Ask The Expert
Background Checks for Contractors and Vendors: Best Practices for Your Business
When you think about vetting the people who work for your company, you probably think about background checks on employees. But what about your contractors and vendors?
Both contractors and vendors spend a lot of time in your organization. Contractors, both remote and on site, have access to your organization’s facilities, networks, and systems. Vendors service equipment, and may spend a lot of time on your site, largely unsupervised.
Because they have that much access, it’s important to vet both contractors and vendors, in some cases, as thoroughly as you vet your employees.
What sort of background check should I run on a contractor?
Background checks aren’t one-size-fits all. You’ll want to vet a long-term contractor differently than you’d vet a vendor who will be on site for a couple of hours. And access also will make a difference on what type of check you should perform.
For long-term contractors: Because these are people who are going to be working with your team for a long period of time, you’ll want to vet them as thoroughly as you vet your employees. Go back 10 years to verify employee and education, and check references. I also recommend you do a background check annually — if someone’s been arrested in the past year, they’re unlikely to disclose that on their own.
For long term vendors or vendors who will be on site for multiple days: Do a basic background check. Some companies will do these checks for you, but don’t automatically assume the company is running checks. Be proactive and ask. If they don’t, run your own check.
For vendors who will be onsite briefly: If someone is going to be on site for an hour or so, you don’t need to run a check, but you should have a process in place. Issue a temporary badge, make sure that vendor does not have full access to your site, and provide a security escort if needed. I would also advise that you document any individual that is on your site with a government issued identification.
Remember: background checks are best practice
Security only works if you use it, and it’s easy to become complacent about vendors or contractors, especially if they’re on site every week, and your security officers and employees get to know them. It can be easy for an officer to dispense with the inconvenience of generating a temporary badge, and just hold the door open for a familiar face.
However, vendors, and contractors must be held to the same security levels as employees in order to keep all your people safe. Remember that security controls only work if we implement and use them. The worst thing for all security programs is complacency.
The best way to know if you have a strong background check policy in place is to perform regular risk assessments.
Security risk assessment software now makes it easy for you to design a risk assessment capable of collecting risk data from all your sites. Such software also presents that data in a dashboard so you can see — at a glance — which threats are most likely and what you need to do in order to mitigate those threats. Circadian Risk, for example, presents threat data as an actionable list, so that your team can take steps to reduce the risk of likely risks and ensure that best practices are being used in your organization.
Ready to take control of your organization’s risk?
Contact our experts today to learn how Circadian Risk can simplify and strengthen your security.
About the Author
