Clean at Onboarding Isn’t Clean Today: Introducing Continuous Screening & Access Monitoring
You screened your people and vendors when they arrived. The sanctions lists didn’t stop moving. Here’s the new SecurePoint module that re-checks your roster every night — and turns a new match into one reviewable case instead of a surprise in your next assessment.
Most screening programs share the same quiet flaw: they are photographs of a moving target. An employee, contractor, or vendor gets checked once — at onboarding — and the result is filed away as if it were permanent. But restricted-party lists are not permanent. Designations land, ownership changes, and entities are added week after week. The party that was clean the day you screened them may not be clean today, and in most programs, nobody would know.
Enforcement keeps teaching this lesson the expensive way. We’ve written about it before — the $275M Adani settlement turned on counterparties whose status changed after the relationship began, and list hygiene cuts both ways: names come off lists too, and stale data burns review time on parties who are no longer designated. Point-in-time screening can’t see either direction of change.
The gap between “screened” and “screened lately”
Talk to compliance teams at defense contractors and regulated manufacturers and the same three problems come up:
- People and vendors get screened once at onboarding — then the lists change and nobody re-checks.
- Spreadsheet-driven periodic reviews are slow, inconsistent, and hard to evidence in an assessment.
- Alert floods get ignored; silence gets audited. Teams need one clear signal per run — not a firehose, and not a void.
That’s the gap Continuous Screening & Access Monitoring closes. It is live today as part of the SecurePoint platform, running on the same screening engine, the same adjudication workflow, and the same append-only audit infrastructure that already power visitor screening for regulated facilities.
What it does, in one sentence
It re-screens your employees, contractors, and vendors against OFAC SDN and consolidated sanctions data, the BIS Entity List, and other US restricted-party lists every night — and on demand — so a new match becomes a reviewable case and one clear alert, not a surprise in your next assessment.
How it works
Import your roster once
Upload a CSV or sync via the API. Every import is previewed before commit — you see exactly what will be created, updated, or left untouched. Re-uploads match existing records deterministically. Nothing is duplicated, and nothing is ever deleted.
Re-screen every night — and on demand
The scheduled screening engine re-checks every monitored employee, contractor, and vendor nightly. Need an answer now? "Rescreen now" runs the roster on demand from the dashboard.
A new match opens a case — for a person
Hits route into the same adjudication workflow as the rest of the platform. A reviewer decides, with a required reason code. The system never blocks or revokes access on its own.
One alert, evidence on demand
Exactly one digest email per run with hits — a clean run sends nothing, so alerts stay meaningful. Every run produces a dated, PII-safe report you can export for the file.
Built for regulated environments — on purpose
A monitoring tool that watches your own workforce has to be held to a higher standard than a typical SaaS feature. These properties aren’t marketing lines; they are constraints the module is built around:
- Human-reviewed decisions — no auto-block and no auto-clear anywhere in the module.
- Hits store a hash of the matched name, never the raw name. Alerts and exports carry counts and identifiers only.
- An append-only, PII-free audit timeline records every import, run, and decision.
- Fail-closed by design: unknown or errored entitlement state denies access, never grants it.
- Tenant-isolated like everything else on the platform — your roster and results are scoped to your organization.
The “no auto-block” rule deserves a special note, because it is the opposite of how this category is often pitched. Screening data is probabilistic; name matches have false positives. A system that automatically locks a person out of their badge or their building on a fuzzy name match doesn’t make you safer — it makes your compliance program the incident. In this module, software surfaces and documents; people decide.
Where it fits in your compliance program
No regulation names “nightly roster re-screening” as a control — and we won’t claim one does. What continuous screening gives you is the ongoing diligence, and the records, behind the requirements you do carry:
- It supports the personnel-security screening practices behind NIST SP 800-171 — PS.L2-3.9.1 expects individuals to be screened before accessing systems with CUI, and continuous re-screening keeps that diligence current instead of frozen at hire date.
- It functions as an internal control in an OFAC-style sanctions compliance program: screening, disposition with recorded rationale, and recordkeeping — the evidence of reasonable care.
- It produces the artifacts an assessor asks for: dated run reports, per-hit decisions with reason codes, and an append-only audit trail.
SecurePoint is a screening and decision-support tool. Compliance is a program you run; this module is one control inside it — and it is built to prove that control worked.
Pricing
Included in the Enterprise tier.
- Roster import and API sync
- Nightly + on-demand re-screening
- Hit adjudication with required reason codes
- One digest alert per run with hits
- PII-safe run report exports
- Monitored-subject limit per plan or contract
Frequently asked questions
Primary sources
- OFAC — Specially Designated Nationals (SDN) list
- BIS — Entity List
- NIST SP 800-171 Rev. 3 (personnel security family)
- OFAC — A Framework for OFAC Compliance Commitments
List coverage and regulatory status change over time — verify current status against the issuing agency. This article is general information, not legal advice.
See your roster the way an assessor will
Continuous Screening & Access Monitoring is live now. Bring a roster CSV to a demo and watch the first re-screen run against it.


