Background verification checks on all candidates to become personnel should be carried out prior to joining the organisation and on an ongoing basis taking into consideration applicable laws, regulations and ethics and be proportional to the business requirements, the classification of the information to be accessed and the perceived risks.
Screening, more accurately personnel screening refers to the process of evaluating and verifying the trustworthiness and suitability of individuals who will be given access to sensitive information or systems.
Several methods can be used to conduct personnel screening in information security:
- Background checks: This involves verifying an individual’s past employment, education, and personal history to assess their trustworthiness and suitability for access to sensitive information.
- Security clearance processes: For positions that require access to classified information, employees may need to go through a security clearance process, which can include a thorough background check, a polygraph test, and other security measures.
- Reference checks: Asking for references from previous employers, colleagues, or others who have worked with the individual can provide insight into their character and work habits.
- Psychological evaluations: In some cases, an organisation may require employees to undergo a psychological evaluation to assess their emotional stability and ability to handle sensitive information.
- Drug testing: Some organisations may require employees to undergo drug testing to ensure that they are not under the influence of substances that could compromise their judgment or ability to handle sensitive information.
- Training and education: Providing employees with training and education on information security protocols and best practices can help to ensure that they are aware of the importance of protecting sensitive data and the risks associated with improper handling of it.