Skip to main content
All CollectionsComplianceISO 27001
ISO 27001 Background Check FAQs
ISO 27001 Background Check FAQs
Markindey Sineus avatar
Written by Markindey Sineus
Updated over a week ago

What type of background checks are required for ISO 27001?

  • ISO 27001 allows flexibility in terms of what type of background check or screening you perform. You may choose to use one or a combination of any of the following options:

  • Criminal Background Checks

  • Identity Verification

  • Work History or Employment Verification

  • Character Reference Checks (from previous employer and/or personal reference)

  • Competence Verification

  • Education Verification

  • Professional Certification Verification

  • Skills/Aptitude Test

Do I need to perform background checks on existing employees to meet ISO 27001 requirements?

  • While ISO 27001:2022 Annex A.6.1 implementation guidance recommends that all employees and contractors complete a background check, your ISO 27001 auditor will most likely only verify that new hires and new contractors have a background check completed

Do I need to perform background checks on contractors?

  • If you are hiring an individual contractor (not through an agency or third-party organization), it is recommended that you perform a background check on that individual.

  • If you are hiring a contractor from an agency or third-party organization, it is recommended that you work with that organization to determine and/or set contractual shared responsibilities in performing background checks for the contractors they are providing your organization

Which Background Check providers can we use?

  • When it comes to selecting a tool, we recommend the background check providers that we have integrations with (Certn, Checkr, KarmaCheck). This will help simplify the process and allow users to kick-off background checks as part of their onboarding in Drata. More guidance on managing background checks available on Background Check Management.

  • If you are using a Background Check provider that Drata is currently not offering integrations with, you have the ability to Manually upload proof of background check

Which background check provider is recommended if there are international employees and/or contractors?

What do I do if country-specific laws prohibit me from performing background checks?

  • ISO 27001 takes into account laws and regulations of the specific jurisdiction where your employee resides. You can refer to the first question for a list of background check options, but the absolute minimum is an identity verification

How often do we need to perform Background Checks?

  • While ISO 27001:2022 Annex A.6.1 implementation guidance recommends that all employees and contractors undergo subsequent or ongoing verification check, this will ultimately depend on your business decision and risk assessment

Did this answer your question?