Why ESR: Certifications

ESR’s Certifications Place Us in the Top 1% of Screening Firms and Underscores Our Commitment to Excellence.

Accredited by the Professional Background Screening Association (PBSA)

Less than 10% of background screening firms have been accredited by the Professional Background Screening Association (PBSA) – formerly the National Association of Professional Background Screeners (NAPBS).

To become accredited, a Consumer Reporting Agency (CRA) must pass a rigorous onsite audit, conducted by an independent auditing firm, of its policies and procedures as they relate to six critical areas of the Background Screening Agency Accreditation Program (BSAAP):

  • Section 1: Information Security
  • Section 2: Legal and Compliance
  • Section 3: Client Education
  • Section 4: Researcher and Data Standards
  • Section 5: Verification Services Standards
  • Section 6: Business Practices

ESR first achieved PBSA accreditation in 2010 and has demonstrated continued compliance ever since. Learn more about PBSA accreditation.

SOC 2 Type II Audit for Privacy, Confidentiality, and Security Controls

The SSAE 18 Service Organization Control (SOC) 2 Type II Report is based upon the SSAE 18 Trust Services Principles and tests and reports on the design operating effectiveness of a service organization’s controls. ESR’S SOC 2 Type 2 report focuses on the company’s controls as they relate to security, confidentiality, and privacy of ESR’s systems.

SOC 2 audits, which are performed in accordance with AT Section 101, have quickly become the favored choice for technology oriented businesses, and for good reason. First and foremost, the criteria for which service organization are assessed against – known as the “Common Criteria” requirements – contain various information security and operational provisions that are highly applicable to technology service organizations. Second, the audit is conducted annually, which is far superior to point in time audits like ISO.

ESR has successfully passed annual audits based on these controls as part of our commitment to data security. Learn more about the ESR SOC 2 report.

ESR’s SOC 2® examination demonstrates our competency in protecting our clients’ and their employees’ confidential and personally identifiable information (PII) from unauthorized access and use.

The “Common Criteria” requirements form the basis of the following Trust Services Principles (TSP):

ESR has successfully passed annual audits based on these controls as part of our commitment to data security.

  • The security of a service organization’s system.
  • The availability of a service organization’s system.
  • The processing integrity of a service organization’s system.
  • The confidentiality of the information that the service organization’s system processes or maintains for user entities.
  • The privacy of personal information that the service organization collects, uses, retains, discloses, and disposes of for user entities.

EU-U.S Privacy Shield Certification

The EU-U.S. Privacy Shield Framework was designed by the Department of Commerce and European Commission to provide companies that transfer personal data from the European Union (EU) to the United States (U.S.) with a mechanism to comply with EU data protection requirements in support of transatlantic commerce. The EU-U.S. Privacy Shield Framework officially launched on August 1, 2016.

The EU-U.S. Privacy Shield Framework includes seven commonly recognized privacy principles combined with 16 equally binding supplemental principles that explain and augment the first seven principles. The 23 Privacy Shield Principles lay out requirements for the use of personal data received from the EU by participating organizations. These Principles are available at www.privacyshield.gov/EU-US-Framework.

ESR was among the first background screening firms to achieve our EU-U.S. Privacy Shield certification on August 12, 2016. ESR’s self-certification for Swiss-U.S. Privacy Shield Framework was effective on March 5, 2018.

PCI/DSS Certification

The PCI Data Security Standard is a model framework for security. It was developed by the PCI Security Standards Council, a global open body formed to develop, enhance, disseminate and assist with the understanding of security standards for payment account security.

The Council’s founding members, American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc., agreed to incorporate the PCI Data Security Standard (PCI DSS) as part of the technical requirements for each of their data security compliance programs.

ESR has been audited to meet or exceed Payment Card Industry Data Security Standards (PCI DSS).

Why ESR?

The most selective companies trust ESR to manage their screening programs.

Employment Screening Resources® (ESR) is a global background check firm that is a strategic choice for employers who need accuracy and compliance in their background screening programs.

ESR is accredited by the Professional Background Screening Association (PBSA) – formerly the National Association of Professional Background Screeners (NAPBS) – and undergoes yearly SSAE 18 SOC 2® Type 2 audits to ensure the privacy, security, and confidentiality of consumer information.

ESR founder and CEO Attorney Lester Rosen wrote the book on background checks with “The Safe Hiring Manual.” Contact us today to learn more about our services and solutions.