Each year, millions of background screening reports, which are categorized as consumer reports, are requested by U.S. employers, organizations and government agencies to assist with critical business decisions. Since these reports are regulated at both the federal and state level, PBSA® recognized the need for a singular cohesive industry standard, creating the BSAAP as a result.
To become accredited, a Consumer Reporting Agency (CRA) must pass a rigorous onsite audit, conducted by an independent auditing firm, of its policies and procedures as they relate to the following critical areas of the BSAAP:
Section 1: Consumer Protection
Includes standards for: Information Security Policy; Data Security; Intrusion, Detection and Response; Stored Data Security; Password Protocol; Electronic Access Control; Physical Security; Consumer Information Privacy Policy; Unauthorized Browsing; Record Destruction; Consumer Disputes; Sensitive Data Masking; and Database Criminal Reports.
Section 2: Legal Compliance
Includes standards for: Designated Compliance Person(s); State Consumer Reporting Laws; Driver Privacy Protection Act (DPPA); State Implemented DPPA Compliance; Integrity; Prescribed Notices; and Certification from Client.
Section 3: Client Education
Includes standards for: Client Legal Responsibilities; Client Required Documents; Truth in Advertising; Adverse Action; Legal Counsel; Understanding Consumer Reports; and Information Protection.
Section 4: Researcher and Data Product Standards
Includes standards for: Public Record Researcher Agreement; Vetting Requirement; Public Record Researcher Certification; Errors and Omissions Coverage; Information Security; Auditing Procedures; Identification Confirmation; and Jurisdictional Knowledge.
Section 5: Service Standards
Includes standards for: Verification Accuracy; Current Employment; Diploma Mills; Procedural Disclosures; Verification Databases; Use of Stored Data; Documentation of Verification Attempts; Outsourced Verification Services; Conflicting Data; Professional Conduct; and Authorized Recipient.
Section 6: Business Practices
Includes standards for: Character, Insurance; Client Credentialing; Vendor Credentialing; Consumer Credentialing; Document Management; Employee Certification; Worker Training; Visitor Security; Employee Criminal History; Quality Assurance; and Certification.