Hi! I’m Brad Carlson, Chief Revenue Officer at ClearStar, and this is the next installment of For The Public Record—a blog that features thought leadership from the most seasoned experts at ClearStar, across all functions of the background screening process.
We are continually asked questions about what to look for in a new provider. Today’s quickly changing market and technology means more due diligence to make sure your provider really can perform for you today and in the future. Even though services appear to be similar for all vendors, how each one goes about providing them is extremely different.
Without question, the market has changed dramatically with technology in just the past few years. Everyone has heard about the vast security breaches and the need to protect personal information. The reality is that our business is under constant siege from ill-willed, nefarious people wanting to steal this private information. So, what should you do?
- Your number one priority is to know who gets access to PII, internally.
- Ensure any communication to and from your vendor is encrypted. If communications are happening in an unsecure manner—you are at a real risk.
- If your vendor has a system to log into for results, ensure that they are requiring multifactor authentication or some other secure means (e.g. Windows Active Directory) to log into the site. The number one cause of theft of information is the simple things, like not changing a password.
- Ideally, your vendor needs to be ISO/IEC 27001 certified. This ensures they are up to date with security in today’s world and can best protect the data you send to them.
- SOC 2 certification is also preferred and again, ensures today’s security and process controls are in place.
- If your business needs an integration into some form of Applicant Tracking System, you will want your vendor to have their own in-house IT team. Technology changes and your business can’t afford to be down, waiting for resolution. The only way to logically have business needs addressed NOW is with an in-house IT team.
Perhaps the number one issue clients continually struggle with is service. Service represents one thing to one company and another to the next. One thing is for certain, it is a continually moving target. This is one of the hardest needs to quantify and qualify. So, what should you do?
- Interview your vendor to make sure they don’t off-shore service. Any service that is off-shored not only puts data at risk but poses potential language and time barriers.
- Discuss what your company needs up front. This frank exchange will give you clear paths to success and/or improvements.
- Insist upon service commitments.
- Set up key reporting metrics. What gets tracked gets resolved.
- Discuss account management change over with your vendor. We all experience change but, as an example, three in a short series of months may be excessive.
- Lastly and most importantly—how responsive are they and do they have multiple ways to communicate (e.g. email, chat, communities, etc.)?
The point is, when you’re shopping for a new provider, be sure these things are at the top of their priority list. You’ll want to make sure they are fully addressed before you sign on the line, because fixing a security or service-deficient vendor is just not possible, and worse, it can lead to some nasty struggles for your business. On the other hand, a provider that makes these things a priority can help you keep your business moving. This is for the record.