IT security consultants could soon join wheel-clampers and bouncers in having to apply for licences.

The UK government's Private Security Industry Bill proposes the creation of an authority to set standards of conduct and training for consultants, and to carry out inspections.

The Security Industry Authority would check a consultant's background for any criminal record before issuing a licence. It would also keep a public register, and establish a voluntary body of approved contractors.

The Bill will make it an offence to provide unlicensed security services, to break the conditions of the licence or to pretend to have one.

"On the face of it, it's a good idea," said Chris McNab, network security analyst at MIS Corporate Defence Solutions. "The problem with IT security is that it is unregulated."

The downside is that there are a large number of people in IT security who had previously been in trouble with the law but who now use their skills responsibly, he warned.

"We have long been in favour of voluntary registration but there needs to be debate so it is thought through," said Philip Virgo, strategic advisor to the Institute for the Management of Information Systems.

A Home Office spokeswoman said: "Certain serious offences will disbar people, but the authority will take into account the nature of any offence, when it happened and whether the circumstances of the individual will change. There will also be a right of appeal."

First published in Computing