One thing led to another as market conditions and technology evolved, lessons were learned and today we are a consumer reporting agency (CRA) with a focus on FCRA guidelines.
With a vast experience in providing Background Checks for a wide array of industries as well as the public sector, BCS Background Screening has proven to a leader in its expertise and delivery of FCRA Compliant Background Checks. Due to ever-changing laws and compliance guidelines, each one of our clients can rest assured that their organization will be legally protected through our quality assurance human-reviewed verification process that goes into every report.
BCS Background Screening, LLC
1172 South Dixie Hwy – #257
Coral Gables, FL – 33146 USA
Due to security risk-factors and for the safety of our staff, our physical address is not published.
Proud members of
About our services
BCS Background Screening, LLC is fully compliant with the Payment Card Industry Data Security Standard (PCI DSS). Applicant credit card transactions are processed by PayPal, and we only persist the transaction token they return to us.
Our environment is hosted in Amazon Web Services (AWS), with full redundancy across carriers, databases, servers, DNS, and file storage. In addition, we adhere to DoD 5220.22-M and/or NIST SP 800-88 standards. AWS uses the techniques detailed in DoD 5220.22-M (National Industrial Security Program Operating Manual) or NIST 800-88(Guidelines for Media Sanitization) to destroy data as part of the decommissioning process. When we release volumes back into the pool, they are sanitized before reuse.
Business Continuity Plan
We have a combined Business Continuity and Disaster Recovery plan. Because our data center is fully virtualized, we have no reliance on our physical office space for people, processes, or other resources. Our architecture has redundancy at all levels and can be deployed in any of AWS’s 4 regions in the United States.
In the event our primary office location is unavailable, our employees will work from home utilizing secure VPN access to access our production, development, and stage environments from our virtual private clouds in AWS. Employees use corporate laptops to access our systems, so our desktop hardening, appropriate use, and antivirus policies are maintained. Some of our off-site, trained research personnel reside outside our state (FL) and can continue fulfilling orders and answering phones
We plan to quickly recover and resume business operations after a significant business disruption and respond by safeguarding our employees and property, making a quick operational assessment, protecting corporate resources and data, and allowing our customers to transact business. In short, our business continuity plan is designed to permit us to resume operations as quickly as possible, taking into account the scope and severity of the business disruption.
Our business continuity plan addresses data backup and recovery, mission-critical systems, operational assessments, and timely communications with customers and employees.
The most recent example of successful completion of this plan would be the recent Hurricanes (Irma and Maria) that hit Florida in 2017. We were proudly able to maintain 99% uptime as well as complete contact with our employees who were working remotely.
The CEO and COO are the primary members of the business continuity team. They are the only two employees allowed to incur costs related to business continuity without prior authorization. During a significant business disruption, they will assemble additional teams as necessary to generate a business impact analysis, and to address any immediate continuity concerns.
- Data Backup and Recovery
All electronic backups are distributed across multiple data centers within the AWS infrastructure. We maintain multiple copies of our application code distributed across GitHub, our servers distributed across multiple data centers in AWS, and on our developer’s computers. Our databases are fully backed up nightly, with incremental log backups occurring throughout the day.
In the event of a significant business disruption, we will determine the best methods for us to communicate with our customers, employees, and critical business partners, and then will make our best efforts to inform all affected customers regarding the business disruption within 4 hours.
- Mission Critical Systems
Our company’s “mission critical systems” are those that ensure prompt and accurate processing of transactions, including order taking, data entry, submitting orders to researchers, the maintenance of customer accounts, access to customer accounts and the delivery of information to the end consumer. These systems include our application servers, databases, web application firewalls, load balancers, and task servers. For other infrastructure components like DNS and network firewalls, we rely on the highly available and distributed AWS services. We have a primary responsibility to establish and maintain our business relationships with our customers, and have sole responsibility for our mission-critical functions of order capture, order routing and the return of results.
- Researchers and Other Third-Party Dependencies
Our research partners and data providers may also experience significant business disruptions, which could impact our ability to perform certain types of transactions. When this occurs, we will make every effort to communicate the disruption via website message, email, or alternate communication method to our customers in a timely manner. However, due to the manual nature of some research transactions, we may not immediately be aware of the disruption. We will make every effort to communicate third-party disruptions within 4 hours of us being notified of the disruption.
- Updates and Annual Review
We will update this plan whenever we have a material change to our operations, structure, business or location. In addition, we will review this plan annually, to ensure it remains in alignment with our business goals and the needs of our customers.