Open jelly2024 opened 1 year ago
During the 2023 SOC 2 Readiness Assessment, the control's effectiveness and design were evaluated against relevant testing procedures. The design of the control was found satisfactory. During testing of the effectiveness of the control, it was identified that not all background checks aligned with policy requirements. Out of the 50 employees sampled, 14 employees did not have the required criminal background check upon hire as mandated by policy; they only had education, references, and work history checks. This constitutes a control gap in the effectiveness of the control resulting in a needs improvement overall control rating.
The consequences of this control gap may include:
Increased risk of non-compliance: The organization may be at a higher risk of non-compliance with regulatory requirements and company policies due to incomplete background checks for some employees.
Potential exposure to ethical or behavioral issues: Employees without the required criminal background checks could pose potential risks to the organization, such as ethical or behavioral issues that might have been flagged through a comprehensive screening process.
Diminished employee awareness of commitment: The control gap may lead to diminished employee awareness of the organization's commitment to integrity and ethical conduct.
Background checks are performed for employees as a component of the hiring process.