Automated and enhanced background screening for the Water Supply Sector

The water sector plays a critical role in society’s essential infrastructure. The sector is responsible for the abstraction, treatment, distribution, and monitoring of drinking water and is therefore directly linked to public health, security of supply, and overall societal preparedness. Disruptions to the water supply—whether caused by technical failures, human actions, or deliberate sabotage—can have serious and far‑reaching consequences. With the increasing digitalisation of water supply facilities and control systems, including OT and SCADA environments, the sector has increasingly become a target for cyberattacks, hybrid threats, and insider‑related incidents. International and European examples demonstrate that water utilities are increasingly exposed to attacks aimed at disrupting operations, manipulating process parameters, or undermining trust in the water supply. The NIS2 and CER Directives impose enhanced requirements on critical entities, including the management of personnel security, access control, and ongoing monitoring of employees and suppliers with access to critical facilities, systems, and information. This results in increased requirements for how water utilities document and follow up on background screening—particularly for operational staff, technicians, external contractors, and employees with access to IT systems, SCADA solutions, and key administrative roles. P‑Secure manages the entire process digitally—from initial employment or contract conclusion to ongoing re‑screening—with full traceability and in compliance with the GDPR.

Book a demo

Compliance challenges in the Water Supply Sector

Within the water supply sector, critical entities must ensure that employees, suppliers, and business partners across operational organisations and supply chains undergo relevant and documented background checks. At the same time, the documentation must be up to date, consistent, and readily available as accurate, traceable, and audit‑ready evidence for authorities, supervisory bodies, and internal controls.

In practice, this can create compliance challenges, as a relatively large number of individuals may permanently or periodically work in and/or with critical entities. This can delay recruitment processes and lead to significant administrative burdens if background screening is not carried out with a high degree of system support.

At the same time, current threat assessments show that many attacks exploit legitimate access—for example through compromised user accounts, supplier access, or insufficient overview of who has access to which systems.

Proven by our clients

No items found.
Useful features for water utilities

P‑Secure automates and standardises key elements of the background screening process and adapts them to the needs of the water sector. Automation ensures that background checks are conducted consistently and on time, reduces the risk of human error, and significantly lowers the administrative workload. At the same time, it strengthens the water utility’s resilience against insider threats and misuse of authorised access—both well‑known attack vectors in the sector. The solution supports, among other things:

ID and CV check

Verification of identity, CV checks and employment history, including periods of non‑employment

Criminal history check

Automatic check of criminal records

Re-check

Ongoing re‑screening and follow‑up in the event of changes in roles or access rights

Heading missing

Supply‑chain management, including documentation and audit

Regulatory requirements and P‑Secure’s recommendations

At present, there are limited sector‑specific regulatory requirements for personnel screening within critical entities in the water sector. However, both EU regulation and supervisory practice point towards heightened expectations in light of the current threat landscape.

Requirements:

  • Identity verification (CER Directive)
  • Criminal record certificate (CER Directive)
Security clearance

Where roles require a security clearance, P‑Secure recommends conducting background checks aligned with the criteria for a security clearance in the period leading up to the completion of the formal security clearance process.

In addition, with reference to practices from, among others, the energy and utility sectors, PSecure recommends background screening covering the following categories:

  • Personal data
  • CV checks—typically at least five years back, including documentation of gaps
  • Education
  • Residence and work permits
  • Residence abroad exceeding six months (past five years)
  • Professional roles and positions of trust
  • Photo ID (passport and/or driving licence)

This provides an overall, risk‑based decision foundation that can be adapted to permanent employees, new hires, temporary staff, and suppliers—particularly for roles with access to critical facilities, control systems, and data.

NIS2 and CER

P‑Secure supports compliance with the NIS2 Directive on security of network and information systems and the CER Directive on the resilience of critical entities. Both directives impose strengthened requirements on how water utilities identify, manage, and document risks related to technical, physical, and human threats.

The directives emphasise a holistic and risk‑based approach to security, where personnel, the supply chain, and access management constitute key components in protecting against sabotage, cyberattacks, and operational disruptions.

With P‑Secure, water utilities gain a single solution that integrates personnel processes, risk management, and compliance.

The need for modern background screening

Implement automated and compliant background checks

Requirements for security, documentation, and resilience in the water sector continue to increase, and it is expected that the environmental authorities will further clarify regulatory expectations. At the same time, recent incidents demonstrate that even limited attacks or human errors can have significant consequences for operations and supply. Organisations that continue to manage background screening manually or in fragmented ways therefore face an increased risk.

Benefits of automated background screening:

  • Reduces administrative workload
  • Shortens time‑to‑hire
  • Increases transparency and consistency
  • Strengthens audit readiness, internal controls, and preparedness
  • Ensures ongoing compliance
  • Can be applied across both employees and the entire supply chain

Continuous compliance

More than a background check

P‑Secure is not merely a tool for one‑off background checks, but a platform for continuous compliance:

  • Ensures compliance with NIS2, CER, and relevant national requirements
  • Consolidates all documentation in one place—ready for audit and supervision
  • Supports risk‑based re‑screening and access management
  • Ensures compliance with the GDPR

Industry insights and news

Dive into the latest security industry insights, regulatory updates, and P-Secure news shaping the future of compliant background screening.

No items found.

Secure your workspace today

Book a Demo
Talk to Sales
Navigation
PricingAboutInsightsContactFAQ'sRelease NotesPrivacy PolicyCookie NoticeSSO-Login Guide
Industries
Aviation & Air Transport
Energy
Defense Industry
Telecommunications
Transport & Logistics
Finance
Research
Public Authorities
Retail
Safety & Preparedness
Healthcare
Water Supply
Wastewater
Solutions
ScreeningFeaturesCompliance
Solutions
Extra background checksCourses
Find us
Strandvejen 100, 2900 Hellerup
CVR: 43151517 | EAN: 1653905
info@p-secure.com
Follow us
LinkedIn
Facebook
ISAE Certified
Backed by Industry Leaders