Security Posture Best Practices

Background Checks in Vanta

  • Updated

What are background checks?

A background check is a process through which employers leverage private and public information to screen people (often potential or current employees). Different background checks exist, but common ones include criminal history checks, employment verifications, and education verifications.

What are SOC 2/ISO 27001/HIPAA requirements for background checks?

Your auditor would like to see if some vetting process occurred with your hiring procedures. This can take many forms, but the simplest option is to run criminal background checks using a background check tool. Alternatively, you can upload manual evidence of reference checks or some other form of personnel screening. Background checks need to be run on your employees going forward. You don’t need to run background checks on existing employees.

How do I run background checks?

You can run background checks directly from Vanta. Learn more here. If you already have a background check provider, integrate that tool with Vanta and continue running background checks through it.

What tools does Vanta integrate with?

Vanta integrates with background check providers, including Certn, Checkr, Vetty, and Rippling. See the full list here.

Assigning background check tasks to employees

Add background check tasks to your employees by adding them to the relevant group(s). If you want to run background checks only on employees who joined your company after a specific date, select Choose start date; the task will only be assigned to employees who joined your company after that date.

When in doubt, we recommend assigning background check tasks to all employees.

 

Linking background checks to employees

When you integrate a background check tool with Vanta, Vanta will auto-link those checks to employees whenever the name or the email on the background checks matches the name or email of an employee in Vanta. Sometimes, this auto-linking fails if the background check uses someone’s personal email. If this happens, you can manually link the background check to an employee from the People Page.

 

Screenshot 2024-06-17 at 2.22.40 PM.png

 

If you don’t have a background check provider that can integrate with Vanta, you can upload manual URLs to use as evidence of background checks. 

FAQs

Do auditors need to see the entire background check?

  • Your auditor must see that the check was completed and confidential information can be removed. It is up to your team to decide if you would like to accept any potential risk associated with hiring an individual.

Do I need to perform background checks for all my employees retroactively?

  • No, your auditor wants to see those checks for new hires.

What about employees in countries that do not allow background checks?

  • Your auditor will adhere to the regulations of the country the employee is living in. Vanta recommends that you work with your auditor to decide on an alternative way to meet the control for those employees.

What if I am not using an integration partner or doing an alternative check process?

  • You can still upload evidence related to completed checks in Vanta. Customers can upload a URL for the selected employee to the People page. This will complete the task in Vanta, and the URL will be visible to auditors (customers may need to grant access).
  • Customers can also upload evidence of completed checks for new hires on the Documents page for completed background checks. If you'd like to connect the background check on the Documents page to the user, follow the instructions here: How to link a background check manually.