Background checks are performed for new hires between the selection of a new hire candidate and their onboarding to your company.
The Consumer Data Right gives Australian’s control of their data. That enables innovation in new products and services. To participate as a data recipient, there are five governance requirements and 24 information security requirements. These are independently audited by a qualified firm like AssuranceLab, and included in an assurance report for accreditation.
Background checks are one of the 24 information security requirements.
The purpose of background checks is to ensure new employees fit the ethical and integrity values of your organisation. If any findings are raised in these checks; it’s up to management to apply judgement as to whether the candidate is appropriate.
From a security standpoint, it should consider the role intended for the candidate in terms of the expected exposure to sensitive data, dealing with your customers, and any associated risks that may come from an employee with a checkered history.
There are four types of background checks you can consider performing. For the purposes of accreditation with the Consumer Data Right, police and reference checks are specifically required for any employees that will interact with the CDR Environment. The standard Trust Services Criteria for SOC 2 are less prescriptive, but usually covers at least one type of background check.
- Reference checks - this is the most common background check conducted. It can broadly confirm the candidate's character and abilities by speaking with past colleagues and/or known associates.
- Police checks - The police check identifies any recorded criminal history.
- Credit checks - Identifies any past issues with repayment of credit. This may be telling in certain roles with a financial aspect, or important to consider in the context of the potential for fraud more broadly.
- Identity and CV checks - These checks validate what the new hire candidate has communicated about themselves, past experiences, and qualifications. These often form a key part of the hiring decision and may identify dishonesty from performing these checks.
If you're wondering what this looks like "on paper" - get in touch with our team <firstname.lastname@example.org>. We're happy to share examples, connect you to partners that provide these services, and guide you through how this may look for your business.
The CDR Perspective
Background checks should be performed for all personnel interacting with the CDR data environment. The extent of these checks is at the discretion of the organisation, but at a minimum should include police checks. The purpose of this is to help ensure the security and confidentiality of CDR data.
AssuranceLab is a modern cybersecurity audit firm. We're experts in the latest software and cloud providers. We guide your team through the compliance practices in a way that fits your environment and culture. We work closely with clients through our agile and collaborative approach; saving time, costs, and headaches along the way.