Which of the following describes the required background checks before hiring personnel who will have access to cardholder data (Req 12.7)?

Screening personnel with access to cardholder data is about ensuring trusted access by conducting background checks before hire. The best choice reflects the level of due diligence recommended for those who will handle sensitive payment data: verify previous employment history to confirm reliability and relevant experience, check the criminal record to identify any history that could pose a risk to data security, review credit history when the role involves handling financial information or access to sensitive systems, and perform reference checks to corroborate past behavior and performance. Together, these elements provide a comprehensive view of a candidate’s trustworthiness and suitability for roles with access to cardholder data, aligning with PCI DSS requirements. Relying only on references misses potential red flags; medical history is not relevant to job performance in this context; and having no checks leaves significant insider risk unaddressed.