compliance

Reference Check Authorization Policy

Reference Check Authorization Policy template for candidate consent, caller verification, and retention rules. Use it to standardize who can request references, what can be shared, and how records are kept.

Fill it now — Free Get Started

Customize with AI → Live preview →

Trusted by frontline teams 15 years of frontline software AI customization in seconds

Built for: Healthcare · Retail · Professional Services · Manufacturing · Staffing And Recruiting

9:41

HR Policies

1 Purpose

2 Scope

3 Policy Statement

4 Procedure

5 Roles & Responsibilities

6 Compliance, Discipline, and Exceptions

7 Review & Revision

Overview

This Reference Check Authorization Policy template sets the rules for obtaining candidate consent, verifying who is making or receiving the call, limiting what can be shared, and retaining reference records. It is built for hiring workflows where HR, recruiters, or managers may contact prior employers or respond to outside reference requests.

Use it when you want a documented process for pre-employment screening, internal reference handling, or post-employment verification. The template is especially useful if multiple people can touch the process, because it defines the approved roles, the required authorization, and the documentation steps that should follow each call. It also gives you a place to add jurisdiction-specific carve-outs for state law and privacy rules.

Do not use it as a substitute for a broader background check policy if you also run criminal, credit, or motor vehicle checks. It is not a performance review template, and it should not be used to collect medical information, protected-class details, or other non-job-related data. If your organization has a separate applicant consent form, this policy should reference it and explain how the authorization is stored and retained.

Standards & compliance context

Align the policy with Title VII, the ADA, and the ADEA by keeping reference questions away from protected-class status, disability, age, religion, sex, pregnancy, and other non-job-related topics.
If reference notes are part of applicant or employee records, coordinate retention and access controls with FLSA, FMLA, and general personnel-file practices, plus any state recordkeeping rules.
For California employees, add privacy and personnel-record handling carve-outs that reflect state law and any applicable CCPA-related data handling obligations.
For multi-state employers, confirm whether state law limits what former employers may disclose or requires a written release before sharing information.
If reference data is stored in HR systems or shared across borders, add GDPR or other local privacy requirements where applicable.

General regulatory context for orientation only — verify current requirements with counsel or the relevant agency before relying on this template for compliance.

What's inside this template

Purpose

Explains why the policy exists and what risk it is meant to control.

This policy establishes a consistent, legally compliant process for conducting employment reference checks. It is intended to ensure that the organization: - obtains candidate consent before contacting references; - verifies the identity and authority of callers and reference providers; - documents reference check activity in a consistent, job-related manner; and - retains and disposes of reference check records according to applicable legal and business requirements. The organization will conduct reference checks in a manner consistent with EEOC guidance on background checks and will avoid inquiries that could create unlawful discrimination risk under Title VII of the Civil Rights Act of 1964.

Scope

Defines which workers, applicants, and reference activities are covered.

This policy applies to all employees, contractors, and third parties who participate in hiring or candidate evaluation, including HR, recruiters, hiring managers, and any external screening vendor acting on the organization's behalf. This policy applies to reference checks conducted for applicants, interns, temporary workers, and other candidates for employment, unless a local law requires a different process. California employees: any collection, use, or retention of candidate information must also be reviewed for compliance with applicable California privacy and employment laws, including the California Consumer Privacy Act (CCPA), as amended.

Policy Statement

States the core rules for consent, disclosure limits, and approved handling.

The organization will not contact a candidate's references until the candidate has provided consent, except where a lawful exception applies and has been approved by HR or Legal. Reference checks must be limited to job-related, consistent, and non-discriminatory questions. Interviewers and reference checkers must not ask about or document information related to protected characteristics under EEOC-enforced laws, including race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, disability, or genetic information. Questions about compensation history or current pay must be handled carefully and only where permitted by law. FLSA considerations and state pay-transparency or salary-history restrictions must be reviewed before any compensation-related inquiry is made. The organization will maintain a documented warning or escalation process if a reference check reveals information that may affect hiring decisions, and any adverse action must be handled through the applicable pre-adverse and adverse notice process when required by law.

Procedure

Shows the exact steps staff must follow from request to documentation and retention.

1. **Obtain candidate consent** - Use the approved authorization form before contacting any reference. - Confirm the candidate understands what information may be requested and how it will be used. - Do not proceed if consent is missing, expired, or limited in a way that does not cover the intended check. 2. **Verify caller identity and authority** - Before releasing information, confirm the caller's name, company, title, and callback information. - Verify that the caller is authorized to receive or provide reference information. - If the caller cannot be verified, stop the process and escalate to HR. 3. **Conduct the reference check** - Use the approved question set and keep questions job-related and consistent across similarly situated candidates. - Document only factual, relevant observations and avoid speculative or subjective language. - Do not ask questions that could elicit protected-class information. 4. **Record the results** - Enter the date, time, reference source, verifier name, and summary of information received. - Mark any concerns for review by the hiring manager and HR. - If the reference check is vendor-managed, ensure the vendor provides a complete record suitable for audit and retention. 5. **Retention and disposal** - Store reference check records in the designated HR or applicant tracking system with access limited to authorized personnel. - Retain records for the period required by applicable law and the organization's retention schedule. - Dispose of records securely when the retention period expires. 6. **Escalation** - Escalate any suspected misrepresentation, adverse reference, or legal concern to HR and Legal before taking action. - If a reference check may influence a final hiring decision, ensure the decision is based on documented, job-related criteria.

Roles & Responsibilities

Assigns ownership so HR, recruiters, and managers know who may act and who approves exceptions.

- **HR / Talent Acquisition:** maintain the approved authorization form, question set, and retention schedule; train hiring teams; and oversee compliance. - **Hiring Managers:** request reference checks only through approved channels and use the results only for job-related hiring decisions. - **Recruiters:** obtain and verify candidate consent, coordinate reference outreach, and document results accurately. - **Legal / Compliance:** review exceptions, state-specific restrictions, and adverse action implications. - **External Vendors:** follow the organization's instructions, confidentiality requirements, and record-handling standards.

Compliance, Discipline, and Exceptions

Sets the enforcement path, escalation rules, and consequences for unauthorized disclosures.

Failure to follow this policy may result in corrective action, up to and including removal of hiring authority, disciplinary action, contract termination, or other remedies permitted by law. Exceptions must be approved in writing by HR and Legal before any deviation from this policy occurs. The organization will apply this policy in a good-faith, consistent manner and will not retaliate against any employee who raises a concern about unlawful reference-check practices. Where a reference check is used in connection with an adverse employment decision, the organization will follow any required pre-adverse action and adverse action procedures under the Fair Credit Reporting Act (FCRA) or applicable state law.

Review & Revision

Keeps the policy current with legal changes, process updates, and jurisdiction-specific requirements.

This policy will be reviewed at least annually and updated as needed to reflect changes in EEOC guidance, FLSA requirements, privacy laws, record-retention rules, and state-specific employment law overlays. Any revisions must be approved by HR and Legal before publication. The policy holder is responsible for maintaining the current version and ensuring that hiring teams are trained on material changes.

How to use this template

1. Fill in the effective_date, version, review_frequency, applicable_jurisdictions, and applicable_roles before publishing the policy.
2. Define who may request references, who may respond to reference requests, and what written candidate authorization is required before any call is made.
3. Add a standard call script or question list in the Procedure section so staff only ask job-related, non-discriminatory questions.
4. Set the documentation workflow for logging caller identity, consent status, date of contact, information disclosed, and any follow-up action.
5. Assign retention and disposal rules for reference notes and authorization records, then train managers and recruiters on the escalation path for exceptions.

Best practices

Require written candidate authorization before contacting a prior employer unless your jurisdiction and process clearly allow a different documented method.
Limit reference questions to job-related facts such as dates of employment, title, duties, eligibility for rehire, and documented performance concerns.
Verify the identity and authority of any caller before disclosing information about a current or former employee.
Keep a consistent script so managers do not improvise answers that could touch on protected-class status, medical issues, or other off-limits topics.
Store reference notes separately from general personnel files when your retention or access controls call for tighter handling.
Escalate any request involving a reasonable accommodation, leave, or medical restriction to HR so the interactive process is not undermined.
Document exceptions in writing and require policy holder approval before any deviation from the standard procedure.

What this template typically catches

Issues teams running this template most often surface in practice:

No documented candidate authorization before the reference call.

Unauthorized managers or supervisors answering reference requests outside the approved process.

Questions that drift into protected-class topics, medical history, leave status, or other non-job-related information.

Missing caller verification, making it impossible to prove who received the information.

Incomplete documentation of what was asked, what was disclosed, and who approved an exception.

Retention periods that are undefined, inconsistent, or longer than the policy allows.

No escalation path when a reference request involves a former employee with a pending complaint, accommodation, or leave issue.

Common use cases

Corporate HR finalist screening

A corporate HR team uses the template to require signed candidate authorization before contacting prior supervisors. The policy also standardizes who may speak for the company and how call notes are stored.

Staffing agency reference workflow

A staffing firm uses the policy to train recruiters on caller verification, approved questions, and documentation for each client search. This helps keep the process consistent across multiple recruiters and client accounts.

Healthcare hiring compliance

A hospital system uses the template to keep reference questions job-related and to route any leave, accommodation, or medical-related issues back to HR. That separation helps protect sensitive information and supports a documented process.

Multi-state retail manager training

A retail employer adapts the policy for state-by-state differences and gives store managers a short script for responding to reference requests. The template helps prevent informal disclosures and uneven practices across locations.

Frequently asked questions

Who should use this reference check authorization policy?

Use this policy if your organization asks for or provides employment references during hiring. It is especially useful for HR, recruiters, hiring managers, and any policy holder who may speak with former employers or verify candidate history. The template helps standardize consent, caller verification, and record retention so reference checks are handled consistently. It also helps reduce the risk of unauthorized disclosures.

Does this template cover both giving and receiving references?

Yes, it can be adapted for both sides of the process. The policy can define when your organization may request references about a candidate and when it may provide references about a current or former employee. It should also specify who is authorized to respond, what information may be shared, and when a written release is required. If you only want one direction covered, you can narrow the scope in the Scope section.

How often should this policy be reviewed?

Review it at least annually, and sooner if your hiring workflow, retention practices, or state law changes. A yearly review helps keep the policy aligned with current consent forms, verification steps, and document retention rules. If you operate in multiple states, review jurisdiction-specific carve-outs whenever you expand into a new location. The Review & Revision section should name the effective_date, version, and review_frequency.

Who should run the reference check process?

HR or recruiting should usually own the process, with hiring managers involved only if the policy allows it. The template should identify the applicable_roles that may request a reference, verify a caller, or document the outcome. Limiting the process to trained staff reduces inconsistent questions and unauthorized disclosures. It also makes it easier to audit who accessed the information.

What legal issues does this policy help address?

This template supports privacy, defamation-risk reduction, and consistent hiring practices. It should be aligned with Title VII, ADA, ADEA, and EEOC guidance so reference questions do not drift into protected-class topics or medical inquiries. If your process touches employee records or applicant data, add GDPR or CCPA handling where applicable. State law may also affect what former employers can disclose and how releases are documented.

What are the most common mistakes in reference checks?

Common mistakes include skipping candidate authorization, letting unauthorized managers answer calls, and asking questions that are not job-related. Another frequent issue is failing to document who called, what was verified, and what was disclosed. Some employers also keep reference notes longer than their retention schedule allows. This template gives you a place to define the procedure and the retention rules up front.

Can this policy be customized for different states or countries?

Yes, and it should be. The template is designed to let you add jurisdiction-specific carve-outs for states with different privacy, recordkeeping, or employment-reference rules. If you operate outside the United States, you can add local consent and data-handling requirements in the Policy Statement and Compliance sections. Keep the core process consistent, then layer in local rules where needed.

How does this compare to handling references ad hoc?

An ad hoc process often leads to inconsistent answers, missing consent, and weak documentation. This template gives you a repeatable workflow for authorization, caller verification, approved questions, and retention. That makes it easier to train staff and defend the process if a dispute arises. It also reduces the chance that a manager shares information outside the policy.

Related templates

Hr Policy

Anti-Harassment & Anti-Discrimination Policy

Anti-Harassment & Anti-Discrimination Policy template for defining prohibited conduct, reporting ...

Hr Policy

Code of Conduct

A Code of Conduct policy that defines expected behavior, reporting channels, and discipline for v...

Forms

Customer Feedback Survey

Capture post-interaction customer feedback on overall satisfaction, specific touchpoints, and ope...

Inspections

Forklift Daily Pre-Shift Inspection

Forklift Daily Pre-Shift Inspection template for recording pre-use checks, defects, and out-of-se...

Sop

Cash Drawer Open & Count

Cash Drawer Open & Count is the SOP for verifying a drawer, counting the starting bank, recording...

Workspace

Accounts Receivable Collections Workspace

An accounts receivable collections workspace for aging review, dispute tracking, escalation, and ...

Ready to use this template?

Get started with MangoApps and use Reference Check Authorization Policy with your team — pricing built for small business.

Get Started Customize with AI