Educause Security Discussion mailing list archives
Re: Background Checks Revisited
From: "Hudson, Edward" <ewhudson () CSUCHICO EDU>
Date: Thu, 29 Oct 2009 15:49:09 -0700
Mike, That is correct that state law supersedes however the annual requirement (as stated in your note) applies only if the person in question was a QSA. As a former QSA I am not aware of any higher edu. that operates as an assessing entity and offers PCI assessment services for hire and thus would have active QSA's on their staff. PCI DSS (12.7) Requires screening of potential employees who are going to come in contact with cardholder data prior to hiring but the scope is pretty broad: "Inquire with Human Resources dept. management and verify that back ground checks are conducted (within the constraints of local laws) on employees who prior to hire who will have access to cardholder data or the cardholder data environment. (Examples of background check include previous history, criminal record, credit history and records checks.) No person can get an offer of employment on our campus without having the hiring manager check references and some roles require actual criminal history checks. Ed Hudson, CISM Information Security Office California State University, Chico www.csuchico.edu/ires/security Office: (530) 898-6307 Cell: 707-799-3250 ewhudson () csuchico edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Michael Johnson Sent: Thursday, October 29, 2009 12:31 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Background Checks Revisited It is a requirement of the PCI Security Standards Council that any employee engaged in qualified assessor work must have their background check revalidated for criminal activity every year. State law will supersede. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ken Connelly Sent: Thursday, October 29, 2009 2:55 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Background Checks Revisited In Iowa, it seems to be against state law to run a criminal background check on a current state employee. - ken Volz, Donald D wrote:
Apologies to those of you who see this question on multiple lists. I checked several EDUCAUSE discussion list archives and found a few
earlier threads on the topic of employee background checks. It appeared that MOST respondents performed checks on prospective IT employees, and quite a few indicated that ALL new hires were subject to such tests, regardless of department or job position.
However, I did not get any insight about the use of background checks
on existing employees, i.e., those hired before background checks became a requirement for employment. Obviously there are non-trivial legal and policy considerations surrounding the institutional response to the results of those checks, but I'd like to set those aside for the moment and focus on who is subject to background checks.
My questions are simple: 1) Does anyone perform background checks on existing employees hired
prior to the implementation of such checks for new hires?
2) If yes, are they performed only to address individual employee
situations or circumstances? If so, please explain.
3) Are you planning to complete such checks on ALL or some key
subset(s) of your existing employees (e.g., all IT employees, staff only, all cashiers, all faculty and staff, ...)?
Regards, Don ______________________________________________ Don Volz Special Assistant to the VP for Information Technology Texas State University-San Marcos Email: don.volz () txstate edu Voice: 512-245-9650 FAX: 512-245-1226
-- - Ken ================================================================= Ken Connelly Associate Director, Security and Systems ITS Network Services University of Northern Iowa email: Ken.Connelly () uni edu p: (319) 273-5850 f: (319) 273-7373
Current thread:
- Background Checks Revisited Volz, Donald D (Oct 29)
- <Possible follow-ups>
- Re: Background Checks Revisited Sarazen, Daniel (Oct 29)
- Re: Background Checks Revisited Ken Connelly (Oct 29)
- Re: Background Checks Revisited Michael Johnson (Oct 29)
- Re: Background Checks Revisited Basgen, Brian (Oct 29)
- Re: Background Checks Revisited Mclaughlin, Kevin (mclaugkl) (Oct 29)
- Re: Background Checks Revisited Hudson, Edward (Oct 29)