Cross-References:
- Background Check Types - FCRA adverse action types
- SMS Consent Types - TCPA consent definitions
- ATS Background Check Architecture - Integration patterns
Overview
This document defines the mandatory compliance requirements and sign-off gates that must be satisfied before enabling Background Check (Checkr) and SMS notification features in production. Each gate requires documented approval from the designated authority before the feature can be activated for an organization.Current Verification Status (2026-03-03)
Pre-requisite for Gate 1: HR-09-P5.2 (Background Check Integration) must be implemented and deployed before Checkr can be enabled for any organization. Until then, all F-* requirements remain “implementation ready, sign-off pending.”
1. FCRA Compliance Requirements (Background Checks)
The Fair Credit Reporting Act (FCRA) governs how consumer reports (background checks) are obtained, used, and disclosed in employment decisions.1.1 Pre-Screening Requirements
1.2 Adverse Action Process
The FCRA mandates a two-step adverse action process when a background check result may negatively impact an employment decision.1.3 Ongoing Obligations
2. TCPA Compliance Requirements (SMS)
The Telephone Consumer Protection Act (TCPA) regulates automated text messages and requires explicit consent before sending SMS communications.2.1 Consent Collection
2.2 Opt-Out Mechanisms
2.3 Message Content Requirements
3. Sign-Off Gates
Gate 1: Background Check Feature Activation
Required before: Enabling Checkr integration for any organizationTarget date for sign-off: Q2 2026 (when HR-09-P5.2 ships)
Gate Decision: ☐ Approved / ☐ Conditional / ☐ Blocked
Conditions (if any): _______________________________________________
Gate 2: SMS Feature Activation
Required before: Enabling SMS notifications for any organizationTarget date for sign-off: Q2 2026 (when SMS feature enabled for orgs)
Gate Decision: ☐ Approved / ☐ Conditional / ☐ Blocked
Conditions (if any): _______________________________________________
Gate 3: Per-Organization Activation
Required before: Enabling features for each new organization/tenant
Gate Decision: ☐ Approved / ☐ Conditional / ☐ Blocked
4. Enforcement in Code
The following technical controls enforce compliance gates:5. Periodic Review Schedule
Official Sources
Full list of authoritative external references (HR, CL, PM, RH, GR, IT, PF):
docs/compliance/AUTHORITATIVE_REFERENCES.md.
Version History
1.0.0 (2026-02-10)
- Initial compliance tracking document
- Defined FCRA requirements F-01 through F-12
- Defined TCPA requirements T-01 through T-12
- Established three sign-off gates (feature activation, SMS activation, per-org activation)
- Mapped enforcement controls to codebase
Last Updated: 2026-02-10
Next Review: 2026-05-10