Workforce Screening and Background Check Procedure (OP-PROC-006)
1. Purpose
To outline the formal process for conducting mandated background checks on all candidates for employment to verify their qualifications and identify any potential security risks.
2. Scope
This procedure applies to all prospective employees, contractors, and temporary staff who are extended a contingent offer of employment or engagement with the company.
3. Overview
This procedure ensures that all individuals with access to company information and systems undergo appropriate screening before their employment begins. It describes the steps for obtaining consent, conducting the check through an approved third-party provider, and reviewing the results to make a final hiring decision.
4. Procedure
| Step | Who | What |
|---|---|---|
| 1 | Human Resources (HR) | Extends a contingent offer of employment to the selected candidate. The offer explicitly states that employment is conditional upon the successful completion of a background check. |
| 2 | Candidate | Receives the contingent offer and provides written consent for the company to conduct a background check via the approved third-party screening provider. |
| 3 | Third-Party Provider | Conducts the background check, which may include criminal history, employment verification, and education verification, in accordance with applicable laws. |
| 4 | Human Resources (HR) & Security Officer | Receive and review the background check report from the provider. |
| 5 | Human Resources (HR) & Security Officer | If the report contains adverse findings, they jointly review the findings to determine if they pose an unacceptable risk and would disqualify the candidate from employment. |
| 6 | Human Resources (HR) | If the check is passed, confirms the final offer of employment. If the check is not passed, follows legal mandates for adverse action. |
| 7 | Human Resources (HR) | Documents the completed background check in the candidate’s confidential personnel file. |
5. Standards Compliance
This section maps the procedure steps to specific controls from relevant information security standards.
| Procedure Step(s) | Standard/Framework | Control Reference |
|---|---|---|
| 1-7 | SOC 2 | CC2.1, CC2.2 |
| 1-7 | HIPAA Security Rule | 45 CFR § 164.308(a)(3)(i) |
6. Artifact(s)
A completed background check report and the candidate’s consent form, stored securely in the employee’s confidential HR file.
7. Definitions
Contingent Offer: An offer of employment that is dependent on the successful fulfillment of certain conditions, such as a background check or drug screening.
Adverse Findings: Information discovered during a background check that could negatively impact a hiring decision (e.g., a criminal conviction).
8. Responsibilities
| Role | Responsibility |
|---|---|
| Human Resources (HR) | Responsible for managing the overall background check process, including making offers, obtaining consent, and maintaining records. |
| Security Officer | Responsible for reviewing adverse findings in background checks to assess potential security risks. |
| Candidate | Responsible for providing consent for the background check and providing accurate information. |
| Third-Party Provider | Responsible for conducting the background check in a legally compliant manner and providing a report of the findings. |