Conduct employee background / reference checks (store interview and background checks / reference call summaries in Google Drive, folder per employee)

One crucial aspect of SOC2 compliance is conducting thorough employee background and reference checks. In this guide, we'll explore the importance of SOC 2 compliance, its impact on customer trust, and provide a detailed step-by-step manual on conducting employee background and reference checks.

SOC 2 is a framework designed to ensure that companies handle data securely and have the necessary controls in place to protect sensitive information. One crucial aspect of SOC2 compliance is conducting thorough employee background and reference checks. In this guide, we'll delve into the significance of employee checks, provide real-world examples, and offer a detailed step-by-step manual for storing interview and background check information securely.

Importance of Employee Background and Reference Checks

Protection of Sensitive Information:

Example: Consider a scenario where a startup employee with a history of data breaches gains access to client information. Conducting background checks helps identify such risks and protect sensitive data.

Customer Trust and Reputation:

Example: A major client decides to partner with your startup, largely influenced by your commitment to data security. A security breach due to unvetted employees could severely damage your reputation and erode trust.

Legal and Regulatory Compliance:

Example: Failure to perform adequate background checks might lead to non-compliance with data protection laws, resulting in legal consequences and financial penalties.

Step-by-Step Manual: Conducting Employee Background and Reference Checks

Step 1: Establish a Structured Process
  • Define the roles requiring background checks.
  • Clearly outline the information to be collected during the background check.

Step 2: Choose a Reliable Background Check Provider
  • Research and select a reputable background check provider.
  • Ensure the provider complies with relevant laws and regulations.

Step 3: Obtain Consent
  • Obtain written consent from employees before conducting background checks.
  • Clearly communicate the purpose, scope, and methods of the check.

Step 4: Gather Necessary Information
  • Collect essential information, such as past employment history, criminal records, and educational background.
  • Verify the accuracy of the information provided by the candidate.

Step 5: Reference Checks
  • Contact previous employers to verify employment history and performance.
  • Speak with personal references to gain insights into the candidate's character and work ethic.

Step 6: Document the Process
  • Create a standardized template for interview and background check summaries.
  • Record details of the interview, background check findings, and reference calls.

Step 7: Store Information Securely
  • Create a dedicated folder in Google Drive for each employee.
  • Encrypt sensitive information and limit access to authorized personnel.

Step 8: Regularly Update Employee Records
  • Conduct periodic reviews of employee records.
  • Update information as necessary, especially in the case of promotions or role changes.

Step 9: Establish a Retention Policy
  • Define a policy for retaining background check information.
  • Comply with legal requirements and ensure secure disposal of outdated records.

Step 10: Periodic Audits
  • Conduct regular audits to ensure ongoing compliance with background check procedures.
  • Adjust processes based on audit findings to enhance effectiveness.


Conducting thorough background/reference checks and documenting the process is a critical step toward achieving SOC 2 compliance. By following this manual, startups can not only enhance their security posture but also build trust with corporate customers, paving the way for sustainable growth and success in the market. Remember, security is not just a checkbox; it's an ongoing commitment to protecting your organization and the data entrusted to you by your customers.

Achieve SOC2 Compliance

We make your startup SOC2 compliant by implementing and managing the required security controls for you.

Get Started