Background Check Policy
Background Check Policy template for hiring and re-screening workflows, covering authorization, disclosure, adverse action, and record retention. Use it to standardize FCRA-compliant checks and reduce inconsistent hiring decisions.
Trusted by frontline teams 15 years of frontline software AI customization in seconds
Built for: Healthcare · Financial Services · Retail · Transportation · Staffing And Recruiting
Overview
This Background Check Policy template sets the rules for when your organization may request an employment background check, what disclosures and authorizations are required, how results are reviewed, and how adverse action is handled. It is meant for HR teams that need a repeatable policy for pre-employment screening, promotion screening, or limited re-screening of employees in sensitive roles.
The template is useful when you want one standard process across recruiters, hiring managers, and vendors, especially if you use a consumer reporting agency and need to align with FCRA notice and record-retention steps. It also helps you define role-based screening criteria, approval authority, and exception handling so decisions are documented instead of improvised.
Use this template when background checks are part of your hiring or internal transfer process and you need to show that the process is consistent, job-related, and properly documented. Do not use it as-is if your company hires outside the United States, if you need a separate policy for criminal history review, or if your state or city imposes stricter timing, consent, or individualized assessment rules. It is also not a substitute for vendor agreements, candidate notices, or a separate data retention schedule. Those pieces should be aligned before rollout.
Standards & compliance context
- The policy should align with the FCRA for disclosure, authorization, pre-adverse action, adverse action, and consumer report handling.
- If screening criteria touch protected classes or disparate impact risk, review the process under Title VII and EEOC guidance before rollout.
- If the policy is used for roles involving disability-related inquiries or medical information, keep it separate from ADA medical screening rules and the interactive process.
- If background information is used in leave, discipline, or employment-status decisions, confirm the process does not conflict with FMLA, FLSA, or ADEA protections.
- State and local laws may add ban-the-box timing, credit check limits, salary history restrictions, or individualized assessment requirements, so add jurisdiction-specific carve-outs.
- If candidate data is stored in HR systems or shared with vendors, apply GDPR or CCPA-style privacy controls where those laws are applicable.
General regulatory context for orientation only — verify current requirements with counsel or the relevant agency before relying on this template for compliance.
What's inside this template
Purpose
Explains why the policy exists and what risk it is meant to control.
-
This policy establishes the rules for obtaining and using employment background checks in a manner that is fair, job-related, and compliant with the **Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 et seq.** It also supports compliance with EEOC guidance, applicable state fair-chance laws, and any jurisdiction-specific notice or waiting-period requirements.
Scope
Defines which workers, applicants, locations, and screening events the policy applies to.
-
This policy applies to all U.S. applicants, interns, contingent workers, and employees when the Company requests a consumer report or investigative consumer report for employment purposes. **California employees:** screening and notice practices must also be reviewed for compliance with California’s fair chance and privacy requirements. **New York employees:** any applicable state and local fair-chance rules must be followed. **Illinois employees:** screening must not conflict with state anti-discrimination and privacy requirements.
Definitions
Clarifies key terms such as consumer report, adverse action, authorization, and consumer reporting agency.
-
Key terms used in this policy are defined in the **Definitions** section above. Additional terms may be defined in the applicable background check authorization, disclosure, or adverse action notices provided to the individual.
Policy Statement
States the organization’s rules for when checks may be used and the standards that govern them.
-
The Company may conduct background checks only when the screening is job-related, consistent with business necessity, and approved for the applicable role. Background checks may include identity verification, employment verification, education verification, criminal history, motor vehicle records, professional license verification, and other lawful checks relevant to the position. The Company will not use background information in a way that unlawfully discriminates on the basis of race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, disability, or genetic information.
Procedure
Lays out the step-by-step workflow for disclosure, authorization, review, notice, and retention.
-
1. **Pre-screen approval:** HR or the designated policy holder confirms the screening type is permitted for the role and jurisdiction. 2. **Standalone disclosure and authorization:** Before ordering a consumer report, the individual must receive a clear, standalone FCRA disclosure and provide written authorization. 3. **Vendor engagement:** The Company may use only approved consumer reporting agencies that contractually agree to maintain confidentiality, security, and lawful reporting practices. 4. **Review of results:** HR and the hiring manager may review results only to the extent necessary to determine job-related suitability. 5. **Good-faith individualized assessment:** Before any adverse action based on criminal history or other potentially disqualifying information, the Company will conduct a good-faith review of the information, the job duties, and any applicable legal requirements. 6. **Pre-adverse action notice:** If the Company is considering adverse action, it will provide the required pre-adverse action notice, a copy of the report, and a summary of FCRA rights, and allow a reasonable period for response where required by law or company practice. 7. **Final adverse action notice:** After the review period, if the Company proceeds, it will issue the final adverse action notice identifying the CRA and required contact information. 8. **Record retention:** Screening authorizations, disclosures, notices, and related decision records will be retained securely for the period required by law or company retention schedule, whichever is longer.
Roles & Responsibilities
Assigns ownership so HR, managers, legal, and vendors know who does what.
-
**HR / Talent Acquisition:** administer disclosures, collect authorizations, coordinate with the CRA, and maintain records. **Hiring Manager:** evaluate only job-related criteria and avoid unauthorized use of background information. **Compliance Officer / Legal:** review jurisdiction-specific requirements, adverse action language, and vendor agreements. **Policy holder:** owns this policy, approves exceptions, and ensures annual review. **Consumer Reporting Agency:** provide accurate reports, required notices, and dispute handling information as contractually required.
Compliance and Discipline
Describes how violations are handled and what corrective action applies when the process is not followed.
-
Failure to follow this policy may result in disciplinary action, up to and including termination of employment, and may also expose the Company to regulatory, civil, or contractual liability. Any employee who bypasses required disclosures, authorizations, or adverse action steps may be subject to a documented warning, retraining, removal from hiring responsibilities, or a PIP, depending on the severity and impact of the violation.
Exceptions
Provides a controlled path for approving rare deviations from the standard screening process.
-
Any exception to this policy must be approved in writing by HR and Legal before a report is requested or a hiring decision is made. Exceptions may not be used to bypass FCRA notice, authorization, or adverse action requirements. Jurisdiction-specific rules, including state fair-chance laws, must always be followed.
Review and Revision
Sets the cadence for updating the policy and recording version control.
-
This policy will be reviewed at least annually and whenever the FCRA, EEOC guidance, or applicable state or local law changes. The policy holder is responsible for updating forms, vendor requirements, retention periods, and adverse action templates as needed.
How to use this template
- 1. Fill in the effective_date, version, review_frequency, applicable_jurisdictions, and applicable_roles fields before publishing the policy.
- 2. Define which positions require a background check, which checks are permitted for each role, and who has authority to approve exceptions.
- 3. Insert your disclosure, authorization, pre-adverse action, and adverse action workflow so HR and recruiters follow the same sequence every time.
- 4. Assign ownership for vendor coordination, candidate communication, record retention, and escalation of disputed or incomplete reports.
- 5. Review the policy against state and local screening laws, then train hiring managers and recruiters on the exact steps they must not skip.
- 6. Revisit the policy annually and after any legal, vendor, or hiring-process change, then document the revision history.
Best practices
- Keep the background check disclosure separate from the application and other employment terms.
- Use role-based screening criteria tied to job duties, access level, or regulatory need rather than a one-size-fits-all list.
- Document every exception with the reason, approver, and date so the file shows a good-faith decision trail.
- Send pre-adverse action materials before any final denial based on a consumer report and allow time for candidate response.
- Retain authorization forms, notices, and decision records according to your retention schedule and legal hold process.
- Train recruiters and managers not to discuss criminal history, credit history, or report details outside the approved workflow.
- Coordinate the policy with your privacy notice and data-handling rules so candidate information is stored and shared on a need-to-know basis.
What this template typically catches
Issues teams running this template most often surface in practice:
Common use cases
Frequently asked questions
What does this Background Check Policy template cover?
It covers the core steps of an employment screening program: when background checks may be used, how to obtain authorization and disclosure, how to handle adverse action, and how long to retain records. It is written for HR policy use, not as a vendor contract or a candidate-facing notice. The template also helps define who approves checks and how exceptions are documented.
When should we use a background check policy instead of ad hoc screening?
Use this policy before you start screening candidates or when your current process is inconsistent across roles, locations, or recruiters. It is especially useful if multiple managers request different checks, or if you need a single standard for pre-employment, promotion, or re-screening. Ad hoc screening creates risk because it can lead to uneven treatment and missed FCRA steps.
Who should own this policy internally?
HR or Talent Acquisition usually owns the policy, with legal review and input from compliance, security, and operations. If a third-party consumer reporting agency is involved, the policy should also align with the vendor workflow and any internal approval gates. Managers should follow the policy, but they should not improvise screening criteria on their own.
Does this template address FCRA requirements?
Yes, it is designed around the Fair Credit Reporting Act workflow for employment background checks. That includes standalone disclosure and authorization, pre-adverse action notice, adverse action notice, and retention of supporting records. You should still confirm state law overlays and local notice rules before rollout.
What state law issues should we check before using it?
Background check rules often vary by state and city, especially around salary history bans, ban-the-box timing, credit check limits, and notice requirements. California, New York, Illinois, and other jurisdictions may add stricter consent, timing, or individualized assessment rules. This template should be customized to the jurisdictions where you hire and where candidates work.
How often should this policy be reviewed?
Review it at least annually and any time your screening vendor, hiring process, or applicable law changes. Annual review is important because background check requirements can shift with state and local updates, and because your internal process may change as roles expand. Document the effective date and version each time you revise it.
What are the most common mistakes this policy helps prevent?
Common mistakes include combining the disclosure with other hiring language, skipping written authorization, sending adverse action notices too late, and failing to keep records long enough. Another frequent issue is applying different screening standards to similar candidates without a documented business reason. This template gives you a place to standardize those steps.
Can this policy be customized for different roles or countries?
Yes, but role-based differences should be explicit and tied to business necessity, such as checks for drivers, finance roles, or positions with access to sensitive data. For non-U.S. hiring, you should not rely on FCRA language alone because local privacy and employment laws may differ significantly. Add jurisdiction-specific carve-outs and separate procedures where needed.
Related templates
Ready to use this template?
Get started with MangoApps and use Background Check Policy with your team — pricing built for small business.
