Welcome to the SecAware blog

I spy with my beady eye ...

30 Jun 2011

Background checking the background checkers

If your organization conducts background checks on candidates prior to employing them into roles involving access to highly classified information, or when promoting employees to more responsible and trusted positions (good on yer!), your security probably depends heavily on those checks and hence on the checkers.  Given the risks inherent in the process, you should definitely ensure that the process controls are adequate.

For example, if you outsource your background checks, is the outsourcer competent and diligent?  Do you need to check up on them?  If so, how, and how often, should you check?  Who, within your organization, is accountable for the quality of the checks and for any security incidents that result if the checks prove inadequate?

I'm asking these questions because it has been known for background checkers to falsify evidence of the checks they are supposed to have conducted.  Incidents of this nature are hard to uncover, expensive to investigate and resolve, and worse still can lead to extremely serious incidents downstream if improperly cleared people are handling classified information inappropriately.

Gary (Gary@isect.com)

No comments:

Post a Comment