External Staff Vetting Categories
UBS has three external staff categories (I, II & III) and prior to vetting checks commencing, the candidate should be assigned to a category. Once the staff category is identified, the applicable vetting checks can be selected. The criteria for each category is based on access to UBS premises and systems; the detailed information below will help determine the correct staff category.
Category I
This category means those external staff having
- a GPN or UBS Logon ID; AND
- access to UBS systems[1]/UBS valuables (e.g. treasury room); AND/OR
- access to UBS's confidential information
[1]UBS systems means any software, hardware, telecommunications or other systems or equipment owned by UBS or a UBS affiliate or licensed, leased or provided as a service by a third party to UBS or a UBS affiliate.
Category II
Supplier staff who are not captured in the UBS HR System (no GPN) but are involved in the provision of services and predefined goods to a UBS Group AG (inc. Credit Suisse) company. In this case, the suppliers are contractually bound to ensure proper access control and/or client-data confidentiality and complete background screening of these staff.
This category includes external staff with
- access to confidential / strictly confidential information, data or physical documents, AND
- no access to IT applications / systems / infrastructure (without UBS Logon) or sensitive infrastructure, AND
- may have limited access to UBS premises for facility management duties or construction work
Staff of this category
- have no UBS Logon
- are not registered in the UBS HR system and therefore do not have a GPN
- could have limited access to a UBS building via access control system (CH only)
Groups concerned are
- Professional services offsite and without UBS Logon (consultants, advisory, audit, legal, business process outsourcing, software as a service) with access to confidential / strictly confidential information
- Construction workers
- Event staff onsite or offsite
Suppliers who engage UBS category II staff are contractually bound to warrant that any and all such staff have completed background screening before providing services to UBS. For this category of staff, suppliers are not required to follow UBS staff vetting process as no onboarding on UBS system takes place. Background screening requirements may differ depending on the service provided to/roles performed for UBS.
Please note: If any person without a GPN requires access to a UBS building, this person must be escorted if in restricted/non-public UBS premises and will be considered as a visitor. Also, access cards will only be delivered to persons having an active GPN, which means that such staff would be category I or III.
Category III
This category includes external staff with
- unsupervised physical access to UBS premises, AND
- no access to UBS IT applications / systems / infrastructure (without UBS Logon) or sensitive infrastructure, AND
- no access to confidential / strictly confidential information, data or physical documents
Staff of this category
- must be registered in the UBS HR system and therefore must have a GPN
- have no UBS Logon
Groups concerned are
- Staff augmentation onsite, non-billable (supplier account manager without UBS Logon; badge holder)
- Managed services onsite and without UBS Logon
- Professional services without UBS Logon (facility management)
- Benefits services onsite (hair dressers / fitness trainers / dry-cleaning worker / massage services / physiotherapists / dentists / doctors / etc.)
- Business University trainers
Visitors
Generic definition for a visitor: An individual who does not require a GPN and/or full-time access to UBS premises. Visitors are not classified as external staff and in general, visitors are not vetted per se unless local requirements dictate otherwise (ID check or similar). Access to secure areas should be controlled and clients/visitors (non UBS GPN owners) must be escorted by UBS authorized staff at all times.