month total.
Rules to remember
Your organisation can only grant an extension before a clearance expires and if there are no qualifications on the clearance.
You must complete your own due diligence to ensure the clearance holder is suitable for having their clearance extended.
You must continue to manage the clearance holder throughout the duration of the extension.
If the clearance is shared with another organisation (leveraged), you must review the sharing arrangement before you extend the clearance. Once a clearance has been extended, you must notify the other organisation.
Share (leverage) a clearance
If your organisation is planning to work with or second a clearance holder sponsored by another organisation, you may be able to use that clearance instead of getting a new one.
This situation may arise when a clearance holder’s time is shared between organisations.
Both organisations need to consider whether the risks are acceptable before agreeing to a sharing arrangement.
For information about transferring a clearance, please see: Manage their departure.
Your joint responsibilities
If you agree to share a clearance, both organisations must:
- accept responsibility for sharing security concerns about the person
- agree on how you’ll manage the clearance and what you’ll each be responsible for
- inform each other about any changes in the clearance holder’s circumstances you become aware of
- ensure the clearance holder gets appropriate security briefings.
Sponsoring organisation’s responsibilities
- Get permission from the clearance holder before you share their personal information with the other organisation.
- If the original vetting recommendation for the clearance holder was routine, let the other organisation know that.
- If the original vetting recommendation was routine but came with information, qualifications, limitations, or adverse findings, share the original vetting recommendation with the other organisation.
- If you have any risk management plans in place for the clearance holder, share those plans with the other organisation.
- Notify NZSIS vetting that you are going to share a clearance and tell them who you’ll be sharing it with.
- If you cancel or suspend a clearance, you must also suspend or cancel the sharing arrangement.
- If a clearance expires, you must cancel the sharing arrangement.
- If you downgrade a clearance, you must notify the other organisation.
- If you transfer the clearance to another organisation, the new sponsoring organisation needs to review and confirm the sharing arrangement is still acceptable.
Managing sharing arrangements — example scenarios
A clearance holder has contracts with different organisations
A clearance holder has two contracts at the same time with different organisations and requires a clearance for each job.
The clearance holder works 1 day a week at Organisation A and 4 days a week at Organisation B.
The two organisations agree that Organisation B should be the sponsoring organisation and Organisation A will share the clearance for the 1 day a week they have the clearance holder working with them. Organisation A knows to let Organisation B know of any change in circumstance during the contract.
A clearance holder is going on a short-term secondment
Organisation A sponsors the clearance holder and agrees to a short-term secondment to Organisation B. Both organisations agree to share the clearance for the duration of the secondment.
When the secondment ends, Organisation A cancels the sharing arrangement.
When the person has a current clearance from another country
If you want to work with someone with a security clearance from Australia, Canada, the United Kingdom, or the USA, get in touch with the NZSIS security vetting team to discuss the situation.
Upgrade to a higher clearance level when necessary
If the tasks or duties of a job change to the extent that a clearance holder needs to have access to information, assets, or work locations classified at a higher level than their current clearance, they must undergo security vetting at that higher level.
Your organisation will need to:
- ensure that the holder is eligible to hold a clearance at the higher level
- request security vetting from the NZSIS
- have the holder’s higher clearance level granted by your chief executive once a recommendation is received from the NZSIS
- brief the holder on any new obligations associated with their higher clearance level
- agree a plan for managing concerns or requirements in the NZSIS’s vetting recommendation.
Downgrading to a lower clearance level when necessary
A clearance holder may move to a new role that requires a lower level of clearance. This could be a permanent or temporary move. Alternatively, your organisation may decide that a person should have a lower clearance level. In these cases, a manager needs to confirm whether the lower clearance level will affect the clearance holder’s employment agreement and how. Get HR or legal advice if you need it.
Later on, if you need the clearance holder to carry out duties at a higher clearance level, you can allow them to as long as:
- the initial vetting recommendation was at that higher level
- you are managing their clearance appropriately and there are no security concerns.
Withdraw access when a clearance is not granted, or until any review or appeal process is completed
See the following sections for more information on withdrawing access or handling review or appeal processes correctly.
Related links