Platform
Sixteen modules. One signed record. Zero spreadsheets.
Configurable to your roles, clearance levels and the regulators you answer to. Run a single site as a pilot, then roll out to the estate — and on to the trusted partners in your supply chain.
01 · Personnel registry
One profile per person. Built for cleared workforces.
A searchable, filterable directory of employees and contractors, with the structure UK Defence and CNI organisations actually need.
Rich profiles
Identity, employment, nationality, vetting summary, photo. Everything tied to one person, one record.
Employees and contractors
Native distinction with the contractor 12-month rolling pass rule baked in. No special cases bolted on.
Multi-employment
Overlapping roles tracked as separate employments — common for cleared contractors and visiting staff.
Linked accounts
Bind to M365 or LDAP-AD identities. Authentication and group membership flow through to roles.
Field-level permissions
Vetting officers, security supervisors, line managers — each sees and edits exactly what their role allows.
Change requests
Sensitive fields like photos route through an approval workflow. Every change auditable, none silent.
02 · Security vetting
BPSS, CTC, SC, DV, eDV — first-class.
SignetAssure manages the data, workflows and evidence behind personnel vetting. Clearance decisions remain with your approved vetting authority — the platform supports and enforces, it doesn’t replace.
Full lifecycle case management
Create, progress and close vetting cases with stage tracking. Approve, reject, withdraw — all owned by the vetting officer, with a full audit trail behind every decision.
Parent / child renewals
Link renewals to their predecessor cases so history is preserved across years and clearance levels.
Renewal reminders
Configurable days-before-expiry triggers. The right people get the right nudge before anything lapses.
Externally held vetting
Track clearances held elsewhere with re-verification deadlines and a dedicated overdue dashboard.
NSV submission tracking
Submission state and overdue dashboards keep NSV submission work moving and nothing forgotten.
Self-service
Individuals view their own clearance status and request renewal. The vetting officer stays in control.
Dashboards include: active clearances by type and site, expiry timelines (30/60/90/180), in-progress stage breakdown and externally held summary.
03 · CredoID physical access
The deepest CredoID integration on the market.
Bi-directional sync
Push personnel: create, update, disable, remove. Scheduled background sync with a fully configurable interval.
Access profiles
Named bundles of CredoID access levels, assigned automatically on sync. Define once, reuse across the estate.
Access levels with enforced start & end times
Each access level grant carries an exact start date and end date. The system enforces them — levels activate and expire automatically, with no manual follow-up. Temporary access, visitor windows, phased onboarding — all visible, all enforced, all logged. Most access control systems can’t do this per-person. SignetAssure can.
Grant audit trail
Who added the grant, when, status (active, upcoming, expired, removed). No more orphan permissions.
Unapproved access removal
Any CredoID access level not sanctioned in SignetAssure is detected, removed and logged automatically.
Inactivity enforcement
Disable and removal dates calculated from last pass use (or first push if never used), capped at clearance expiry.
04 · Site pass management
A pass that knows when it’s time is up.
Expiry basis
Vetting-to date, employment end, contractor 12-month rolling — the right rule applied to the right person.
Vetting officer extensions
Direct extension by the vetting officer; line-manager-approved requests for individuals.
Employment end warnings
Amber and red banners surface ending employment to vetting and security teams in advance, not after.
05 · Travel authorisation
Foreign travel, with country risk attached.
Request & approval
Individuals submit foreign travel requests via self-service; approvals routed to the right officer.
Country risk classification
Risk surfaced at submission and approval. Decisions made with context, not in the dark.
Per-person travel history
A complete record per individual, exportable on demand for audit, security review or briefing.
06 · Parking management
Zones, capacity, overrides and appeals.
Zone-based
Per-zone capacity, advance booking with configurable days-ahead windows, and a self-service flow.
Zone overrides
VIP and event reservations without breaking the booking system everyone else uses.
Violations & appeals
Recorded violations with a type catalogue and a tracked appeal workflow. Dashboard for utilisation by zone.
07 · Emergency communications
Reach the right group, the moment it matters.
Group-based SMS broadcast
Configurable emergency groups with manual and auto-membership rules. Send fast, send accurately.
Two-way keyword response
Track inbound replies by keyword. Know who’s safe, who’s en route and who needs help.
Delivery receipts & cost
Notification history with delivery receipts and cost-per-message tracking baked in.
WhatsApp templated business messaging available where it suits the audience.
08 · Security appraisals (SAF)
Stay on top of every appraisal cycle.
Schedule & track
Schedule SAFs against people and roles. Stage-based workflow keeps each appraisal moving.
Upcoming & overdue
A single dashboard shows what’s coming up, what’s late and who owns it.
09 · MyInfo self-service
Empowering, without ever oversharing.
Own clearances & access
Each person sees their clearances, renewal requests and granted access levels — and nothing else.
Site pass status card
Last used, disable date, removal date — with urgency colouring so individuals act before security has to.
Vehicles & parking
Vehicle registration management and parking booking, all in the same self-service portal.
Travel & mobile
Submit travel requests, update mobile numbers, manage home building / location — without raising a ticket.
Photo & renewals
Photo updates flow through the change-request workflow; profile clearance renewals can be requested directly.
10 · Administration
Configurable by design.
Role mapping
Map M365 or LDAP groups to SignetAssure capabilities. Identity stays where it lives; access flows from it.
System variables
Renewal reminder days, inactivity thresholds, parking advance booking, SMS cost — all admin-configurable.
Access profiles & levels
Define profiles, manage the access level catalogue and bind clearance requirements to levels.
Locations & companies
Three-level location hierarchy (Region → Site → Building) and employer companies, mapped to CredoID.
System-wide audit
Every event, every actor, every change. Searchable, filterable, exportable.
Change & approval queues
Review and approve field-level change requests, vetting templates and area-owner access approvals from one place.
11 · Incident management
Every incident owned, investigated and closed.
Incident log
Record security incidents, violations and suspicious contacts with classification, subjects, timeline and outcomes — all in one auditable place.
Investigation workflow
Stage-based progress from report through investigation to closure. DSO-reportable outputs at each milestone.
Subject linkage
Link incidents directly to personnel records. A complete picture of involvement across the estate, visible only to authorised roles.
Disciplinary actions
Record outcomes, sanctions and dates against incidents. The full paper trail in one auditable location.
Insider threat register
Flag persons of concern with a controlled, auditable record visible only to roles with the explicit need to know.
12 · Training & briefings
Nobody lapses. Nobody is forgotten.
Briefing register
Track completion of security briefings — initial, periodic and clearance-specific — per person, with a full date history.
Expiry reminders
Configurable lead times trigger reminders before briefings lapse. Dashboard shows who is due and who is overdue.
Certificate upload
Individuals upload training evidence via self-service. Vetting officers validate and record completion.
Clearance-level requirements
Define mandatory briefings per clearance level and let the platform surface gaps automatically.
13 · Classified assets
Documents and objects accounted for, from registration to disposal.
Document register
Classified document records with classification level, custodian, location, copy number and review date.
Physical object tracking
Track classified equipment, prototypes and physical assets from registration through transfer, audit and disposal.
Chain of custody
Log every movement, transfer, loan and return with a signed, date-stamped audit trail.
Custodian assignment
Assign and reassign custodians with date-stamped records. Alerts fire on overdue check-ins before gaps appear.
Destruction records
Record and witness destruction events with the required authorisation chain and witness signatures.
Inventory schedule
Schedule regular audits, track compliance and surface overdue reviews from a single dashboard.
14 · Reporting & dashboards
Every metric your DSO needs, without a spreadsheet.
Executive dashboard
Estate-wide clearance health, incident rate, access anomalies and training compliance in a single configurable view.
Clearance expiry timeline
30/60/90/180-day views by site, role or clearance level. No surprises on audit day.
Access anomaly reports
Highlight unapproved access, inactivity overshoot and orphan permissions before they become findings.
Incident trend analysis
Frequency, type and resolution time over configurable periods. Supports trend reporting to the DSO.
Training compliance
Per-person and per-team briefing status with completion rates, overdue counts and expiry forecasts.
Exportable & schedulable
Every report exportable to PDF or CSV. Key reports schedulable to land in the right inbox automatically.
15 · Supplier control
Suppliers, SALs, visits and certs — controlled and current.
Manage every supplier on your estate end-to-end. Issue Security Aspects Letters, schedule and record visits, track Cyber Essentials and CE+ certs, run the risk register, store the documents — all against the supplier they belong to, with a per-supplier change log.
SAL tracking
Issue and progress Security Aspects Letters. Only one active SAL per supplier; the platform auto-supersedes the old one when you issue the next.
Visit scheduling
Plan, conduct and document supplier visits. Visit reports and supporting documents are linked to the visit and the supplier.
Cyber Essentials & CE+
CE and CE+ certificate numbers, issue and expiry dates per supplier. Active certificates supersede the old one automatically; expiries surface before they become a problem.
Risk register
Supplier-level risks with treatment, review date and a clear owner. The risk picture, per supplier and across the estate.
Hardened document store
SALs, certs, visit reports, evidence packs. Server-side hardened uploads with allow-listed types, MIME validation and a 50 MiB cap. No misnamed executables.
Change log per supplier
Every audited field change recorded with actor, timestamp, before and after. Parent/child supplier hierarchy for contracted-to relationships.
16 · Cross-organisation vetting sharing
Vetting that travels with the person.
When the primes and tier-1s in your supply chain all run SignetAssure, clearance state flows end-to-end. Trusted partner organisations verify vetting through a scoped, rate-limited API — and both sides keep a signed audit. No PDFs. No re-keying. No quiet drift.
Partner site registry
Register every trusted peer deployment. Status (active / paused / revoked), contact, public key, audit slice — all on one page.
Encrypted outbound credentials
Bearer secrets issued to you by partner sites are encrypted at rest. Plaintext is never written to disk and never returned by the API after issue.
Scoped inbound keys
Mint keys with explicit vetting:read or vetting:return scopes. Optional IP allow-list per key. Rate-limited per minute. Revocable in one click.
Lookup endpoint
Name + date of birth in; clearance level, status, validity window and issuing authority out. Address, NI number, line manager — never shared.
Vetting return endpoint
Partners running vetting on your behalf post the outcome back into the case. On a cleared result the state mirrors onto the person automatically.
Bi-directional signed audit
Inbound and outbound calls written to one append-only log. Per-person disclosure trail combines API audit with manual disclosures.
Soft-revoke
Revoking a partner site deactivates every inbound key and outbound credential bound to it in one operation. No orphan trust.
Disclosure trail
Every partner-driven access to an individual’s record appears alongside manual disclosures on their profile. One paper trail, two sides.
Multi-instance ready
Designed for deployment at primes, tier-1s, tier-2s and CNI partners. Each instance independent, sovereign and individually configurable.
Ready in days, not quarters