Screening Nonemployees

Buy Shoes
 Screening Nonemployees  





In addition, the screening process should extend to all nonemployees who are granted access (e.g., consultants, vendor staff, service personnel and, increasingly, customers), though not to the same degree as potential employees.

In cases of personnel working for other firms, it is more reasonable to perform a check on the organization providing the service staff and to ensure, through contractual language, that the service organization takes full responsibility for its own staff. Checks on a service organization should include an investigation of that company’s employee screening procedures and a review of references from companies with which the service organization has recently conducted business. It is also important to ensure that suitable confidentiality and vendor liability clauses are included in consulting and service agreements.

When customers are granted direct access to the organization’s computer systems via the company’s or a third party’s data network, the usual credit checks and business viability verifications need to be performed. In addition, due diligence examinations to uncover any previous fraudulent customer activities should be conducted. The extent of such checks should be based on an evaluation of the magnitude of the assets at risk, the probability of recovering such assets if stolen, and an assessment of the probability that a customer would risk reputation and possible legal action if caught.

A standard security policy is that anyone who has not been screened should not be given system access. For example, frequent deliveries or pickups should be conducted in nonsensitive areas in all cases in which delivery personnel have not been screened. In addition, information regarding the location and nature of computer installations should be restricted whenever possible. Limiting the number of persons who know the systems’ location and function also limits the risk of unauthorized access.





Copyright Manjor Inc.