This week’s control is on background and reference checks. Jose Costa (CISO at Tugboat Logic), Harpreet Shergill (Senior Manager, IS Risk & Compliance at Tugboat Logic), and Chika Nwajagu (Senior Security Analyst at Tugboat Logic) explain why user background and reference checks can be important to your audit.
The dreaded background and reference checks. What seems like a tedious task during a job application process is actually an important security requirement for your organization. There may be different requirements or levels of checks depending on the institution, the role the applicant will be filling, and the customers the organization deals with.
The last thing you want to do is invite someone who’s going to be a major risk to work at your organization!
Background and reference checks are two different processes. While a background check is performed to verify a candidate’s identity, legal records, and education or work history, reference checks are performed to find out whether the candidate is suitable for the job, and whether they have the right knowledge and skills by talking to references from previous employers.
This control will be carried out by your HR team before hiring. If you don’t have an HR team, make sure that your team follows a consistent process and that they are aware of the requirements. The types of checks performed will depend on the organization.
Sometimes, the list of things to consider with background or reference checks can be long and elements can be missed. Applicable regulations as well as compliance laws need to be considered while determining which type of background checks should be run. Similarly, the job requirements should also be considered while determining the extent of reference checks.Consider:
Creating a comprehensive list will help your organization determine the type of checks needed, whether it’s a criminal or financial check, or a simple reference check. In each case, a list of things required to be covered in each check is recommended as well.Essentially it boils down to: