Site Security: Background Checks

site security
(Photo: 123rf.com)

By David C. Sawyer, CPP
From the July/August 2016 Issue

If you’ve ever played Whack-A-Mole, the arcade game where a mole pops his head up through one of several holes, you know that no matter how good you get at whacking him on the head and forcing him back in the hole, the mole will keep popping up somewhere else. Most employers now conduct some level of background check before bringing on a new employee. But that doesn’t mean that the individuals with serious criminal records will stop trying to “poke their head up through some other hole” to get into your organization.

Those “holes” may represent contract or temporary workers brought in by a staffing agency, or perhaps they are interns or part of the cleaning crew that comes in at night with your janitorial contractor. Does your agreement with such companies require a background check on everyone—before they set foot on your properties? If so, does the contract language get specific about what the background check will look for, how far back it will go, what search methods will be used, and whether or not any aliases or maiden names will also be searched?

If you require your vendors, including staffing agencies to conduct background checks, it’s imperative that you do not leave it to them to define what a thorough background check entails.

Similar to screening your own employees, the background screening package should be tailored to each position. For example if driving a vehicle is required, then it is important to discover if they have a valid driver’s license as well as examine their driving record. If a degree or professional license is required, you will want to verify these credentials. In the case of a professional license you may also be able to search for sanctions or other disciplinary actions imposed by the agency issuing the license.

Standard On Multi-Faceted Security In Development

By Facility Executive Staff

In March 2016, ASIS International, (ISC)², an international association focused on cyber security, and ISACA (previously Information Systems Audit and Control Association) signed a memorandum of understanding (MOU) to develop the Security Awareness American National Standard. This guidance standard will address the intersections of physical, cyber, and information security management to help organizations maximize protection of people, property, and assets.

These three associations noted that in an increasingly complex and interconnected world, the public and private sector are faced with growing physical and electronic challenges to protect personal information, business transactions, and critical infrastructure. Given the convergence of risks and fading boundaries between physical, cyber, and information security, this standard will be a tool to help all stakeholders in organizations of all types and sizes to promote security awareness from a holistic perspective.

“The human element is central to any successful security strategy. By promoting a ‘security awareness culture,’ organizations can proactively prevent problems that detract from achieving their business objectives,” said Dr. Marc H. Siegel, commissioner of the ASIS Global Standards Initiative. “The proposed standard will integrate physical, cyber, and information security into day-to-day business and risk management practices. It will emphasize that everyone in the organization is part of the risk equation, and therefore, part of the solution.”

The Standard will focus on cross-disciplinary management measures, as well as awareness and training programs to help organizations and their supply chains prepare for and minimize the likelihood of an undesirable event, as well as respond to and recover from a security incident.

Topics of discussion related to security awareness include:

  • physical security;
  • information security;
  • cyber security;
  • wireless networks;
  • password security; and
  • intangible asset security (e.g., brand, reputation, file sharing, intellectual property, and image).

“Businesses are struggling to cope with all of today’s security threats,” said Dr. Casey Marks, director of Professional Programs Development for (ISC)². “The continued convergence of cyber and physical security causes our adversaries to neither think nor act in silos when they perform malicious activities. An all encompassing security standard like this will help to provide businesses with needed guidance. Standards are the pillar upon which the concept of professionalization is built, and we’re pleased to be a part of this effort with two well-respected industry organizations.”

ASIS, (ISC)², and ISACA are forming a joint technical committee and working group to develop the standard, soliciting input from security experts around the world. The committee will operate under ASIS’s ANSI-accredited process to develop an American National Standard that can be applied globally.

“Combining the expertise of our members and leaders will help organizations and their supply chains assess their risks and develop enterprise-wide and site specific plans and procedures to more effectively manage risk and protect their human, tangible, and intangible assets,” said Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, international president of ISACA. “Security awareness is a business imperative in today’s interconnected world. By bringing together the top security professional organizations, we can share best practices and ensure a collaborative approach to asset protection.”

Questions about the Security Awareness American National Standard can be directed to standards@asisonline.org.

Do you have a comment? Share your thoughts in the Comments section below.

A search for criminal records is almost always included, but here you have to be careful about the method of the search. In an effort to save money or to speed up the process, many companies will opt for a search of a criminal records database. While these private databases offer instant results, they do not contain all criminal records; no database does. Sometimes, the records they do contain are incomplete or outdated. Therefore, a real-time search of actual court records, in jurisdictions where the individual has resided, attended school, or worked for the past seven to 10 years is the recommended protocol when searching for potential criminal records.

It is also important to define what information found in a background check is grounds for disqualification and who is responsible for making that decision. Since the Equal Employment Opportunity Commission (EEOC) strongly discourages bright line policies such as, “a felony conviction within the past five, or even 10, years is an automatic disqualifier,” you’ll need a mechanism that allows the candidate to provide additional details and extenuating circumstances about the information in the background check report. More importantly, you don’t want to leave it to a junior level recruiter at a staffing agency whose commission is dependent on placing workers at an organization.

Plugging The (Security) Holes

Ideally, there is already a pre-employment background screening (and drug test?) policy and procedure in place for hiring employees who will work directly for the organization. The goal then, is to plug any remaining holes that pesky mole may pop through by making sure the standards you set for your own employees also apply to interns, temporary, and contract workers.

It’s probably not practical to require the copy machine repair company, the office supply dealer, or others who send their employees to your premises on an occasional basis to sign a contract requiring background checks that mirror your own. For these instances, it’s suggested that you still choose vendors who claim a commitment to doing thorough background checks and that you not allow their employees unfettered access to the facilities. You should require such individuals to be escorted by one of your employees or at least require they wear a visitor ID so they are easily identifiable as someone who doesn’t belong in certain areas.

One of my customers uses my company to screen all permanent employees. They also hire temporary workers and rely on the temp agency to screen those personnel. A few times, when converting a temporary worker to permanent, we have conducted a background check and discovered serious criminal convictions that were either missed or overlooked by the temp agency. I don’t know the extent of their background checks but I do know that a cheaper background check increases their profit margin. And if they disqualify someone due to the results of a background check, they make no profit at all on that individual.

Another client manages apartment rentals. We screen their employees but they use another company to screen prospective tenants. Last year a tenant applied for an open position in their maintenance department. When we screened him for employment, we discovered a series of felony convictions that did not show up on his tenant screening report even though criminal records is something for which they do screen.

These examples illustrate that not all background checks are created equally. There is no recognized “standard background check.” If you select your screening company and/or the screening packages they provide based on price, or if you allow a vendor that sends contract workers into your facility to decide for you what will be screened and by what methods, you may find yourself playing Whack-A-Mole without a mallet.

Employers have a duty to provide a safe environment for their employees, and that includes exercising reasonable care when hiring new employees. As more employers come to recognize this, those whose criminal records would preclude them from being hired at such organizations will naturally gravitate to employers who do no background checks or whose screening is less than thorough. This may often be the case at staffing agencies that provide temporary or contract workers, unless you, their client contractually require a compressive background check and periodically check to make sure it is being done to your standards.

Sawyer is the founder of Safer Places Inc. based in Middleborough, MA and serving clients throughout the United States. Safer Places is a full-service firm that provides pre-employment screening, security consulting, tenant screening, and additional verification services for schools, private and public companies, property managers, and property owners.

Do you have a comment? Share your thoughts in the Comments below or send an e-mail to the Editor at acosgrove@groupc.com.


1 COMMENT

Comments are closed.