Security
The background screening industry deals primarily in the gathering and distribution of personally identifying information (PII). As such, saying that security is of the utmost importance might be an understatement. With access to such private information comes rigorous security standards—both to prevent unauthorized access to PII and to avert the loss or destruction of critical business data. When deciding on a technology partner, it’s crucial to understand what measures have been taken to ensure your data is secure. To feel confident in your choice of technology partner, look for the following:
System Redundancy
Make sure your technology partner has appropriate redundancies in place, including the following:
- Multiple independent application and database servers
- Real-time data replication, both locally and off-site/out-of-region
- Failsafe power, HVAC, and utility systems
- Diverse upstream Internet Service Providers
- On-site security, operations, and emergency response staff
- High availability failover throughout the technology stack
- Automated suppression systems
Multi-factor Authentication
Multi-factor authentication is a de facto industry standard and accepted best practice for login security. It creates an extra layer of protection for your personal information and should be an included security protocol for any great technology partner.
Data Encryption
Encryption is a must for all technology partners as it is the basic insurance that your data is protected at all times. The two aspects of encryption to be aware of are encrypting data in motion and encrypting data at rest.
- Encrypting data in motion means encrypting data travelling across a network (eg ensuring that web browsers use HTTPS when connecting to your screening provider’s web site).
- Encrypting data at rest means encrypting data stored in persistent storage (eg data saved in a database server).
Look for a technology partner that provides both as part of their security offerings.
Continuous Monitoring
You should be confident that your background screening technology partner has taken every step possible to ensure system uptime and availability. This means continuous monitoring of their system – 24 hours a day, 365 days a year. They also need to proactively protect their system with the following:
- Intrusion detection and prevention tools
- On-site security, operations, and emergency response staff
- Cameras and video archiving throughout facilities
- Active analysis of network traffic
System Administration and Staffing
Make sure that your technology partner is conducting thorough background checks and properly credentialing all staff who may have access to your sensitive data. Job descriptions, roles, and permissions should limit access to only those systems necessary for staff to fulfill their responsibilities. This safeguards access to your sensitive information from all but the appropriate, required individuals.
Comprehensive Compliance
Confidence in your technology partner begins and ends with their industry compliance and best practices. A great technology partner offers comprehensive security compliance that allows you to confidently trust them to secure your business critical information and sensitive data. Confirm that your technology provider undergoes independent, third-party compliance certifications, including PCI DSS and EI3PA. Having qualified security assessors reviewing and monitoring your provider’s security and compliance practices helps give you the peace of mind you deserve.
Making a wise investment in background screening technology requires doing due diligence. Research to see which platform provides the level of security you need to guarantee your safety.
Stay tuned for the next step in our buyer’s guide to choosing a technology provider, which will discuss customization tools and branding.