Everybody Screen!

Screening the extended workforce and other background checking best practices

  • By Ron Lashier
  • Jun 01, 2006

NO one has to tell a security professional about the growing importance of background screening. More than 80 percent of large U.S. organizations now perform some kind of criminal background check on potential new hires, and more and more companies are checking employment history, education, driving records, credit history, sex offender registries, restricted parties lists and more. Clearly the drive to background screening is prompted by the desire for a safer workplace, the need to hire better people and threats of litigation for negligent hiring and retention in which the average court award has exceeded $1 million.

But even as background screening becomes an industry standard, it is clear that not all background screening is created equal. Applying background screening haphazardly and without a carefully formulated plan can leave organizations vulnerable to the negative events they are trying to avoid, as well as to criticism, employee dissatisfaction and even litigation. One of the best ways to avoid these problems is to make background screening an accepted and standard part of company security through the implementation of a carefully considered background screening policy based on best practices.

Such a policy shows a company's clear intention to protect its workers and customers as a matter of procedure. Adoption of best practices demonstrates that the company applies its screening standards fairly, with cause, without prejudice and in compliance with all legal requirements.

Understanding the Problem
A screening policy begins when security professionals meet with their human resources counterparts, as well as all other staff members responsible for the hiring or contracting of workers throughout the organization. The goal is to truly understand the steps of hiring and contracting, and all the potential points of vulnerability. For example, many companies perform criminal background checks as a matter of policy, and may consider a search of the online criminal databases as sufficient. The true industry standard involves a hands-on check of the most current records at all county courthouses pertinent to the applicant.

Though it may be a company's procedure to perform criminal checks, it is vulnerable to misinformation regarding employment history, education, drug history and driving records. It is important for the security professional to understand which checks may be pertinent to the company's employee or vendor requirements, as well as those that are required by law.

With such understanding in hand, the security staff can begin to develop a compliant employee screening policy tailored to company needs.

Closing the Extended Workforce Loophole
While the first step in developing a successful screening program is to establish a standard policy, there is an important workplace vulnerability that security professionals must be aware of before such a policy can be written -- the presence of a largely unscreened extended workforce.

One head of security at a global company recently commented that it was interesting that no employee of the company, including himself, got into the CEO's office without a background check, security badge and escort -- no one, that is, unless you counted the man who watered the plants in the CEO's office who had free access with no screening whatsoever. This is a classic example of the extended workforce loophole that exists in companies of all sizes. Even where the most stringent employee screening policies exist, there is often no plan for vetting vendors, partners, and temporary and contract employees.

The vulnerability that this loophole represents is better understood in light of the fact that a recent survey found that vendor employees were 92 percent more likely to have a felony record than a permanent hire and 50 percent more likely to have a misdemeanor record or drug history. One reason for this striking difference is the entirely logical phenomenon of adverse selection. Since so many companies conduct background checks as part of their standard hiring procedure, applicants with questionable pasts tend to find jobs in companies where background checks are not performed. From the security professional's point of view, even if a vendor company performs background checks, they may not meet the hiring company's screening standards and thus still represent a potential vulnerability.

The extended workforce loophole exists largely as a function of procedure, management and technology challenges. Typically, all direct workforce applicants are processed by security and human resources through the corporate screening process before being hired or given a security badge. The indirect workforce, whether employees of a maintenance company, IT contractors or marketing consultants, are oftentimes not required to go through security and HR departments before being granted access. From a process and management point of view, these workers are generally hired and supervised by a wide range of business functions. The night cleaning crew may be under the supervision of the facilities department; the contract software engineer is typically hired by engineering; and temporary receptionists may be hired by HR or a host of other individual titles. In most organizations, there is no central security process governing all of these business functions and categories of workers.

The first step, then, in plugging the loophole is requiring that all extended workforce personnel be subject to the company's standard security procedures, regardless of which department manages them. All departments need to be educated on the importance of submitting their extended workforce personnel to the security department for screening and the step-by-step procedure for doing so.

Another problem in closing the extended workforce security gap is vendor participation. Again, there must be a process in place that requires vendor employees to be screened before they are granted access to company facilities or information. The policy must establish clear guidelines for the vendor as to which screens need to be conducted to meet the company's standards. There also needs to be a process whereby the results of the screening report are delivered directly to the company for review and approval, or is adjudicated and managed by a third party.

Companies that successfully screen their extended workforce most often find that program compliance is easiest to enforce by tying the screening requirements to the badging system. Software solutions are beginning to emerge that can assist companies with tying these two functions together and securing the willing participation of the vendors and suppliers. Whether an internal or external solution is selected, including extended workforce screening into the company's security policy is a critical step.

The Most Critical Step: The Standard Policy
Having a standard, mandatory background screening policy for every employee and vendor -- from top executives to part-time workers -- not only protects the company's workforce, property and information, but it also eliminates any inconsistency and helps ensure that information gathered is used appropriately. Such a policy also protects the company by ensuring compliance with legal requirements such as those set forth by the Fair Credit Reporting Act and other governing bodies. Different types of checks may be required for different positions. For example, finance department employees may require credit checks, and those that operate vehicles on company property may require a vehicle department check. At minimum, a good policy should address what type of checks should be performed for each type of position; who should be screened; how many years of history the checks should cover; the criteria used for assessing whether the candidate meets the hiring standards of the company; and what procedures are required to comply with all relevant federal and state legislation and industry regulations.

Require Complete, Accurate and Consistent Data
Background screening policies should require that all applicants give dates of employment with month and year, and a graduation date for all levels of education. Screening should always include a careful cross-check of data provided in the interview, resume, job application form, background verification application and background check report. Often, applicants with something to hide will provide different information on their job application and their background screen application in the hope that no one will cross check. Incomplete information can reveal gaps in employment and education. Inconsistencies should then be explained by the applicant.

Perform Comprehensive Verification
Certainly, the most fundamental background screen to be performed is a criminal background check. These checks should not just include the local county, but every county where the applicant has lived or worked. Almost as important, however, is verification of employment, education and salary. Roughly one third of resumes contain some misrepresentation in one or more of these areas. This alteration of facts can not only impact the applicant's ability to perform their job, but also indicate problems of character that may eventually impact the company. Educational credentials should be verified at the source, and salary by previous employers or with prior W-2s or pay stubs.

Many companies skip checks of international experience on applicants due to unfamiliarity with the process and the perceived complexity of gathering the information. Indeed, the laws, regulations and procedures governing such checks vary greatly from country to country, but the risks of not performing a background screen is too great to justify excluding them. This is the time to call in the experts and partner with an employment screening provider with the expertise and experience to conduct checks in any country that may be required.

Ongoing Protection
Security professionals should consider regular post-hire criminal background and drug screenings of employees and vendors in order to protect the workforce and guard against liability for negligent retention. In addition, the background screening policy should be regularly reviewed for its responsiveness to company needs and compliance with changing laws and regulations.

With screening of the extended workforce as a standard procedure and a carefully crafted background screening policy in place, security professionals will take a huge step toward protecting their employees and their company.

Featured

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services

  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

  • Eagle Eye Networks Launches AI Camera Gun Detection

    Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now

  • Report: AI is Supercharging Old-School Cybercriminal Tactics

    AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

Most   Popular

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.