Vendor background checks is an area that still exposes organizations to a lot of risk. Most organizations have a policy on requiring vendor background checks, but do they actually audit this process or even understand how to audit the process?
When evaluating the security of organizations, the first line of defense is to always know exactly who is entering the facilities. Employees are a priority for screening, but often visitors, vendors, and volunteers are screened at a much lower level or not even screened at all.
I recently spoke with a friend who works for a large multi-state law firm. She is an attorney in their Government Relations Group. With that role, it is not uncommon for her to be working after hours. On more than one occasion, she has bumped into a man working for the cleaning contractor and had no idea who he was or if he had a violent criminal history.
Her experience pinpoints a serious problem for organizations. Would her employer be held liable if she was harmed on their property by a vendor who had a violent criminal history? Quite possibly.
Let’s look at 5 problems with vendor background checks:
- Self Certification. This is the most common form of vendor credentialing. Companies require their vendors to conduct employee background checks, and then certify to them that they have done so. How can these companies ensure compliance has been conducted with an acceptable level of screening?
- Definition of “Background Check”. There is not a standard definition of what constitutes a background check. How does a company ensure that their vendors require the same level and depth of screening? To do so requires specific documentation or clearly defined requirements that are supplied IN WRITING to vendors and followed by periodic audits.
- Date of Background Check. Are vendors conducting regular background checks on their employees? Many organizations only require background checks when an employee is hired. What protocols are in place for checking employees that have been employed for 10 or 20 years?
- E-verify/ Legal Right to Work. The federal government’s E-verify program is being increasingly legislated across the U.S. for organizations that provide services to cities, states, or the federal government- including schools. This is not a service that can be conducted by a third party. Employers are the only entity that can conduct E-verify, and it must be done within the first 3 days of employment. So E-verify is a post-hire check. It is important that vendors provide a Letter of Agreement stipulating that they are using the E-verify program (if this is a requirement for your organization).
- Privacy Issues. The recent Equifax breach has certainly raised the awareness of millions of Americans to the possibility of their personal information ending up in the wrong hands. Privacy issues are a concern when conducting vendor background checks. One option would be to include any third parties in an Authorization Form, so the information can be shared with business partners who have a business necessity.
SafeVisitor has created a SafeVendor module that makes this process secure and comprehensive while removing policy concerns. SafeVendor has a policy requirement to be able to be SafeVendor Certified. Once you are certified, then any organization using SafeVisitor can check a vendor to ensure there is a completed background check.
To ensure strict privacy restrictions, SafeVisitor does not share the background screening report with third parties, but only shares the vendor’s ID badge, photo, and certification that stipulates the level of background check completed and passed
Join us for a webinar to learn more about how SafeVisitor and SafeVendor can help protect your organization while at the same time protecting the privacy rights of your vendors.