Background Checks

[GREGORY SEIBERT <gregs () KENT EDU>]

I'd like to ask the group for their stance on background checks for
security staff members. We are bringing a new member on board and
detectives in our University Police Department have agreed to conduct a
thorough check on our new staff member and a retroactive check on myself
and other members of our security staff. This would include an "interview",
search of various databases and the FBI fingerprint check.

Is this similar to what the group-think is for best practices for those
trusted with security investigations and the sharing of confidential data
with various enforcement agencies and other protected information?

On another background check issue, for those of you who have completed a
PCI-DSS self-assessment, one of the requirements is for a background check
for all employees with access to credit card number transaction
information. How did you respond to this? Background checks for anyone who
might even smell a credit card number, no one at all, cashiers, network
admins - how deep did you cast your net if at all? And the second part of
that question is how deep of a check did you do - just the "send in a
fingerprint" or something more robust.?

Thanks for your replies. They can be off list unless the group feels this
topic is ripe for discussion.

      Greg

Gregory A. Seibert, CISM
Director of Security and Compliance
Suite 384 Library
Kent State University
www.security.kent.edu
330-672-0383 (Voice)
330-672-9374 (FAX)