PEO-01: Background Checks
Objective
Reduce insider threat risk through pre-employment screening.
Description
Background checks are conducted on all employees before hire. Checks are appropriate for role and comply with local laws. Contractors with access to sensitive data also undergo checks.
Implementation Details
All Employees: Criminal background check conducted by third-party service before start date. Education and employment verification.
Sensitive Roles: Finance and security roles undergo credit check and additional screening.
International: Background checks comply with local laws (GDPR consent in EU).
Contractors: Contractors with production access or handling customer data undergo same background check as employees.
Examples
- 100% of employees hired in 2024 completed background check before start date
- Background check vendor provides compliant checks in US, EU, Canada
- Contractor with production database access required to pass background check
- Failed background check resulted in offer rescission per policy
Audit Evidence
- Background check policy
- Background check completion records for all employees
- Vendor agreement with background check provider
- Contractor screening documentation
Framework Mapping
SOC 2
- CC1.4 ^[Pre-employment screening demonstrates commitment to hiring personnel with appropriate competence and integrity]
GDPR
- Article 32 ^[Background checks are organizational measures ensuring trustworthy personnel handle personal data]
Referenced By
This section is automatically generated by make generate-backlinks. Do not edit manually.
Processes: