Information Security and Confidentiality Is Our Primary Concern
The security and confidentiality of the information that is received, stored, and utilized by EBI is an ever-present focus within all aspects of our company and we understand the critical nature of the information that our clients place within our care. For this reason, EBI is an ISO27001:2005 Certified company. In this section, we have provided an outline of some of the key areas that our Information Technology and Security Procedures addresses.
Employment Background Investigations, Inc. (EBI) is certified and registered in accordance with ISO/IEC 27001:2005. EBI has developed, implemented and maintains an Information Security Management System (ISMS) which governs the processing, storage, handling, and privacy of personally identifiable information (PII) in EBI's care at our headquarters in Owings Mills, MD in both the Background Screening and Occupational Healthcare divisions. Learn More>>
Providing the industry's most cutting edge technology is not enough unless it is secured! Rest assured that our entire technology platform is housed in a redundant and fortified infrastructure featuring both daunting security protocols and 128 encryption digital solutions certified by Verizon Cybertrust® Security.
EBI employs a Senior Manager of Information Technology to maintain our documented Information Technology and Security Procedures which covers all areas of our infrastructure and related security.
- We employ a knowledgeable, well trained IT Department which is responsible for establishing, documenting, distributing, reviewing, and updating information security policies and procedures.
- Prior to becoming an employee at EBI, all potential staff members must pass a comprehensive pre-employment background check. On-going background checks are conducted on all personnel.
- EBI requires all staff members to execute confidentiality agreements.
- EBI mandates documented orientation and ongoing training to all staff members related to information technology and security procedures.
- Strict security protocols are mandated for access to EBI’s electronic data-systems and physical infrastructure both for internal and external staff members and partners.
- All staff members are required to carry an electronic identification badge which must be used to access our operations center along with secured areas of our facility. Access to secured areas is based on job duties and security levels.
- All remote staff members are required to undergo additional training, follow enhanced security protocols, and additional authentication to access our systems. Access to any Personally Identifiable Information (PII) is restricted.
- It is EBI’s strict policy for staff members not to receive or disseminate Personally Identifiable Information (PII) over unsecured means.
- Access to confidential information, including PII, is based on job position. Staff members in positions that do not require the need or use of PII to complete a background check component are restricted from viewing and accessing confidential information.
- EBI’s physical infrastructure is secured through limited access and time-release locks along with surveillance cameras throughout the location.
- Our operations center is secured by an alarm system and monitored outside of business hours by a third-party surveillance/security firm which will deploy local authorities upon intrusion.
- All outside parties, contractors, and visitors must sign-in and follow our visitor security protocols. Access is restricted based on the reason for the visit.
- EBI maintains a strict password policy and electronic systems time-out policy to limit access and browsing of confidential information.
- We mandate strict policies on Internet use and electronically restrict access to certain websites.
- We incorporate the use of enterprise-wide virus and intrusion detection hardware and software to monitor and safeguard our electronic infrastructure.
- During onboarding procedures, all clients must go through a series of vetting and qualification procedures along with an on-site physical inspection, when necessary, before their account can be officially opened and they are granted access to EBI’s systems.
- EBI requires all clients to execute comprehensive agreements to ensure they meet all security, hardware, and system access protocols.
- We vet all vendors and require comprehensive agreements and security protocols to be met before system access is granted to outside parties.
- EBI follows strict system procedures to maintain computer hardware and software to EBI’s standards.
- EBI mandates stringent protocols for handling hardcopy documentation which contains PII and any means of confidential information. We incorporate strict procedures for secured on-site storage.
- Documents stored outside of the main office location are housed in a gated, surveillance-monitored facility with limited electronic access.
- All confidential documents requiring removal are shredded using a professional destruction company. The documents are placed in locked receptacles located strategically throughout the office.
- EBI mandates a strict policy on data backup and recovery procedures along with incorporating a third-party firm to secure our data.
- EBI maintains a comprehensive security breach policy to minimize data risk and to notify clients, consumers, and partners of a data breach.
- Our disaster recovery plan encompasses a third-party secured co-location data center.