INSIDE THE
NEWS + ADVICE
What a Recruiter Needs Upfront to Verify Your Security Clearance
Should I give my security clearance information to a recruiter when they ask for it over the phone?
As a recruiter I frequently ask job seekers for this information.
I need to know you have a security clearance before you come in for an interview. That means I need your full name, date of birth, place of birth and social security number.
This information is then passed on to the Facilities Security Officer (FSO) as most recruiters don’t have verification access. The FSO verifies the information in JPAS or Scattered Castles and identifies any potential issues.
Most people are trusting and willingly provide this information, especially if we met at a job fair, connected over social media, or if I found their resume on ClearedJobs.Net. After all I’m helping them get a job, right?
But sometimes if I contact a job seeker and we’ve had no previous contact, they hesitate to provide this information. I find this particularly in the intel community.
In this situation as a job seeker you do have a couple choices. Handle these choices diplomatically with your recruiter and be polite.
Option 1, Verify the Recruiter
Get the recruiter’s name and contact information. Doublecheck to make sure you have this critical information correct! Let the recruiter know you’ll get back to them quickly with the details they have requested, but that you first want to verify their association with the employer.
What can you do? Google the recruiter’s name, search for them on social media, check their LinkedIn profile, or call the company switchboard and verify the recruiter works for the company.
Choose which of those strategies makes you feel comfortable. This can get tricky because many recruiters work on a contract basis for employers, but your goal is to make sure they have a presence with the company they are hiring for.
If you’re satisfied, get back to the recruiter quickly. If you’re not satisfied, you have Option 2.
Option 2, Talk to the FSO
Ask the recruiter to have the FSO contact you, or ask if you may contact the FSO to provide your details.
Understand that you must provide this information to move forward with an interview. Be responsive to the recruiter and the Facilities Security Officer — most likely you’re not the only person they are talking to about the position.
This entry was posted on Wednesday, August 28, 2013 7:03 am
Hi Chrissa,
In my many intel assignments I often wore the hat of unit security manager which meant I had access to JPAS. The only info I ever needed to verify someone’s clearance info was the name and SSN. Perhaps you’re getting pushback from job applicants because you also ask for their POB and DOB which is the type of info an identity thief would want. Do you really need that additional info or is it just over-reach by your FSO? After all, once you access someone’s JPAS account, all of that info is plainly shown. I was just wondering. Take care.
Sincerely,
Will
I spent 20 years in that community the article mentions, I can only speak for personal experience, with the growth of identity theft in the past 10-15 years, I am always hesitant to give my SSN over the phone or even fax (yes i’ve been asked that before by a legitimate agency) since they are both not secure means of communication.
If I am able to encrypt an e-mail and the recipient can decrypt then yes I will gladly provide my SSN with no worries of compromise. I understand the need to verify a job applicant’s security clearance status and level, but from an applicant’s perspective, the SSN, albeit far from its original intended purpose when devised, is a powerful nine-digit string in the hands of unintended recipients that wish to do bad things to good people.
You must work in IA
Hi Will. Thanks for your comment. I do not receive a lot of push back, but if I do it is normally surrounding the SSN more than anything else. However you do make a good note, the FSO will normally just need to verify with a name and SSN. At the places I have supported we often obtain all that info because we will need it to pick up the clearance upon hire. Two birds and all that. Mostly I want job seekers to be prepared for how to handle what could be an uncomfortable situation throughout the job seeking process.
This is entirely untrue. You are never supposed to release your PII unless clearing for access to facilities and employed by the company. You can however release contingent information based on a need to know.
DoDIIS requirements even state that JPAS is not to be used as a hiring and recruiting means.
Think about all of this for an instant. If you are filling a position that requires the clearance, then they and the SSO and the FSO know that your not supposed to be using JPAS in this manner otherwise the recruiters would have access.
As an FSO how do you fill out your access log after using JPAS for people other than employees or potential access list people? Facilities Managers and DoDiis 1/14 cleared systems know that their CA depends on correct use of JPAS and not for recruiting.
I would really look deeply at the reasons other than security clearance verification.
In one investigation it was found that the employers were using JPAS as a means to verify prior employment and what programs they were previously involved with. Nothing was actually checking for JPAS SC to SCI types of access.
Those who are perpetuating this process described in this article need to be put on notice.
You dont need to access JPAS unless access to your system, or an employee….
Curt, so what does one do? Besides Binging that recruiters name for verification of who they are working for or contacting their FSO as stated in the article, what do we really do. I’ve been seeking employment for a while now and these recruiters call, get my name and SSN then I don’t hear back from them. There are no derogatory issues with my history so I’m curious as to why nothing solid yet. Many of the recruiters are just a waste of time. If one has never been there they would not understand the frustration. I hold a TS clearance but I’m coming up on expiration in Nov. ’13. I’m only at the Tier I level but is it the job market? I had a Veterans appointment this past Friday. While at the facility I stopped by the employment section and was told by HR that the Tier I hires are harder to fill now. Thank you for reading. Hope to hear something back.
Gregory,
Somehow I didnt get your update.
I would advise to get the information from the people you are speaking with. Verify that they have a contract for the defense department. Ask for the contract award number. Look up the contract award number and verify its with the company contacting you. Contact their FSO that they claim is clearing their people. Usually its just as I stated. They are using your information for contract bidding and are looking at what prior contracts you were involved with.
If they truly have a position they will;
1) Verify the Contract Award Number and Date.
2) Write you a contingent employment offer.
3) Schedule you to come in for I9 and identity verification.
These are the very basic requirements but more can be found in the “Defense Acquisition University” website. Some of these items are laws and some are regulations.
Also be aware that some of the information that you are giving out is to be safeguarded. Those recruiters now have your PII and I question if they are ensuring its safety, if caring at all.
A helpful tool is the identity that is passed with an email. As long as it is a corporate email address that the recruiter uses it is easy to verify – not so much with gmail or outlook or etc.
So asking the recruiter for an email and phone makes assurance much easier.
Rodney, I beg to differ. It is very easy for a hacker to replace the return address of an email with ANY TEXT, even a real-looking corporate email address.
So true that one can list in the text anything — purporting to have an email address that is a company. But with the right email client you can ensure that the sender of the message is in fact a name and domain that jives with what is given in the text.
A recruiter is supposed to match skills to job and pass names to the perspective company. If an applicant states they have a clearance the company’s security manager can check JPAS. The correct procedure is to offer the position contingent upon security clearance validation. The contingent offer protects the perspective employee and the company as PII is exchanged for the purpose of security clearance verification. Recruiters are, in fact, overstepping their authority and putting their companies in possible legal peril when requesting and using PII I appropriately. There are also specific rules for all companies are required to implement to safeguard PII which recruiting companies could receive hefty fines if these measure to protect requested PII are not in place.
The following procedures are issued under the authority provided by NISPOM paragraph 2-200b. Contractors shall follow these procedures when using JPAS and shall ensure that authorized users of JPAS have been properly informed about these procedures and any other specific policies governing access to and use of JPAS.
3. DoD issues JPAS accounts exclusively for use by a specific contractor or corporate family of contractors. Persons given access to JPAS as account holders may only use JPAS on behalf of the cleared contractor or corporate family of contractors through which the account was issued. For example, an employee of ABC Company holding a JPAS account issued through ABC Company and who works at a government site is not authorized to use the contractor-granted account in support of the government customer. If the government customer requires the contractor employee to review or update JPAS records on behalf of the government customer, the government customer must provide a separate, newly created JPAS account for the contractor employee to use – they may not share an existing user ID and password.
Protecting applicants PII is important however there are several different ways to do so and not simply one “correct” procedure. This is going to change from company to company, as for the DOB and POB requests those are probably for facility access within the IC as those are required in forms to get a person access to a worksite. My personal procedure is to receive an encrypted document from the applicant, I usually will not extend a conditional offer until I have had their clearance verified by the FSO. This is for a simple reason, if I have two otherwise qualified candidates and one shows as TS/SCI and another TS with SCI eligable its going to be a factor in my decision.
I’d be VERY VERY careful about asking for a contract award number. I have no problem with an applicant asking if I’m trying to use their resume to bid on future work, but if I’ve already told them its for a contract I already own and they still want a contract award number; I’ll look it up give it to them and not hire them. Not a chance I would hire someone who asked because they have already indicated they do not trust me. I’ve never had this come up in an interview yet but I would react adversely to the request even if I don’t let the candidate know.
William,
If you don’t trust someone for asking public information, which government contracts are, and you want an employee to trust YOU blindly, I have to wonder what kind of business YOU run. Business IS a two-way street but you clearly want a slave/master relationship with YOUR employees.
BRAVO.. BRAVO…Totally Agree
“I usually will not extend a conditional offer until I have had their clearance verified by the FSO. This is for a simple reason, if I have two otherwise qualified candidates and one shows as TS/SCI and another TS with SCI eligable its going to be a factor in my decision.” and BOOM there it is.. Sorry I wasnt paying attention to this line post.. William, you have just admitted that you are in fact using JPAS as a recruitment tool…
The following procedures are issued under the authority provided by NISPOM paragraph 2-200b. Contractors shall follow these procedures when using JPAS and shall ensure that authorized users of JPAS have been properly informed about these procedures and any other specific policies governing access to and use of JPAS.
10. Contractors are authorized to verify prospective employees’ eligibility for access to classified information in JPAS prior to an offer of employment being extended. However, contractors may not use JPAS for recruiting purposes.
Now there are other regulations as well, but to out and out admit that based on whats in JPAS and not what the skills and actual requirements of the prospect are? WOW!
Curt,
What you’re saying here is great in theory, but come on, we all know the clients (government) want candidates with active clearances and expect contractors to confirm the information. In the Intel community they even require this information up front many times.
I really do not believe that the Client themself are asking you to violate the law. That would mean that all business from that point forward is tainted. I would refer to my previous posts and use that reference as a guide.
Then there are those calls from ‘recruiters’ about jobs that require a clearance but the name of the recruiter and the language skills clearly indicate that the recruiter is not an individual who would hold a clearance on their own. They won’t have access to JPAS. Even if the recruiter’s firm can be readily confirmed is this a case of providing PII??
I have had interviews where it starts in an unclassified setting where the PII is gathered and then, once verification is complete the interview moves to a secure location.