Security vetting is a part of SOA’s preventative work aiming to strengthen security of organizations, namely prevent individuals with security impediments from coming into contact with confidential information or from gaining work positions where they could inflict damage towards Croatian security or interests.
A security vetting is a procedure in which the competent authorities ascertain the existence of security impediments for natural and legal persons. The procedure is conducted by responsible security-intelligence agencies. SOA conducts all vetting of individuals in the civilian sector.
Security vetting is performed on a daily basis, in all regional centers and within SOA HQ itself.
Security vetting is conducted in accordance with NATO and EU standards regarding means of collection and type of data collected, and in their use and availability.
Considering that security vetting procedures also infringe on private data, a transparent data check procedure of citizens has been provided by the Security Vetting Act.
There are three types of security vetting:
security vetting for access to classified information,
basic security vetting,
security vetting aimed at the security of protected persons and objects.
Security vetting for access to classified information is conducted for individuals who are required at their work places access to classified information above the „Restricted“ secrecy level and for legal persons that enter classified contracts above the „Restricted“ secrecy level with state and other bodies. Requests to carry out security vetting for access to classified information are submitted to SOA by UVNS. Furthermore, UVNS issues security clearance certificate to persons having access to classified information.
Basic security vetting is made for persons appointed to specific functions, persons appointed to leading state functions, persons being accepted for work or who are already working in bodies significant for national security and other. SOA performs basic security vetting at the request of a competent authority (for instance, the state body where the vetted person will be appointed to a function or employed).
Security vetting of legal entities is conducted in order to gain certificates of business security, and amongst other, includes checks of ownership, its structure, checks of business dealings and financial obligations, security vetting of owners and entity employees and other information that may influence business security. A request to conduct a security vetting for a legal entity is submitted to SOA by the UVNS.
Security impediments appearing in security vetting for access to classified information include untruthful data entry in the vetting questionnaire, factors classified as obstacles for entry to state service, punitive sanctions and other factors which are basis for suspicion on the trustworthiness or reliability for a person’s access to classified data.
In basic security vetting, security impediments are factors that indicate misuse or an existing risk of misuse of the work place or function, rights or authority to the detriment of Croatia’s national security or interests.
Security impediments appearing in security vetting for protection of VIP’s and objects are factors that indicate security risk.
Assessment of the existence of security impediments is made by the body which had requested the security vetting and is based on the results of the report that SOA submits upon completion of the procedure.