Programs and Certifications
BIG has pursued and obtained widely recognized certifications for our processes and systems that ensure we meet client requirements in the areas of quality, security and technology.
Financial Industry Regulatory Authority
BIG offers Livescan fingerprinting to FINRA-registered firms through our nationwide collection site network. We also offer Disclosure Monitoring Services, which allow firms to periodically screen employees and registered representatives to identify changes to credit history or criminal records.
Nationwide Mortgage Licensing System & Registry
Through our sister company, Fieldprint, we have an exclusive contract to process NMLS fingerprints, which are collected for FBI national criminal history checks as part of the licensing process. Fieldprint’s large national fingerprint collection network, state-of-the-art Store and Forward System and back-office capabilities played a key role in the NMLS selecting Fieldprint to manage this process. Fingerprints are channeled from Fieldprint through NMLS to the FBI.
Independent Producer Clearinghouse
BIG helped found the Independent Producer Clearinghouse (IPC) and has an exclusive, cooperative information-sharing agreement with LL Global (formerly LIMRA), which is provided through the IPC. The Clearinghouse provides compliance services (including background checks on producers) on a cost-sharing basis to insurance companies that use independent producer distribution systems.
ISO 9001:2015 Quality Management
BIG was one of the first and remains one of the few companies in the applicant screening industry to receive ISO 9001:2015 Quality Management System certification. This certification means our processes contain systematic quality controls to ensure applicant screening quality requirements, such as turnaround time, accuracy and completeness, are met in every service we provide. It also provides established procedures and systems to evaluate risk, plan, and manage and overall Quality Management System. We must pass annual audits by a third-party management system registrar to maintain our certification.
Within the ISO 9001:2015 quality management framework, all of BIG’s processes are consistently carried out in support of our mission to exceed client expectations in the principal areas of quality, user-friendliness, efficiency, service-orientation and timeliness. We document these quality system initiatives in our formal Quality Manual and in individual operations process flowcharts and work instructions.
BIG accomplishes proactive, self-identified quality improvement through random and regular audits of both our departments and our processes, conducted by both a dedicated internal quality audit team and employees specially trained to serve as internal auditors for other departments. Input is also collected from client surveys, customer service inquiries and other client interactions.
ISO/IEC 27001:2013 Information Security Management System Certification
Our ISO/IEC 27001:2013 Information Security Management System certification specifies the requirements for establishing, implementing, maintaining and continually improving the information security management system within our organization. The information security management system preserves the confidentiality, integrity and availability of information by applying a risk management process, giving our stakeholders confidence that risks have been adequately managed.
ISO/IEC 27701:2019 Standard CertificationISO 27701 Certification
ISO 27701 certification indicates that a company has implemented a comprehensive and internationally recognized framework for managing privacy information. It signifies a robust commitment to protecting personal and sensitive data’s confidentiality, integrity, and availability. By aligning with ISO 27701 standards, Business Information Group has provided clear processes for data handling, risk assessment, and continuous improvement, fostering a culture of privacy-conscious practices. This certification ensures legal and regulatory compliance, builds trust among our customers and partners, and showcases our proactive stance in addressing privacy concerns, especially in an industry where safeguarding personal information is paramount.
BIG is accredited by the Background Screening Credentialing Council (BSCC). The Professional Background Screening Association (formerly NAPBS) administers the BSCC and its Background Screening Agency Accreditation Program (BSAAP). The BSCC accreditation represents a background screening firm’s commitment to excellence, accountability, high professional standards and continual improvement. To become BSCC accredited, background screening firms must pass a rigorous onsite audit, conducted by an independent auditing firm, of its policies and procedures in six critical areas: consumer protection, legal compliance, client education, product standards, service standards and general business practices.
SOC 2 Type 2http://www.aicpa.org/soc
BIG successfully completed SOC 2 (formerly SAS 70, SOC 1/SSAE16 Type I and Type II) audits of its IT processing and control environment. These audit reports are performed using the AICPA Guide: Reporting on Controls at a Service Organizations Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy and are intended for use by our stakeholders to provide a thorough understanding of our organization and its internal controls. In 2014, we upgraded from our SSAE 16 Type I and Type II audits to the current SOC 2.
Verizon Cybertrust Security
The security of BIG’s information technology solutions and systems has achieved enterprise certification from Verizon Cybertrust Security, a leading provider of intelligent risk management products and services.
Verizon Cybertrust Security certification validates that we use time-tested security processes and technologies to maintain a proactive, comprehensive and continuous information security risk management program. The certification ensures our systems’ integrity in the areas of electronic threats and vulnerabilities, malicious code, privacy, human factors, physical environment and downtime. It also confirms our use of widely recognized and accepted measures to secure our environment.
To achieve certification, we implemented a comprehensive set of Verizon-defined security controls, procedures and policies that are examined, measured and validated by Verizon. Regular reviews, assessments and inspections by Verizon ensure that recommended controls and safeguards are kept current to address changing security needs.
HR Open Standards
BIG’s technology solutions have been awarded HR Open Standards Certification by the HR Open Standards Consortium, an independent, non-profit and vendor-neutral organization. This certification confirms our software and services use the data exchange standards developed by the Consortium, and signals our technology leadership and readiness to integrate flexibly and opportunistically with customers and partners.
Seeking out HR Open Standards Certified vendors allows employers to reduce the amount of expensive customization required to make implementations of HR solutions productive. Open Standards-based standards also enable integration of data across systems in real time.
Authorized by USCIS, BIG is a qualified E-Verify Employer Agent authorized to administer all aspects of the E-Verify process on behalf of our clients. E-Verify is a federal program that allows employers to compare the information provided by new hires on their I-9 forms to Department of Homeland Security and Social Security Administration databases to determine their employment eligibility.
BIG is Payment Card Industry Data Security Standard (PCI DSS) compliant as a Level 4 merchant. The PCI security standards were devised by the major credit card companies and are incorporated into each of their data security compliance programs. Our quarterly PCI network scans are performed by SecurityMetrics.
FISMA Readiness Assessment
Through our parent company Vertical Screen, BIG completed an assessment to ensure that we have the essential security controls, policies and procedures in place to support the requirements of the Federal Information System Management Act (FISMA). FISMA is a federal law that requires U.S. federal agencies and their partners to procure information systems and services only from organizations that adhere to the specific requirements mandated by FISMA.
An independent auditor that specializes in government system risk assessments conducted an examination of our policy and procedures, as well as an observation of processes, sampling of evidence and interviews with subject matter experts. Based on the results of the assessment, we received a letter of recommendation that firmly positions us to obtain an Authority To Operate (ATO) if required by a sponsoring agency.
Our sister company, Fieldprint is authorized as a private FBI channeler, making us one of the few firms in the world authorized to submit fingerprints to, and receive FBI Criminal History Records Information (CHRI) from, the FBI. Fieldprint’s private channeling capabilities allow BIG to offer (with FBI approval) direct access to the FBI, with no channeling agency or other intermediary required.
FBI Appendix F
Our fingerprinting station system is FBI Appendix F-certified, confirming that it has been tested and found to be in compliance with the FBI’s Next Generation Identification (NGI) System Image Quality Specifications and Integrated Automated Fingerprint Identification System (IAFIS) Image Quality Specifications (IQS). The review of the test data was conducted by the Technology Evaluation Standards Test Unit, a part of the Biometric Center of Excellence led by the Criminal Justice Information Services Division.
HITRUST i1 Certificationhttps://hitrustalliance.net/
HITRUST Implemented, 1-year (i1) Certified status demonstrates that BIG is appropriately managing risk through key information security controls and good cybersecurity hygiene within our assessed platforms and facilities. With this achievement, BIG joins an exclusive group of organizations that have earned HITRUST i1 Certification. Through alignment with and incorporation of best practices, and by leveraging the latest threat intelligence to maintain applicability with information security risks and emerging cyber threats, the HITRUST Implemented, 1-year (i1) Validated Assessment with Certification helps organizations address cybersecurity challenges and remain cyber resilient over time.
Shared Assessments Program
As a Shared Assessments Program member, BIG gains opportunities to deepen our risk management expertise, including cross-industry working groups that discuss regulatory climate, including ISO 27001:2013 & 27002:2013, HIPAA/HITECH and the NIST Cybersecurity Framework.
Shared Assessments members are national and international organizations of all sizes that understand the importance of comprehensive standards for managing third party risk. They include financial institutions, healthcare organizations, energy/utility, retailers and telecommunications companies. They are service providers of all sizes, consulting companies, and assessment firms. They are the best in their class, members of a global community of vendor risk management professionals who understand the value of implementing efficient and effective industry-standard practices.
Medical Review Officer Certification
All BIG MROs are certified by the Medical Review Officer Certification Council (MROCC) and/or the American Association of Medical Review Officers (AAMRO), which are both nationally recognized boards with reputations for setting the standard for training of MRO professionals. Our MROs not only have specialized industry knowledge and skills proficiency, but also are well-versed in industry issues such as compliance and emerging testing techniques.
Center for Internet Security Member
Through our parent company Vertical Screen, Inc., BIG is a member of the Center for Internet Security, a nonprofit organization that serves a community of organizations and individuals seeking actionable security resources. As part of this community, we have access to consensus security configuration benchmarks, software, metrics and discussion forums where we are an integral stakeholder in collaborating on security best practices. We leverage these resources and best practices to measure and improve our organization’s security posture.
We cannot express enough how much we have enjoyed working with BIG! It has really benefitted our processing and ease of doing business!
I enjoy collaborating with BIG, and know that if I have to reach out with a question/concern, a positive attitude with a willingness to find resolve is on the other side of an email or a phone call.
You have been the most professional and most helpful business partner that I have ever been associated with — always there to assist us and with rapid turnaround times.
I am confident whenever we add a product with your company that I will have a good experience.
We have received superior service and we know this is what you and your team strive for. We are grateful for the dedication, level of professionalism and effort shown.