The organization shall conduct background checks for employees and candidates who have or will have direct or remote access to critical information systems, and for contractor employees in similar positions.
These checks should be based on a risk assessment and cover the last five years. Prior consent must be obtained from the individual, and lack of consent will prevent them from working in positions with critical system access.
The background check shall include:
- Confirmation of the person's identity.
- Checking criminal records in Slovenia, EU, and third countries for specific criminal offenses that could compromise the security of critical systems.
The organization may collect necessary personal data for these checks, such as name, surname, unique identification number (e.g., EMŠO) or date of birth, official identification document number, and information on criminal convictions. This data must be stored for five years from the end of the calendar year of collection and then irreversibly deleted or destroyed.
.svg)
