Certifications

Why ESR: Certifications

ESR’s Certifications Place Us in the Top 1% of Screening Firms and Underscores Our Commitment to Excellence.

Accredited by the Professional Background Screening Association (PBSA)

Less than 10% of background screening firms have been accredited by the Professional Background Screening Association (PBSA) – formerly the National Association of Professional Background Screeners (NAPBS).

To become accredited, a Consumer Reporting Agency (CRA) must pass a rigorous onsite audit, conducted by an independent auditing firm, of its policies and procedures as they relate to six critical areas of the Background Screening Agency Accreditation Program (BSAAP):

Section 1: Information Security
Section 2: Legal and Compliance
Section 3: Client Education
Section 4: Researcher and Data Standards
Section 5: Verification Services Standards
Section 6: Business Practices

ESR first achieved PBSA accreditation in 2010 and has demonstrated continued compliance ever since. Learn more about PBSA accreditation.

SOC 2 Type II Audit for Privacy, Confidentiality, and Security Controls

The SSAE 18 Service Organization Control (SOC) 2 Type II Report is based upon the SSAE 18 Trust Services Principles and tests and reports on the design operating effectiveness of a service organization’s controls. ESR’S SOC 2 Type 2 report focuses on the company’s controls as they relate to security, confidentiality, and privacy of ESR’s systems.

SOC 2 audits, which are performed in accordance with AT Section 101, have quickly become the favored choice for technology oriented businesses, and for good reason. First and foremost, the criteria for which service organization are assessed against – known as the “Common Criteria” requirements – contain various information security and operational provisions that are highly applicable to technology service organizations. Second, the audit is conducted annually, which is far superior to point in time audits like ISO.

ESR has successfully passed annual audits based on these controls as part of our commitment to data security. Learn more about the ESR SOC 2 report.

ESR’s SOC 2® examination demonstrates our competency in protecting our clients’ and their employees’ confidential and personally identifiable information (PII) from unauthorized access and use.

The “Common Criteria” requirements form the basis of the following Trust Services Principles (TSP):

ESR has successfully passed annual audits based on these controls as part of our commitment to data security.

The security of a service organization’s system.
The availability of a service organization’s system.
The processing integrity of a service organization’s system.
The confidentiality of the information that the service organization’s system processes or maintains for user entities.
The privacy of personal information that the service organization collects, uses, retains, discloses, and disposes of for user entities.

EU-U.S Privacy Shield Certification

The EU-U.S. Privacy Shield Framework was designed by the Department of Commerce and European Commission to provide companies that transfer personal data from the European Union (EU) to the United States (U.S.) with a mechanism to comply with EU data protection requirements in support of transatlantic commerce. The EU-U.S. Privacy Shield Framework officially launched on August 1, 2016.

The EU-U.S. Privacy Shield Framework includes seven commonly recognized privacy principles combined with 16 equally binding supplemental principles that explain and augment the first seven principles. The 23 Privacy Shield Principles lay out requirements for the use of personal data received from the EU by participating organizations. These Principles are available at www.privacyshield.gov/EU-US-Framework.

ESR was among the first background screening firms to achieve our EU-U.S. Privacy Shield certification on August 12, 2016. ESR’s self-certification for Swiss-U.S. Privacy Shield Framework was effective on March 5, 2018.

PCI/DSS Certification

The PCI Data Security Standard is a model framework for security. It was developed by the PCI Security Standards Council, a global open body formed to develop, enhance, disseminate and assist with the understanding of security standards for payment account security.

The Council’s founding members, American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc., agreed to incorporate the PCI Data Security Standard (PCI DSS) as part of the technical requirements for each of their data security compliance programs.

ESR has been audited to meet or exceed Payment Card Industry Data Security Standards (PCI DSS).

Why ESR?

The most selective companies trust ESR to manage their screening programs.

Employment Screening Resources® (ESR) is a global background check firm that is a strategic choice for employers who need accuracy and compliance in their background screening programs.

ESR is accredited by the Professional Background Screening Association (PBSA) – formerly the National Association of Professional Background Screeners (NAPBS) – and undergoes yearly SSAE 18 SOC 2® Type 2 audits to ensure the privacy, security, and confidentiality of consumer information.

ESR founder and CEO Attorney Lester Rosen wrote the book on background checks with “The Safe Hiring Manual.” Contact us today to learn more about our services and solutions.

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.

Cookie	Duration	Description
__hstc	5 months 27 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_parsely_session	30 minutes	This cookie is used to track the behavior of a user within the current session.
_parsely_visitor	1 year 1 month	This cookie store anonymous user idnetifier to determine whether a visitor had visited before, or if its a new visit.
hubspotutk	5 months 27 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
cookies.js_dtest	session	No description
test	session	No description available.

Common Ways Prospective or Current Employees Sue Employers Under the FCRA

Critical Steps for Ex-Offenders to Get Back Into the Workforce