Personnel Identity Verification and Screening (SS-08-017)
Topics:
SS-08-017 Personnel Identity Verification and Screening
Issue Date: 3/31/2008
Revision Effective Date: 3/31/2008
Review Date: 7/1/2018
PURPOSE
Standards for identity verification and background screenings are essential to mitigate the risks of identity fraud, counterfeiting, and terrorist exploitation among individuals entrusted with physical and logical access to state facilities and information resources, as well as establishing a common baseline of trust between state agencies in support of statewide data sharing requirements.
In support of the Department Homeland Security initiatives and to comply with the Georgia Security and Immigration Compliance Act of 2006, all state agencies and state contractors must participate in a federal work authorization.
STANDARD:
As part of the initial employment/engagement process for both full and part-time employees and contractors requiring access to state information resources, not designated as public access resources, each agency shall verify personnel identities, work eligibility and conduct background screenings in accordance with O.C.G.A 13-10-91 (Article 3).
Each agency shall have a process that meets the following minimum requirements for verifying the identity of all individuals, their employment eligibility, and position qualifications prior to hiring and issuing credentials to access state facilities or information resources not otherwise designated as public access resources:
- Validation through a federal work authorization program
- Employment history verification
- Education history verification
- Validation of degrees and professional licenses
- Residence verification
- Criminal history
- References
- In cases where a position calls for a more extensive background checks, other National Agency Checks (NACs) and credit bureau checks shall be conducted.
Sponsoring agencies shall ensure that sourcing agencies for contractors, consultants, and third-party vendors use a similar screening process, to include: Identity validation, employment eligibility, job-specific screening and notification of re-screening if there is cause for doubt or concern.
Human Resource officials shall provide candidates documented notification and acknowledgment of the Official Code of Georgia Annotated Computer Security Act as well as other applicable federal, state and agency regulations or policies, terms of confidentiality, non-disclosure, sanctions and disciplinary procedures, and other conditions of employment, including mandatory participation in annual security awareness training.
Each state agency retains the right to and should conduct random, periodic spot checks and/or renewals in accordance with established agency policy and/or procedures.
Confidentiality and non-disclosure agreements shall be reviewed regularly, not to exceed every three years, or when individuals leave the organization, or when contracts expire.
RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES
Personnel Security (PS-08-014)
Third-Party Security Requirements (SS-08-013)
REFERENCES
Rules of Georgia Department of Labor, Chapter 300-10-1 “Georgia Security and Immigration Compliance Act of 2006”
Federal Information Processing Standard (FIPS) 201-1: Personal Identity Verification of Federal Employees and Contractors (PIV-I) http://csrc.nist.gov/publications/fips/index.html
TERMS and DEFINITIONS
“Federal work authorization program” means any of the electronic verification of work authorization programs operated by the US Department of Homeland Security (USDHS) or any equivalent federal work authorization program operated by the USDHS to verify information of newly hired employees.