Skip to main content

Personnel Security › Contractor and Temporary Worker Security

Contractor and Temporary Worker Security

Contractors, consultants, and temporary workers are a fixture of modern business. They bring essential skills and flexibility, but they also introduce security risks that permanent employees do not. Contractors may work across multiple client organisations simultaneously, have weaker loyalty bonds, and are often granted access without the same level of vetting, monitoring, or offboarding rigour applied to permanent staff. Executives must ensure that third-party workers are subject to equivalent security controls throughout their engagement.

Key Risks

  • Reduced vetting. Agencies may not apply the same screening standards your organisation requires. Contractors may arrive on-site without criminal record checks, reference verification, or qualification confirmation.
  • Excessive access. To avoid delays, IT teams often grant contractors broad access that exceeds what their specific engagement requires. This access is rarely reviewed and frequently persists long after the engagement ends.
  • Multi-client exposure. Contractors who work for multiple organisations simultaneously may inadvertently or deliberately transfer sensitive information between clients.
  • Offboarding gaps. Contractor departures are often informal — they simply stop coming in. Without a formal offboarding trigger, their access may remain active indefinitely.

Controls for Third-Party Workers

  • Pre-engagement screening. Require contractors to undergo screening equivalent to the role they will perform. Include this requirement in your contracts with staffing agencies.
  • Defined access scope. Grant contractors only the access necessary for their specific engagement. Use time-limited accounts that expire automatically at the end of the contract period.
  • Separate identification. Issue contractors visually distinct identification badges so staff can easily identify non-permanent personnel in the building.
  • NDA and acceptable use. Require all contractors to sign non-disclosure agreements and your acceptable use policy before access is granted.
  • Formal offboarding. Include contractor departures in the same offboarding process used for permanent employees. Automate access expiry based on contract end dates.
  • Sponsor accountability. Assign a named internal sponsor for every contractor who is accountable for their access, conduct, and offboarding.

Action Steps:

  1. Review all active contractor accounts and confirm that access scope matches current engagement requirements.
  2. Implement automatic account expiry for all contractor accounts based on contract end dates.
  3. Update staffing agency contracts to require pre-engagement screening equivalent to your internal standards.

Quick Knowledge Check

  1. Why should contractor accounts have automatic expiry dates?
    Because contractor departures are often informal and may not trigger the standard offboarding process. Automatic expiry ensures that access is revoked even if no one remembers to request it, eliminating the risk of dormant contractor accounts.
  2. Why is a named internal sponsor important for contractor security?
    Because without clear accountability, contractor access decisions fall into gaps between teams. A named sponsor is responsible for ensuring appropriate access, monitoring conduct, and initiating offboarding when the engagement ends.