If you aren’t running background checks on your new hires as a matter of course, it’s time to rethink your hiring policies. Employee background checks used to be virtually unheard of, unless you were filling highly sensitive positions or had a government contract. But times have changed, and anyone in your organization could gain access to sensitive information.

When it comes to background checks, one size doesn’t fit all. You’ll need different types of background checks for different roles in your organization — and different organizations have different needs. Let’s take a look at some best practices to guide your hiring and onboarding policies.

Types of Background Checks

There’s more to a background check than criminal history. Depending on the nature of your business and the role you’re hiring for, you may need to perform one or more of the following types of background checks:

  • Criminal — Check for wants and warrants, criminal records, arrest records and convictions. These checks can be performed nationally and also at state level.
  • Financial — Has the new hire ever had any significant financial issues, liens, bankruptcies, or loan defaults
  • Educational — You may need to verify a candidate’s educational background, certifications, licenses, or other credentials.
  • Name lookup — This includes current and former names and aliases, residential history, phone numbers, and other contact information.
  • Driving record — If your business requires personnel to drive, validating their driving record and current drivers licenses held.

During onboarding, organizations should also validate personnel possess a valid driver’s license and US citizenship (as appropriate).

Think about the types of work your employees do across your organization. For each role, identify the kinds of information you need to verify before a new employee comes on board. Develop a matrix and keep it updated as your organization evolves.

TCT proves compliance doesn't have to suck.

Check out the TCT podcast:

Listen Now

What Are You Obligated to Do?

What background checks are you required to perform for new hires? Certainly, you should consider the type of work your company does and the various roles you hire for. Also consider the standards or certifications that your organization is going up against.

If you have an Assessor, seek their guidance on minimum requirements. Certainly if you’re going through an Assessment, your Assessor will validate the execution and coverage of your background checks as part of their review.

For example, in PCI DSS, you have exposure to credit card data and the potential for financial fraud. So it’s wise to look for lawsuits, criminal history, any record of charges related to embezzlement or financial fraud, identity theft or credit card theft.

Likewise, a law firm will be more concerned with overall reputation and any kind of criminal background.

How Often Should You Run Background Checks?

Certainly you should run background checks during the hiring process, before the personnel start working. Some organizations will execute paperwork with a dependency on an acceptable background check being performed. Depending on the business line and your industry, it may also be appropriate to run recurring annual background checks for certain staff members.

Most standards don’t require ongoing background checks, so it comes down to your organization’s policies whether or not you do periodic background checks. For example, if your company is in the transportation industry and it’s important that your employees have a valid driver’s license and maintain a clean driving record, then you’ll probably need to run a periodic background check on your drivers.

Recurring checks may be dependent on the role within your organization as well. Delivery drivers may have a greater need for annual background checks than dock workers.

Evaluate the Report Findings

Develop an evaluation matrix for all your background checks in advance. Having clear documentation about how you’re going to process each employee’s background checks helps ensure you handle each one equitably and in an unbiased manner.

Determine the barometer for various potential results. If you have a customer service person at a credit card processor, does it matter that they had a speeding ticket in the last year? What if they defaulted on a loan five years ago? Know and understand what your cutoffs are.

Many organizations will take their initial stab at defining their minimum requirements, and adapt them over time. This is a good approach, especially because you’ll encounter new situations you haven’t seen before. As you go, your evaluation matrix becomes more complete and more nuanced.

I recommend an annual review of your requirements for background checks. As you run background checks throughout the year, note any changes that you want to make during the next review.

I also recommend running your evaluation matrix by your legal counsel, to be sure that you’re making decisions appropriately and legally. You don’t want to be in a situation where you’re inadvertently making evaluations that could get you sued.

What About Drug Testing?

Depending on the nature of your business and the roles within your company, drug testing may be a requirement for certain employees. If you haven’t already, find a facility that can administer drug tests for your organization (I recommend using a third-party testing service that can detect cheating).

Also consider the following questions:

  • Do you need to require periodic drug testing?
  • Will you do random drug testing?
  • If so, how will you administer random testing?

Choosing a Background Checking Service

Every background checking service is different. To determine the right fit for your organization, consider the types of checks you’ll need, how often you’ll run them, and how many checks you will request. Also keep your budget in mind.

As you begin vetting vendors, you’ll discover a wide variability in costs and quality of reporting. Some reports are easy to read and understand, while others are frustratingly difficult. A valid report could be anything from a couple of pages to a robust document that’s hundreds of pages long. I have also seen reports that are hundreds of pages of garbage where they picked up all of the national arrest records for anyone named “Steve Smith,” not the Steve Smith up for consideration for hiring!

Before hiring an agency, ask to see sample reports so you know what kind of detail and quality you can expect from them. You might also ask your Assessor / Consultant / vendors / business partners if they can recommend their own background checking services.

Secure Organizations Run Background Checks

No matter what type of organization you are or how small your company is, you should be running background checks when hiring new employees — and possibly on a recurring basis. If you take your company’s security seriously, running background checks goes hand in hand with maintaining a robust security stance.

The more relevant question is how you’ll run them and what kind of evaluation matrix you’ll use.

While there may be no set standard for you to follow, you’ll be on solid ground if you’re in dialogue with your Assessor, Compliance Consultant and your legal counsel. Keep refining your policies as you gain more experience, and adjust as your needs evolve.


Get equipped with insider expertise

Subscribe to the TCT blog