Ask The Expert
Ask the Expert: Should I Vet My Contractors?
About the Author
Daniel has been a security and risk advisor for more than 10 years, and is passionate about helping companies to better understand their risks to undesirable events on a daily basis. Dan previously served as the Regional Bioterrorism Coordinator for District 1 in Michigan, where he was instrumental in preparing communities for catastrophic incidents. He has also acted as the Private Security Liaison for the City of Lansing’s Critical Infrastructure Team, which identified and documented deficiencies in the city’s critical infrastructure.
He is a Co-Founder of the CSO Risk Council, a think tank of seasoned security professionals and thought leaders with extensive experience in managing the physical security and risks of large enterprises consisting of multiple sites and whose mission is to create a better process to develop and share innovative solutions and pertinent information with organizations to improve safety and security risk by providing a forum to discuss best practices and recommendations for specific risk scenarios and to network with other enterprise security professionals.
When you think about vetting the people who work for your company, you probably think about background checks on employees. But what about your contractors and vendors?
Both contractors and vendors spend a lot of time in your organization. Contractors, both remote and on site, have access to your organization’s facilities, networks, and systems. Vendors service equipment, and may spend a lot of time on your site, largely unsupervised.
Because they have that much access, it’s important to vet both contractors and vendors, in some cases, as thoroughly as you vet your employees.
Need help planning your background checks? Contact us now for a demo.
What sort of background check should I run on a contractor?
Background checks aren’t one-size-fits all. You’ll want to vet a long-term contractor differently than you’d vet a vendor who will be on site for a couple of hours. And access also will make a difference on what type of check you should perform.
For long-term contractors: Because these are people who are going to be working with your team for a long period of time, you’ll want to vet them as thoroughly as you vet your employees. Go back 10 years to verify employee and education, and check references. I also recommend you do a background check annually — if someone’s been arrested in the past year, they’re unlikely to disclose that on their own.
For long term vendors or vendors who will be on site for multiple days: Do a basic background check. Some companies will do these checks for you, but don’t automatically assume the company is running checks. Be proactive and ask. If they don’t, run your own check.
For vendors who will be onsite briefly: If someone is going to be on site for an hour or so, you don’t need to run a check, but you should have a process in place. Issue a temporary badge, make sure that vendor does not have full access to your site, and provide a security escort if needed. I would also advise that you document any individual that is on your site with a government issued identification.
Remember: background checks are best practice
Security only works if you use it, and it’s easy to become complacent about vendors or contractors, especially if they’re on site every week, and your security officers and employees get to know them. It can be easy for an officer to dispense with the inconvenience of generating a temporary badge, and just hold the door open for a familiar face.
However, vendors, and contractors must be held to the same security levels as employees in order to keep all your people safe.
Remember that security controls only work if we implement and use them. The worst thing to all security programs is complacency.
Ready to create a plan for your vendors? Talk to us now about assessing your security.