PPPR-06

Do you perform background screenings or multi-state background checks on all employees prior to their first day of work?

Explanation

This question is asking whether your organization conducts background checks on employees before they start working. Background screenings typically include verification of criminal records, employment history, education credentials, and sometimes credit history. 'Multi-state' refers to checking records across multiple states, not just the employee's current state of residence. This question is included in security assessments because employees with access to sensitive systems or data represent a significant insider threat risk. Background checks help identify potential red flags in a candidate's history that might indicate higher security risks. For example, a history of fraud could be concerning for someone who will handle financial data, or a history of data theft could be problematic for someone with database access. When answering this question, you should be specific about: 1. Whether you conduct background checks at all 2. The timing (before employment begins) 3. Whether checks are performed on all employees or only certain roles 4. The scope of the checks (criminal, employment verification, education, etc.) 5. Whether the checks cover multiple states 6. If you use a third-party service for conducting these checks If you don't perform background checks on all employees, be honest but explain any compensating controls you have in place.

Example Responses

Example Response 1

Yes, our company performs comprehensive background screenings on all employees prior to their first day of work Our screening process includes multi-state criminal background checks, verification of employment history, education credential verification, and reference checks We partner with Sterling Background Check Services, a third-party provider, to ensure thorough and consistent screening The results of these checks must be satisfactorily completed and reviewed by our HR and Security teams before an employee's start date is confirmed For positions requiring access to highly sensitive data or systems, we conduct additional checks including credit history and more extensive criminal background investigations.

Example Response 2

Yes, we conduct background screenings on all employees before they begin work Our process includes criminal history checks across all states where the candidate has lived or worked in the past 7 years, employment verification for the past 5 years, education verification, and professional reference checks For employees in financial, executive, or IT security roles, we also perform credit checks and more extensive verification procedures Our HR department manages this process in partnership with HireRight, and any concerning findings are escalated to a review panel consisting of HR, Legal, and Security representatives We maintain detailed documentation of all background check results in our secure HR system.

Example Response 3

No, we do not currently perform background checks on all employees prior to their first day of work We only conduct background screenings for employees in roles with access to financial systems or customer data, which represents about 40% of our workforce For these positions, we verify criminal history in the candidate's current state of residence and check employment references We recognize this is a gap in our security practices, and we are in the process of implementing a more comprehensive background screening program that will cover all employees and include multi-state checks We expect this enhanced program to be in place within the next quarter In the meantime, we mitigate this risk through strict access controls, regular security awareness training, and a 90-day probationary period for all new hires.

Context

Tab: Organization
Category: Policies, Processes, and Procedures