Professional Documents
Culture Documents
NSR Background Check Standards
NSR Background Check Standards
NSR Background Check Standards
(NSR)
Background Check Standards
In view of the above guidelines an inclusive process of standard designing has been followed. At
various stages of standard development the draft is distributed to BGCs and various industry
users and their comments are invited for consideration.
The standards have been designed so as to take a comprehensive approach and deal with all the
areas which relate to functioning of BGCs and performance of their roles relating to NSR
system. In view of this the standards attempt to cover following areas:
A. Operations:
Infrastructure and Facilities
Staff management
Verification processes
Verification Timelines
Quality Control
Management Information System
Grievance Handling and Redressal
Confidentiality
B. Systems
Choice of Verification method: BGC needs to ensure that the verification methodology
chosen by it is such that it gives maximum assurance of the verification results.
Address verification:
All address checks will be done physically by BGC staff by visiting the address
provided by the client to check the candidates residential status with family
members, neighbours, security guards etc. Aspects like length of stay, ownership
status, name and contact details of person from whom confirmation was taken are
recorded.
In no circumstance will oral verification of address be done by usage of
telephonic verification methods etc.
BGC will maintain adequate supportings to ensure genuineness of the field
checks done by the field staff.
Where outsourced staff is used for conducting field checks, the BGC shall ensure
authenticity of the checks by collecting supportings and conducting audit
practices like call back, sample re-verification etc.
Criminal verification:
BGC will have documented standard process to be followed in case of criminal
verifications. Criminal checks would be conducted through court records.
Database Checks:
All database checks shall be done by BGCs using software licensed to the BGC.
BGC staff will be provided adequate training to operate the database check
systems. Training will be based on operational procedures specified by database
v) Quality control
BGC will maintain a team to perform quality check on reports before same are shared
with the client. The object of the quality check is to ensure that:
Zero tolerance towards integrity issues
Accuracy at 100 %
There is no incomplete or missing information which are essential to complete
the verification process
Verifications done are in line with client requirements as specified in the
agreements executed with clients and circulars or other communications received
from clients
Supportings are available for all checks done
In case verifications are done with the support of vendors, the vendor has
followed the standard process for obtaining confirmations
Verifications results can be reported with reasonable assurance and comply with
all applicable laws and procedures.
All verification requests should be routed through quality control processes before being finally
reported. BGC may also deploy process review mechanism which would periodically evaluate
the adequacy of various processes deployed and improvements required in the same.
BGC may also appoint an Internal Auditor to sample check its processes, control mechanisms
and quality controls. The auditor will report to the management to review and improve the
existing processes.
These details will enable the BGC to have better control on its verification processes and also
enable it to have a clear insight into all aspects of the background screening process to reflect on
the health of each client account.
BGC needs to maintain a well-trained client engagement team which will service client
requirements in an efficient manner. Escalation matrix needs to be made available to
clients to ensure that they know whom to reach out to if they have any difficulties. BGC
also needs to have a system to ensure that candidates or their families etc. are not
hassled by field staff in the course of conducting source verifications.
BGC must maintain a register (physical / electronic) for all grievances received by it.
The register should indicate details of the:
viii) Confidentiality
BGC should put in place system which disables any person from exporting, extracting,
transmitting etc. such confidential information from BGC location. In case BGC uses
assistance of outsourced vendors for verifications and personal information of candidate
is shared with these vendors, then BGC will have mechanism for ensuring that
confidentiality of these details are maintained. BGC needs to execute Non-Disclosure
Agreements with such vendors, enforce practices like sensitizing vendors on importance
of maintaining confidentiality of data, destruction of confidential information after usage
at vendor premises etc. to prevent misuse of such information.
Objective:
The objective of this section is to provide Information System operations guidelines for a single
/ multi location BGC Information Technology set-up. These guidelines are oriented towards
providing pointers to the Information System Controls, to facilitate effective implementation of
IT Set-up and operations. These controls are required to ensure availability of the IT systems
and also to safeguard critical information from unauthorized access, disclosure or modification.
At the outset however, it may be clarified that the below listed are comprehensive model
best practice guidelines. The extent of its adoption will depend on the need as well as
constraints associated with specific installation / business operation. One may decide not to
adopt a specific guideline after undertaking a proper analysis of risk involved in not
adopting the same.
Guidelines:
Environmental Conditions
Environmental conditions are equally important for efficient functioning of the IT set-up.
Temperature, humidity, dust can result in short circuits leading to small fires or disruption in
power supply may not damage the equipment beyond repair, but can have serious effect on
availability and / or uptime. Guidelines for maintaining certain environmental conditions are
as follows:
a. Installation and monitoring of air conditioner / cooling in Server Room (desirable that
both Temperature and Humidity is monitored and ensure that it does not cross the
threshold / norms laid down by the equipment provider).
b. Temperature and Humidity control and monitoring, as prescribed by the vendor, for
equipment located in other areas.
c. Environment to be maintained dust free.
d. Clean power supply through UPS equipment with adequate battery backup to gracefully
shut down system in the eventuality of power supply disruption or for switch over to DG
set if installed. DG set, if installed, should have adequate fuel to keep the system
operational for desired timeframe.
e. Server room to have shielding from Electromagnetic interference. This could be as per
the given norms of the equipment (server, firewall appliance, LAN Switches etc.)
provider
Capacity planning
a. Regular monitoring of resource utilization in terms of CPU, memory, disk.
b. Set up threshold utilization keeping in view the lead time for upgrade and likely growth
in volume in such period.
c. Avail where possible capacity on demand feature from vendor.
Staff Training
a. Staff members to be trained during induction and made aware of the above guidelines.
b. Periodic (at the interval of at least 12 months) refresher training to be provided.
c. Training in emergency evacuation and fire fighting to be provided to ensure adequate
skills to address such eventualities. Evacuation drills may be conducted periodically (at
least at the interval of 6 months) and record for the same be maintained.
It is expected that all BGCs will be able to implement the standard within a period of three
months from the release date.
To ensure that all BGCs are complying with the standard NDML / NASSCOM and NSR
member companies may conduct audits. Circulars will be issued in due course in this regard to
indicate the audit methodology.
The standard document has been framed by NASSCOM and NDML in consultation and
consensus with leading IT/ITeS companies and background check agencies. These standards are
meant to ensure a basic level of diligence to the operations of the background checkers
empanelled on NSR. Referring organizations need to be aware that these standards should be
considered only as a guide and they are free to specify a higher / more stringent level of
operational standard for their activities.
These standards are meant for restricted circulation and not intended for publication or
circulation to or sharing with any other entity excluding the empanelled background checkers
and member companies of NSR, nor are they to be reproduced or used for any other purpose in
whole or in part, without written consent in each specific instance.
In the event that any state of affairs arises in the industry which impacts the facts mentioned in
the standards document, we reserve the right to amend these standards accordingly.
The object of these standards is to serve as a benchmark to review the operations of the
background check agencies empanelled on NSR. NASSCOM and NDML expressly disclaim all
responsibility or liability for any costs, damages, losses, liabilities incurred by anyone as a result
of the circulation, publication, reproduction or usage of these standards.