ESR’s Certifications Place Us in the Top 1% of Screening Firms and Underscores Our Commitment to Excellence.
Accredited by the National Association of Professional Background Screeners (NAPBS)
Less than 10% of background screening firms have been accredited by the National Association of Professional Background Screeners (NAPBS).
To become accredited, a Consumer Reporting Agency (CRA) must pass a rigorous onsite audit, conducted by an independent auditing firm, of its policies and procedures as they relate to six critical areas of the Background Screening Agency Accreditation Program (BSAAP):
- Section 1: Consumer Protection
- Section 2: Legal Compliance
- Section 3: Client Education
- Section 4: Product Standards
- Section 5: Service Standards
- Section 6: General Business Practices
ESR achieved our re-accreditation in June 2016 and demonstrated continued compliance with the standard. Learn more about NAPBS and the accreditation program.
SOC 2 Type II Audit for Privacy, Confidentiality, and Security Controls
The SSAE 18 Service Organization Control (SOC) 2 Type II Report is based upon the SSAE 18 Trust Services Principles and tests and reports on the design operating effectiveness of a service organization’s controls. ESR’S SOC 2 Type 2 report focuses on the company’s controls as they relate to security, confidentiality, and privacy of ESR’s systems.
SOC 2 audits, which are performed in accordance with AT Section 101, have quickly become the favored choice for technology oriented businesses, and for good reason. First and foremost, the criteria for which service organization are assessed against – known as the “Common Criteria” requirements – contain various information security and operational provisions that are highly applicable to technology service organizations. Second, the audit is conducted annually, which is far superior to point in time audits like ISO.
ESR has successfully passed annual audits based on these controls as part of our commitment to data security. Learn more about the ESR SOC 2 report.
ESR’s SOC 2® examination demonstrates our competency in protecting our clients’ and their employees’ confidential and personally identifiable information (PII) from unauthorized access and use.
The “Common Criteria” requirements form the basis of the following Trust Services Principles (TSP):
ESR has successfully passed annual audits based on these controls as part of our commitment to data security.
- The security of a service organization's system.
- The availability of a service organization's system.
- The processing integrity of a service organization's system.
- The confidentiality of the information that the service organization's system processes or maintains for user entities.
- The privacy of personal information that the service organization collects, uses, retains, discloses, and disposes of for user entities.
EU-U.S Privacy Shield Certification
The EU-U.S. Privacy Shield Framework was designed by the Department of Commerce and European Commission to provide companies that transfer personal data from the European Union (EU) to the United States (U.S.) with a mechanism to comply with EU data protection requirements in support of transatlantic commerce. The EU-U.S. Privacy Shield Framework officially launched on August 1, 2016.
The EU-U.S. Privacy Shield Framework includes seven commonly recognized privacy principles combined with 16 equally binding supplemental principles that explain and augment the first seven principles. The 23 Privacy Shield Principles lay out requirements for the use of personal data received from the EU by participating organizations. These Principles are available at www.privacyshield.gov/EU-US-Framework.
ESR was among the first background screening firms to achieve our EU-U.S. Privacy Shield certification on August 12, 2016. ESR’s self-certification for Swiss-U.S. Privacy Shield Framework was effective on March 5, 2018.
The PCI Data Security Standard is a model framework for security. It was developed by the PCI Security Standards Council, a global open body formed to develop, enhance, disseminate and assist with the understanding of security standards for payment account security.
The Council's founding members, American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc., agreed to incorporate the PCI Data Security Standard (PCI DSS) as part of the technical requirements for each of their data security compliance programs.
ESR has been audited to meet or exceed Payment Card Industry Data Security Standards (PCI DSS).