Programs and Certifications
BIG has pursued and obtained widely recognized certifications for our processes and systems that ensure we meet client requirements in the areas of quality, security and technology.
Financial Industry Regulatory Authority
BIG offers Livescan fingerprinting to FINRA-registered firms through our nationwide collection site network. We also offer Disclosure Monitoring Services, which allow firms to periodically screen employees and registered representatives to identify changes to credit history or criminal records.
Nationwide Mortgage Licensing System & Registry
Through our sister company, Fieldprint, we have an exclusive contract to process NMLS fingerprints, which are collected for FBI national criminal history checks as part of the licensing process. Fieldprint’s large national fingerprint collection network, state-of-the-art Store and Forward System and back-office capabilities played a key role in the NMLS selecting Fieldprint to manage this process. Fingerprints are channeled from Fieldprint through NMLS to the FBI.
Independent Producer Clearinghouse
BIG helped found the Independent Producer Clearinghouse (IPC) and has an exclusive, cooperative information-sharing agreement with LL Global (formerly LIMRA), which is provided through the IPC. The Clearinghouse provides compliance services (including background checks on producers) on a cost-sharing basis to insurance companies that use independent producer distribution systems.
ISO 9001:2015 Quality Management
BIG was one of the first and remains one of the few companies in the applicant screening industry to receive ISO 9001:2015 Quality Management System certification. This certification means our processes contain systematic quality controls to ensure applicant screening quality requirements, such as turnaround time, accuracy and completeness, are met in every service we provide. It also provides established procedures and systems to evaluate risk, plan, and manage and overall Quality Management System. We must pass annual audits by a third-party management system registrar to maintain our certification.
Within the ISO 9001:2015 quality management framework, all of BIG’s processes are consistently carried out in support of our mission to exceed client expectations in the principal areas of quality, user-friendliness, efficiency, service-orientation and timeliness. We document these quality system initiatives in our formal Quality Manual and in individual operations process flowcharts and work instructions.
BIG accomplishes proactive, self-identified quality improvement through random and regular audits of both our departments and our processes, conducted by both a dedicated internal quality audit team and employees specially trained to serve as internal auditors for other departments. Input is also collected from client surveys, customer service inquiries and other client interactions.
ISO/IEC 27001:2013 Information Security Management System Certification
Our ISO/IEC 27001:2013 Information Security Management System certification specifies the requirements for establishing, implementing, maintaining and continually improving the information security management system within our organization. The information security management system preserves the confidentiality, integrity and availability of information by applying a risk management process, giving our stakeholders confidence that risks have been adequately managed.
BIG is accredited by the Background Screening Credentialing Council (BSCC). The National Association of Professional Background Screeners (NAPBS) administers the BSCC and its Background Screening Agency Accreditation Program (BSAAP). The BSCC accreditation represents a background screening firm’s commitment to excellence, accountability, high professional standards and continual improvement. To become BSCC accredited, background screening firms must pass a rigorous onsite audit, conducted by an independent auditing firm, of its policies and procedures in six critical areas: consumer protection, legal compliance, client education, product standards, service standards and general business practices.
SOC 2 Type 2http://www.aicpa.org/soc
BIG successfully completed SOC 2 (formerly SAS 70, SOC 1/SSAE16 Type I and Type II) audits of its IT processing and control environment. These audit reports are performed using the AICPA Guide: Reporting on Controls at a Service Organizations Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy and are intended for use by our stakeholders to provide a thorough understanding of our organization and its internal controls. In 2014, we upgraded from our SSAE 16 Type I and Type II audits to the current SOC 2.
Verizon Cybertrust Security
The security of BIG’s information technology solutions and systems has achieved enterprise certification from Verizon Cybertrust Security, a leading provider of intelligent risk management products and services.
Verizon Cybertrust Security certification validates that we use time-tested security processes and technologies to maintain a proactive, comprehensive and continuous information security risk management program. The certification ensures our systems’ integrity in the areas of electronic threats and vulnerabilities, malicious code, privacy, human factors, physical environment and downtime. It also confirms our use of widely recognized and accepted measures to secure our environment.
To achieve certification, we implemented a comprehensive set of Verizon-defined security controls, procedures and policies that are examined, measured and validated by Verizon. Regular reviews, assessments and inspections by Verizon ensure that recommended controls and safeguards are kept current to address changing security needs.
Experian Independent 3rd Party Assessment
After an extensive third-party assessment process, BIG was deemed compliant with Experian’s Independent 3rd Party Assessment (EI3PA). This annual information security assessment is required by Experian, which is one of the three major U.S. credit bureaus. To achieve EI3PA compliance, BIG’s information security systems and procedures were evaluated by an independent assessor, according to strict guidelines provided by Experian.
The EI3PA designation allows BIG to offer a full suite of Experian products to its clients, including credit reports and other consumer data used in the employment screening process.
Please note that Experian reserves the right to revise the EI3PA program requirements and other Experian security policies and procedures at any time. NOTWITHSTANDING THE FOREGOING, EXPERIAN MAKES NO REPRESENTATIONS, WARRANTIES, OR GUARANTEES WITH RESPECT TO ANY SYSTEMS OR INFORMATION SECURITY PROGRAMS INCLUDED IN ANY EXPERIAN INDEPENDENT 3RD PARTY ASSESSMENT, AND EXPERIAN SHALL NOT BE LIABLE FOR THE SECURITY OR PERFORMANCE OF ANY SUCH SYSTEMS OR PROGRAMS, OR FOR ANY MATTERS RELATED THERETO.”
HR Open Standards
BIG’s technology solutions have been awarded HR Open Standards Certification by the HR Open Standards Consortium, an independent, non-profit and vendor-neutral organization. This certification confirms our software and services use the data exchange standards developed by the Consortium, and signals our technology leadership and readiness to integrate flexibly and opportunistically with customers and partners.
Seeking out HR Open Standards Certified vendors allows employers to reduce the amount of expensive customization required to make implementations of HR solutions productive. Open Standards-based standards also enable integration of data across systems in real time.
Authorized by USCIS, BIG is a qualified E-Verify Employer Agent authorized to administer all aspects of the E-Verify process on behalf of our clients. E-Verify is a federal program that allows employers to compare the information provided by new hires on their I-9 forms to Department of Homeland Security and Social Security Administration databases to determine their employment eligibility.
BIG is Payment Card Industry Data Security Standard (PCI DSS) compliant as a Level 4 merchant. The PCI security standards were devised by the major credit card companies and are incorporated into each of their data security compliance programs. Our quarterly PCI network scans are performed by SecurityMetrics.
EU-US Privacy Shield Certification
As part of our global compliance structure, we are a certified EU-US Privacy Shield entity with the U.S. Department of Commerce. By self-certifying our compliance with the privacy principles of Privacy Shield, we are ensuring that any collection, use and retention of any personal information from European Union countries will accord with new EU data protection law requirements. Through this certification, our company subscribes to the Privacy Shield principles of Notice; Choice; Accountability for Onward Transfer; Security, Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement and Liability.
FISMA Readiness Assessment
Through our parent company Vertical Screen, BIG completed an assessment to ensure that we have the essential security controls, policies and procedures in place to support the requirements of the Federal Information System Management Act (FISMA). FISMA is a federal law that requires U.S. federal agencies and their partners to procure information systems and services only from organizations that adhere to the specific requirements mandated by FISMA.
An independent auditor that specializes in government system risk assessments conducted an examination of our policy and procedures, as well as an observation of processes, sampling of evidence and interviews with subject matter experts. Based on the results of the assessment, we received a letter of recommendation that firmly positions us to obtain an Authority To Operate (ATO) if required by a sponsoring agency.
Our sister company, Fieldprint is authorized as a private FBI channeler, making us one of the few firms in the world authorized to submit fingerprints to, and receive FBI Criminal History Records Information (CHRI) from, the FBI. Fieldprint’s private channeling capabilities allow BIG to offer (with FBI approval) direct access to the FBI, with no channeling agency or other intermediary required.
FBI Appendix F
Our fingerprinting station system is FBI Appendix F-certified, confirming that it has been tested and found to be in compliance with the FBI’s Next Generation Identification (NGI) System Image Quality Specifications and Integrated Automated Fingerprint Identification System (IAFIS) Image Quality Specifications (IQS). The review of the test data was conducted by the Technology Evaluation Standards Test Unit, a part of the Biometric Center of Excellence led by the Criminal Justice Information Services Division.
HIPAA Security Compliance Assessment
As a potential business associate of entities required to comply with the Security Final Rule established by the Department of Health and Human Services under the Health Insurance Portability and Accountability Act of 1996, BIG has completed an independent HIPAA Security Compliance Assessment of the security controls in place over our applicant screening services. The assessment was performed by an independent, full-service auditing firm that specializes in conducting HIPAA security compliance assessments. The completion of the HIPAA Security Compliance Assessment demonstrates our commitment to creating and maintaining the controls needed to ensure the quality and security of services provided to our customers.
Shared Assessments Program
As a Shared Assessments Program member, BIG gains opportunities to deepen our risk management expertise, including cross-industry working groups that discuss regulatory climate, including ISO 27001:2013 & 27002:2013, HIPAA/HITECH and the NIST Cybersecurity Framework.
Shared Assessments members are national and international organizations of all sizes that understand the importance of comprehensive standards for managing third party risk. They include financial institutions, healthcare organizations, energy/utility, retailers and telecommunications companies. They are service providers of all sizes, consulting companies, and assessment firms. They are the best in their class, members of a global community of vendor risk management professionals who understand the value of implementing efficient and effective industry-standard practices.
Medical Review Officer Certification
All BIG MROs are certified by the Medical Review Officer Certification Council (MROCC) and/or the American Association of Medical Review Officers (AAMRO), which are both nationally recognized boards with reputations for setting the standard for training of MRO professionals. Our MROs not only have specialized industry knowledge and skills proficiency, but also are well-versed in industry issues such as compliance and emerging testing techniques.
Center for Internet Security Member
Through our parent company Vertical Screen, Inc., BIG is a member of the Center for Internet Security, a nonprofit organization that serves a community of organizations and individuals seeking actionable security resources. As part of this community, we have access to consensus security configuration benchmarks, software, metrics and discussion forums where we are an integral stakeholder in collaborating on security best practices. We leverage these resources and best practices to measure and improve our organization’s security posture.
We cannot express enough how much we have enjoyed working with BIG! It has really benefitted our processing and ease of doing business!
I enjoy collaborating with BIG, and know that if I have to reach out with a question/concern, a positive attitude with a willingness to find resolve is on the other side of an email or a phone call.
You have been the most professional and most helpful business partner that I have ever been associated with — always there to assist us and with rapid turnaround times.
I am confident whenever we add a product with your company that I will have a good experience.
We have received superior service and we know this is what you and your team strive for. We are grateful for the dedication, level of professionalism and effort shown.