This page contains a Flash digital edition of a book.
3. Have your Information Technology staff closely scrutinize data security processes for communicating and securing data. This is especially important if the firm utilizes independent contractors or home operators for court records research, verification services or sends data offshore for processing. In addition, if such practices are used by the vendor you should have your Legal Counsel define contractual language to be included in the vendor’s agreement with their contractors that addresses:


- The appropriate type and amount of Errors & Omissions insurance coverage that needs to be in force with your firm named as co-beneficiary;


- The contractors and their employees are held to the same requirements and standards as the vendor’s employees ;


- Specific procedures exist to ensure your data is protected; and - All data protection laws are strictly followed.


4. Your security staff should verify that the vendor and any sub-contractors that process personally identifiable information meet your physical security requirements for securing their systems and meets background screening industry standards.


5. Verify that a written policy exists that states that an applicant’s personally identifiable information or client information is never resold. Make sure this language is built into your contractual agreement.


6. Require the vendor to either provide periodic reports verifying data protection procedures are being followed or to allow their processes to be audited. An emerging practice is the use of the Service Organization Control (SOC) 2 Report that is performed in accordance with American Institute of CPAs standards. (A report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls.)


7. Verify that the vendor has a Record Retention and Destruction policy that clearly defines how electronic and papers records will be destroyed and fully complies with Federal Trade Commission (FTC) regulations.


8. Review the providers data breach policy to ensure it matches your requirements. VII. Order Management and Notification


1. Does the provider have an Account Management focus that provides continuity of support, assign someone to your company that you regularly deal with to gain familiarity with your company’s policies and ways of conducting business?


2. Ask vendor to explain their capabilities to support centralized management of orders from many locations or conversely, their capabilities to support multiple locations with different policies based on your needs.


3. Ask vendor to describe their capabilities to provide batch ordering services, if needed.


4. Ask vendor if they are capable of providing individual search results in the time frame defined by your organization and to describe the manner in which the results will be provided, e.g., online, fax, etc.


5. Ask them for a sample of the report format and are they willing to customize to meet your needs.


13 | Page


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48