scope:

An effective security culture requires the commitment of every colleague, whether they are an employee, non-permanent labour or contractor. Therefore, this document applies to everyone working at TfL, its subsidiaries and its contractors.

Purpose

In line with other organisations, TfL receives security advice from the National Protective Security Authority (NPSA), which is part of the Security Service and is the UK's National Technical Authority for physical and personnel protective security.

NPSA helps organisations understand the range of threats that we face, and what we can do to minimise risk through how we operate on a day-to-day basis.

NPSA have recently updated their definitions describing what an Insider Threat entails:-

Personnel security is the aspect of managing security risk that refers to a situation where employees or other workers could exploit their legitimate access to an organisation's assets; such as people, processes, information and technology for unauthorised purposes.

This document provides guidance on the process to follow should you become aware that a colleague is behaving in a manner which is a potential security concern, which is otherwise known as an 'Insider Threat'.

Note: This guidance is part of a pan-Transport for London (TfL) security improvement workstream.