[unisog] background checks on IT employees

Bryan Zimmer bzimmer at ucsc.edu
Thu Feb 26 06:19:57 GMT 2009


Michael, I worked for the Department of Defense a few years ago and  
had one of their more detailed background checks run on me. Checking  
an employee's credit is especially important when classified data is  
involved, as there have been cases where people in desperate need of  
money sold secrets to pay off debt. It also shows if the person you're  
dealing with is responsible and has been able to keep a good credit  
rating (not easy for everyone), what their past has been like, and can  
reveal if they have assets they haven't told you about, like a  
multimillion dollar yacht funded by selling secrets. Of course, these  
concerns are more applicable to high security environments where you  
*really* need to know if you can trust your employees, and are only  
part of a more thorough background check.

However, your credit history can be interesting to any future  
employer, and for any position in the company, not just finance. It  
can tell (though not necessarily accurately) whether or not you're  
responsible, if you've been able to keep a steady source of income,  
and if you're free of major debts.. It's all information they can use  
to make assumptions about your future performance as an employee.  
Sure, there are problems with making those kind of assumptions without  
more detailed information, but it's cheaper for them than doing a more  
thorough, accurate, and intrusive investigation.

I hope this info helped.
-Bryan


On Feb 24, 2009, at 12:22 PM, McDonnell, Michael wrote:

>
> In my jurisdiction, an employer cannot go to the police to have a  
> check
> done. The employee must make the request and then the police provide a
> document to the employee, who then decides if he/she wants to  
> provide it to
> the employer.  For jobs where there are "persons at risk  
> involved" (i.e.
> children), an employer can request that all staff be checked by the  
> police.
> The police do not give the employer any details just a summary of  
> which
> employees are "clean" and which are not.  The employees then have to  
> decide
> if they want to provide detailed background checks to the employer  
> (or get
> fired potentially for not disclosing why they were not "clean").
>
> The University I work for did not request a criminal records check  
> from me
> when I joined.  I thought that was weird, because other employers  
> have done
> it.
>
> There is more to background checks than just police records checks  
> though.
> Many employers will also perform a credit check on employees.  I  
> think the
> logic is that if someone is heavily in debt, you wouldn't want them  
> to work
> in your finance department.  I'm not sure what other justification  
> they
> would have.  I have known a few companies (previous clients of mine,  
> not my
> employers) who performed credit checks on all labourers and sales  
> staff (but
> not management).  I could never understand their logic.
>
> I've never heard of a University doing a credit check.  I wouldn't  
> consent
> to one unless I worked in position with substantial unsupervised  
> purchasing
> authority.
>
> --
> Michael McDonnell, GCIA
> Network Security Analyst
> University of Alberta Libraries
> Information Technology Services
> michael.mcdonnell at ualberta.ca
>
>> -----Original Message-----
>> From: unisog-bounces at lists.dshield.org [mailto:unisog-
>> bounces at lists.dshield.org] On Behalf Of Peter Bonitatibus
>> Sent: Tuesday, February 24, 2009 12:18 PM
>> To: UNIversity Security Operations Group
>> Subject: Re: [unisog] background checks on IT employees
>>
>> Kirsten, reach out to the University Police, they do backgrounds for
>> police officers and have experience in doing them.  I am sure they
>> could
>> guide you...
>>
>> Peter Bonitatibus
>> UMass Boston Police
>> System Administrator
>>
>> -----Original Message-----
>> From: unisog-bounces at lists.dshield.org
>> [mailto:unisog-bounces at lists.dshield.org] On Behalf Of Petersen,
>> Kirsten
>> J - NET
>> Sent: Tuesday, February 24, 2009 4:53 AM
>> To: UNIversity Security Operations Group
>> Subject: [unisog] background checks on IT employees
>>
>> What kind of background checks are other universities conducting  
>> for IT
>> positions, if any?  OSU is looking at how to implement new state
>> regulations, and would like to follow industry standards if any are
>> available.  If anyone knows of any good resources to refer me to, I'd
>> appreciate it.
>>
>>
>> ________________
>> Kirsten Petersen
>> Network Services * Oregon State University
>> http://oregonstate.edu/net * irc.oregonstate.edu #osu-is
>> "You can't separate peace from freedom because no one
>> can be at peace unless he has his freedom". - Malcolm X
>>
>> _______________________________________________
>> unisog mailing list
>> unisog at lists.dshield.org
>> https://lists.sans.org/mailman/listinfo/unisog
>>
>> _______________________________________________
>> unisog mailing list
>> unisog at lists.dshield.org
>> https://lists.sans.org/mailman/listinfo/unisog
>
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog



More information about the unisog mailing list