SA-21(1) — Validation of Screening

Validate that the screening claimed by vendors for their developers actually meets your requirements. Trust but verify — do not just take the vendor's word for it.

Example 1: In your vendor contracts, include the right to request documentation verifying that developer screening was performed to your standards. This might include redacted screening reports, certification letters, or attestations from the vendor's HR department.

Example 2: For high-security development work, require vendor developers to undergo your own screening process or provide screening results from a provider you trust. Include this as a contract deliverable with defined timelines: no developer writes code for your project until screening verification is on file.