Our recommendation for cyber security audit compliance and best practice is to perform background checks on all in-scope personnel. This typically means all employees and those contractors who have access to any sensitive data.
Background checks do not generally need to be performed retroactively. However, you may want to consider standardizing this workflow across your company.
Background check controls within Secureframe operate differently depending on where your personnel sit.
U.S. In-scope Personnel: Ensure that for all U.S. personnel a background check is completed within 30 days of employment.
Non-U.S. In-scope Personnel: Personnel outside of U.S. will not need to undergo a background check within the Secureframe system to operate the background check control. Instead, after declaring the nation in which they are employed, they will be requested to submit a resume and reference documentation.