ISO 27001:2022 A 6.1 Screening

Audio version of the article

Advertisements

Appropriate background verification checks — also known as “screening” or “clearance” — for all candidates for employment, contractor status, or third-party user status, should be carried out. Prior to employment screening is the process of verifying information that job candidates supply on their resumes and job applications. It may also be referred to by other names, such as:

  • Background Checks
  • Criminal Background Checks
  • Background Screening

This type of background check is usually initiated to see if a prospective employee is trustworthy enough to protect confidential or sensitive information, or manage the financial resources of a business. They may also be used to try to determine if job candidates have any criminal tendencies or character flaws that might limit their effectiveness or hurt the employer in other ways, such as endangering the staff or tarnishing the company’s reputation. Most employers conduct a prior to employment screening of job applicants. However, all or part of the screening process is usually outsourced to private third-party organizations that specialize in this type of background check. An employment background check verifies the employee’s past employment details, criminal records, and/or financial records. This is usually the final step in the recruitment cycle and it ensures that the hiring decision made by the employers is sound and appropriate.  Control includes checks that are:

  • commensurate with the organization’s business needs, and with relevant legal-regulatory-certificatory requirements;
  • take into account the classification/sensitivity of the information to be accessed, and the perceived risks;
  • take into account all privacy, protection of personal data and other relevant employment legislation; and
  • include, where appropriate, components such as identity verification, character references, CV verification, criminal and credit checks.
Advertisements

Control

Background verification checks on all candidates to become personnel should be carried out prior to joining the organization and on an ongoing basis taking into consideration applicable laws, regulations and ethics and be proportional to the business requirements, the classification of the information to be accessed and the perceived risks.

Purpose

To ensure all personnel are eligible and suitable for the roles for which they are considered and remain eligible and suitable during their employment.

ISO 27002 Implementation Guidance

A screening process should be performed for all personnel including full-time, part-time and temporary staff. Where these individuals are contracted through suppliers of services, screening requirements should be included in the contractual agreements between the organization and the suppliers. Information on all candidates being considered for positions within the organization should be collected and handled taking into consideration any appropriate legislation existing in the relevant jurisdiction. In some jurisdictions, the organization can be legally required to inform the candidates beforehand about the screening activities. Verification should take into consideration all relevant privacy, PII protection and employment-based legislation and should, where permitted, include the following:

  1. availability of satisfactory references (e.g. business and personal references).
  2. a verification (for completeness and accuracy) of the applicant’s curriculum vitae.
  3. confirmation of claimed academic and professional qualifications.
  4. independent identity verification (e.g. passport or other acceptable document issued by appropriate authorities).
  5. more detailed verification, such as credit review or review of criminal records if the candidate takes on a critical role.

When an individual is hired for a specific information security role, the organization should make sure the candidate:

  1. has the necessary competence to perform the security role;
  2. can be trusted to take on the role, especially if the role is critical for the organization.

Where a job, either on initial appointment or on promotion, involves the person having access to information processing facilities and, in particular, if these involve handling confidential information (e.g. financial information, personal information or health care information) the organization should also consider further, more detailed verification’s. Procedures should define criteria and limitations for verification reviews (e.g. who is eligible to screen people and how, when and why verification reviews are carried out). In situations where verification cannot be completed in a timely manner, mitigating controls should be implemented until the review has been finished, for example:

  1. delayed on boarding;
  2. delayed deployment of corporate assets;
  3. on boarding with reduced access;
  4. termination of employment.

Verification checks should be repeated periodically to confirm ongoing suitability of personnel, depending on the criticality of a person’s role.

Advertisements

Prior to employment screening involves gathering all the information required to make a good hire. This includes identifying candidates that meet predetermined job qualifications and verifying the information they provide. The prior to employment screening process spans from application review to the final hiring decision. Throughout that time, candidates are screened for the following items:

  • Relevant skills and abilities required to be successful in the position
  • Personality traits
  • Cultural fit
  • Educational experience
  • Professional experience
  • History of drug abuse
  • Criminal history

When the time comes to make an offer, thorough prior to employment screening leaves you confident that you’ve selected the most qualified candidate and the best fit for the organization. Employment background verification involves reviewing a potential candidate’s past employment records, personal information (identity, address, etc.), and financial data to confirm the authenticity of their claims.  The verification ensures that the candidate can be trusted with sensitive information and will be able to execute their tasks responsibly. Hence, you will be able to make an informed decision based on the background verification. Employee background screenings in add a layer of security in the hiring process, filtering the most dependable candidates from the lot. Additionally, these checks offer the following benefits:

  • Improvement in staff quality
  • Lower risk of workplace violence
  • Reduction employee attrition
  • Identifying qualified employees for the technical work
  • Better organization culture and environment

Employers must be mindful of the following things when conducting employment background screening :

  • Identify the legislation and laws that require you to conduct the background verification
  • Inform the candidate that their candidature in the organization is subject to police verification
  • Seek the candidate’s approval for the background check
  • Keep the candidate’s information and background check results private and confidential

The employment background screening is a tedious process involving the following steps:

  1. Selection of the applicant by the hiring department
  2. Contingent offer made to the applicant by the hiring department
  3. Acceptance of the offer letter by the applicant
  4. The hiring department submits an employment background check request
  5. The human resource department approves the request
  6.  Instructions are sent to the employment background check agency or are done in house
  7. The agency/HR conducts the background check and submits the results

Types of Prior to Employment Screening

There are actually a number of different types of pre-employment screening, and employers will often use more than one.

Criminal Records Checks

Criminal record checks will often include a combination of records derived from multiple sources. They can be done at county, state, federal, or even international levels. Companies can commonly access this data from just online databases. Using those databases to check criminal records is referred to as screen-scraping. This process can sometimes turn up charges against job applicants that are very old or have been dismissed. The general consensus is that the most effective method of getting an accurate picture of a job candidate is to have real people looking through hard copies of records, in order to ensure that they are getting information about the correct person and the true outcome of all criminal cases. Prior to employment screening services are offered by government agencies to employers who want information about driving or criminal records. It’s possible that checking criminal records will protect a company in any negligent hiring lawsuits.

Drug Testing

Drug testing is probably one of the most common screenings that employers use to ensure that job candidates will be productive employees and as a preventative measure against injuries in the workplace. Drug tests identify illegal substances potential employees may have ingested or been exposed to. It must be done in strict compliance with laws of the state where the business is located.

Motor Vehicle Records Screening

Records of license suspensions, accidents, convictions, violation or any disciplinary actions may be verified. Companies whose employees operate motor vehicles in the course of their work, such as trucking, delivery or sales, are most likely to require this type of prior to employment screening.

Employment Verification

Employers verify previous employment listed on resumes and job applications using this type of prior to employment screening. It is also used to check the accuracy of dates of employment, job title, and other related details. However, some of the employers which job candidates list on their resume or application may have policies which limit what type of information they will provide about a former employee. Another important screening element is to verify that a job applicant is eligible to work in the said country.

Supervisor/Reference Interviews

Employers will sometimes want to interview references or former supervisors, in order to evaluate the ability of a candidate to perform the job in question. In these cases, the employers will usually be required to provide written permission from the applicant before anyone will speak with them.

Education Verification

Particularly for entry-level employees, employers like to verify a job applicant’s degree, academic performance or major. These reports will verify the dates students attended the academic institution, which fields were studied, the degree earned, grade point averages, and the date of graduation.

Licensing and Professional Certification Verification

Companies will always want to verify that their employees have any licenses that are required for their work. This would include attorneys, medical personnel, engineers, accountants, real estate agents, and more. The pre-employment screening will reveal whether a license is valid, the expiration date, and whether the applicant has been the subject of any type of disciplinary action.

Should Social Media Be Utilized for Prior to employment Screening?

Using social media as a form or prior to employment screening is a controversial issue. While you may be able to tell a lot about a potential employee by looking at their Instagram, Twitter, or Facebook account, doing so may result in legal issues for a company.There are pros and cons to a business considering social media checks, but it is not yet typically included in standard background screening.

A firm’s screening procedures for the appointment or employment of officers and employees must ensure that an individual is not appointed or employed unless:

  1. for a higher-impact individual — the firm is satisfied that the individual has the appropriate character, knowledge, skills and abilities to act honestly, reasonably and independently; or
  2. for any other individual — the firm is satisfied about the individual’s integrity.

The procedures must, as a minimum, provide that, before appointing or employing a higher-impact individual, the firm must:

(a) obtain references about the individual;
(b) obtain information about the individual’s employment history and qualifications;
(c) obtain details of any regulatory action taken in relation to the individual;
(d) obtain details of any criminal convictions of the individual; and
(e) take reasonable steps to confirm the accuracy and completeness of information that it has obtained about the individual.

Advertisements

One thought on “ISO 27001:2022 A 6.1 Screening

  1. Greetings for the day! Really appreciate your support

    We need 9001 documents kit for a company providing security staff services

Leave a Reply