ESR’s Certifications Place Us in the Top 1% of Screening Firms and Underscores Our Commitment to Excellence.
Less than 10% of background screening firms have been accredited by the Professional Background Screening Association (PBSA) – formerly the National Association of Professional Background Screeners (NAPBS).
To become accredited, a Consumer Reporting Agency (CRA) must pass a rigorous onsite audit, conducted by an independent auditing firm, of its policies and procedures as they relate to six critical areas of the Background Screening Agency Accreditation Program (BSAAP):
- Section 1: Information Security
- Section 2: Legal and Compliance
- Section 3: Client Education
- Section 4: Researcher and Data Standards
- Section 5: Verification Services Standards
- Section 6: Business Practices
The SSAE 18 Service Organization Control (SOC) 2 Type II Report is based upon the SSAE 18 Trust Services Principles and tests and reports on the design operating effectiveness of a service organization’s controls. ESR’S SOC 2 Type 2 report focuses on the company’s controls as they relate to security, confidentiality, and privacy of ESR’s systems.
SOC 2 audits, which are performed in accordance with AT Section 101, have quickly become the favored choice for technology oriented businesses, and for good reason. First and foremost, the criteria for which service organization are assessed against – known as the “Common Criteria” requirements – contain various information security and operational provisions that are highly applicable to technology service organizations. Second, the audit is conducted annually, which is far superior to point in time audits like ISO.
ESR has successfully passed annual audits based on these controls as part of our commitment to data security. Learn more about the ESR SOC 2 report.
ESR has successfully passed annual audits based on these controls as part of our commitment to data security.
- The security of a service organization’s system.
- The availability of a service organization’s system.
- The processing integrity of a service organization’s system.
- The confidentiality of the information that the service organization’s system processes or maintains for user entities.
- The privacy of personal information that the service organization collects, uses, retains, discloses, and disposes of for user entities.
The EU-U.S. Privacy Shield Framework was designed by the Department of Commerce and European Commission to provide companies that transfer personal data from the European Union (EU) to the United States (U.S.) with a mechanism to comply with EU data protection requirements in support of transatlantic commerce. The EU-U.S. Privacy Shield Framework officially launched on August 1, 2016.
The EU-U.S. Privacy Shield Framework includes seven commonly recognized privacy principles combined with 16 equally binding supplemental principles that explain and augment the first seven principles. The 23 Privacy Shield Principles lay out requirements for the use of personal data received from the EU by participating organizations. These Principles are available at www.privacyshield.gov/EU-US-Framework.
ESR was among the first background screening firms to achieve our EU-U.S. Privacy Shield certification on August 12, 2016. ESR’s self-certification for Swiss-U.S. Privacy Shield Framework was effective on March 5, 2018.
The PCI Data Security Standard is a model framework for security. It was developed by the PCI Security Standards Council, a global open body formed to develop, enhance, disseminate and assist with the understanding of security standards for payment account security.
The Council’s founding members, American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc., agreed to incorporate the PCI Data Security Standard (PCI DSS) as part of the technical requirements for each of their data security compliance programs.
ESR has been audited to meet or exceed Payment Card Industry Data Security Standards (PCI DSS).