Cover: Corporate Knowledge for Government Decisionmakers

Corporate Knowledge for Government Decisionmakers

Insights on Screening, Vetting, and Monitoring Processes

Published Aug 3, 2020

by Ryan Andrew Brown, Douglas Yeung, Diana Gehlhaus, Kathryn O'Connor


Download eBook for Free

FormatFile SizeNotes
PDF file 0.9 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.


Purchase Print Copy

 Format Price
Add to Cart Paperback76 pages $19.00

Research Questions

  1. What challenges in vetting and monitoring personnel do corporations in the technology, pharmaceuticals, finance, and gaming industries face? What types of personnel present the highest risk of insider threat, and why? What motivates employee behaviors that put corporations at risk? What corporate strategies are used to mitigate risk?
  2. What corporate vetting and monitoring processes could be adapted to improve the efficiency and effectiveness of U.S. government vetting and monitoring? How do newer technology-based approaches (e.g., machine learning) factor into these processes?

The U.S. government's screening and vetting process seeks to ensure that those with access to classified or otherwise sensitive information, material, people, or property can be trusted. The authors of this report leverage interviews with human resources and security personnel in several corporate sectors (technology, pharmaceuticals, finance, and gaming) to derive insights for the U.S. government regarding potentially effective ways to screen and vet personnel and monitor personnel over time to decrease risk to U.S. national security and public trust.

Corporations in the sample exhibited considerable diversity in screening, vetting, and monitoring practices, much of which was industry-specific and some of which was related to corporate size and stage of growth. For example, smaller and newer corporations preferred less-structured, more-flexible and informal screening and vetting processes, with any malfeasance handled on a case-by-case basis. Larger organizations in established, highly regulated industries, such as finance and pharmaceuticals, tended to have more-structured processes, owing to the constant need to follow federal and state regulations. Overall, few corporations in the sample used artificial intelligence and machine learning automated-analysis approaches for prehire screening, vetting, or employee monitoring, and those that did indicated that extensive human management of these systems was necessary. Creative solutions to employee monitoring included the development of human intelligence networks and intelligence fusion capabilities.

Key Findings

  • Proper triage of potential insider threats is challenging but critical. This triage involves sorting personnel and behaviors into those that require punitive action or removal versus those that can be addressed via support and counseling.
  • To improve early threat detection, intelligence must be shared inside and outside the organization. Such intelligence sharing requires building relationships and trust across corporate functions and with outside agencies.
  • A human in the loop is essential. Current approaches for threat detection involving artificial intelligence and machine learning require significant human involvement in calibrating and monitoring these systems.
  • Taking a "whole of community" approach to identifying and mitigating threats helps share labor burden and improves effectiveness. The U.S. government may benefit from setting screening and vetting standards and relying on corporate capabilities to execute these standards.

This research was sponsored by the Security, Suitability, and Credentialing Performance Accountability Council Program Management Office and conducted within the Cyber and Intelligence Policy Center of the RAND National Security Research Division (NSRD), which operates the National Defense Research Institute (NDRI).

This report is part of the RAND research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.