Screening the extended workforce and other background checking best practices
- By Ron Lashier
- Jun 01, 2006
NO one has to tell a security professional about the growing importance of background screening. More than 80 percent of large U.S. organizations now perform some kind of criminal background check on potential new hires, and more and more companies are checking employment history, education, driving records, credit history, sex offender registries, restricted parties lists and more. Clearly the drive to background screening is prompted by the desire for a safer workplace, the need to hire better people and threats of litigation for negligent hiring and retention in which the average court award has exceeded $1 million.
But even as background screening becomes an industry standard, it is clear that not all background screening is created equal. Applying background screening haphazardly and without a carefully formulated plan can leave organizations vulnerable to the negative events they are trying to avoid, as well as to criticism, employee dissatisfaction and even litigation. One of the best ways to avoid these problems is to make background screening an accepted and standard part of company security through the implementation of a carefully considered background screening policy based on best practices.
Such a policy shows a company's clear intention to protect its workers and customers as a matter of procedure. Adoption of best practices demonstrates that the company applies its screening standards fairly, with cause, without prejudice and in compliance with all legal requirements.
Understanding the Problem
A screening policy begins when security professionals meet with their human resources counterparts, as well as all other staff members responsible for the hiring or contracting of workers throughout the organization. The goal is to truly understand the steps of hiring and contracting, and all the potential points of vulnerability. For example, many companies perform criminal background checks as a matter of policy, and may consider a search of the online criminal databases as sufficient. The true industry standard involves a hands-on check of the most current records at all county courthouses pertinent to the applicant.
Though it may be a company's procedure to perform criminal checks, it is vulnerable to misinformation regarding employment history, education, drug history and driving records. It is important for the security professional to understand which checks may be pertinent to the company's employee or vendor requirements, as well as those that are required by law.
With such understanding in hand, the security staff can begin to develop a compliant employee screening policy tailored to company needs.
Closing the Extended Workforce Loophole
While the first step in developing a successful screening program is to establish a standard policy, there is an important workplace vulnerability that security professionals must be aware of before such a policy can be written -- the presence of a largely unscreened extended workforce.
One head of security at a global company recently commented that it was interesting that no employee of the company, including himself, got into the CEO's office without a background check, security badge and escort -- no one, that is, unless you counted the man who watered the plants in the CEO's office who had free access with no screening whatsoever. This is a classic example of the extended workforce loophole that exists in companies of all sizes. Even where the most stringent employee screening policies exist, there is often no plan for vetting vendors, partners, and temporary and contract employees.
The vulnerability that this loophole represents is better understood in light of the fact that a recent survey found that vendor employees were 92 percent more likely to have a felony record than a permanent hire and 50 percent more likely to have a misdemeanor record or drug history. One reason for this striking difference is the entirely logical phenomenon of adverse selection. Since so many companies conduct background checks as part of their standard hiring procedure, applicants with questionable pasts tend to find jobs in companies where background checks are not performed. From the security professional's point of view, even if a vendor company performs background checks, they may not meet the hiring company's screening standards and thus still represent a potential vulnerability.
The extended workforce loophole exists largely as a function of procedure, management and technology challenges. Typically, all direct workforce applicants are processed by security and human resources through the corporate screening process before being hired or given a security badge. The indirect workforce, whether employees of a maintenance company, IT contractors or marketing consultants, are oftentimes not required to go through security and HR departments before being granted access. From a process and management point of view, these workers are generally hired and supervised by a wide range of business functions. The night cleaning crew may be under the supervision of the facilities department; the contract software engineer is typically hired by engineering; and temporary receptionists may be hired by HR or a host of other individual titles. In most organizations, there is no central security process governing all of these business functions and categories of workers.
The first step, then, in plugging the loophole is requiring that all extended workforce personnel be subject to the company's standard security procedures, regardless of which department manages them. All departments need to be educated on the importance of submitting their extended workforce personnel to the security department for screening and the step-by-step procedure for doing so.
Another problem in closing the extended workforce security gap is vendor participation. Again, there must be a process in place that requires vendor employees to be screened before they are granted access to company facilities or information. The policy must establish clear guidelines for the vendor as to which screens need to be conducted to meet the company's standards. There also needs to be a process whereby the results of the screening report are delivered directly to the company for review and approval, or is adjudicated and managed by a third party.
Companies that successfully screen their extended workforce most often find that program compliance is easiest to enforce by tying the screening requirements to the badging system. Software solutions are beginning to emerge that can assist companies with tying these two functions together and securing the willing participation of the vendors and suppliers. Whether an internal or external solution is selected, including extended workforce screening into the company's security policy is a critical step.
The Most Critical Step: The Standard Policy
Having a standard, mandatory background screening policy for every employee and vendor -- from top executives to part-time workers -- not only protects the company's workforce, property and information, but it also eliminates any inconsistency and helps ensure that information gathered is used appropriately. Such a policy also protects the company by ensuring compliance with legal requirements such as those set forth by the Fair Credit Reporting Act and other governing bodies. Different types of checks may be required for different positions. For example, finance department employees may require credit checks, and those that operate vehicles on company property may require a vehicle department check. At minimum, a good policy should address what type of checks should be performed for each type of position; who should be screened; how many years of history the checks should cover; the criteria used for assessing whether the candidate meets the hiring standards of the company; and what procedures are required to comply with all relevant federal and state legislation and industry regulations.
Require Complete, Accurate and Consistent Data
Background screening policies should require that all applicants give dates of employment with month and year, and a graduation date for all levels of education. Screening should always include a careful cross-check of data provided in the interview, resume, job application form, background verification application and background check report. Often, applicants with something to hide will provide different information on their job application and their background screen application in the hope that no one will cross check. Incomplete information can reveal gaps in employment and education. Inconsistencies should then be explained by the applicant.
Perform Comprehensive Verification
Certainly, the most fundamental background screen to be performed is a criminal background check. These checks should not just include the local county, but every county where the applicant has lived or worked. Almost as important, however, is verification of employment, education and salary. Roughly one third of resumes contain some misrepresentation in one or more of these areas. This alteration of facts can not only impact the applicant's ability to perform their job, but also indicate problems of character that may eventually impact the company. Educational credentials should be verified at the source, and salary by previous employers or with prior W-2s or pay stubs.
Many companies skip checks of international experience on applicants due to unfamiliarity with the process and the perceived complexity of gathering the information. Indeed, the laws, regulations and procedures governing such checks vary greatly from country to country, but the risks of not performing a background screen is too great to justify excluding them. This is the time to call in the experts and partner with an employment screening provider with the expertise and experience to conduct checks in any country that may be required.
Security professionals should consider regular post-hire criminal background and drug screenings of employees and vendors in order to protect the workforce and guard against liability for negligent retention. In addition, the background screening policy should be regularly reviewed for its responsiveness to company needs and compliance with changing laws and regulations.
With screening of the extended workforce as a standard procedure and a carefully crafted background screening policy in place, security professionals will take a huge step toward protecting their employees and their company.