Agency Responsibilities

Transcription

1 Agency Responsibilities

2

3 Agency Contacts Agency Head Point of Contact (POC) Local Agency Security Officer (LASO)

4 Schedule the audit with the auditor Agency Point of Contact (POC) Complete the E- Audit Provide onsite audit documentation Provide post-audit responses

5 Support policy compliance Working security measures in place Use of hardware, software, and firmware Local Agency Security Officer (LASO) Personnel security screening No unauthorized access Connection to state system

6 CJIS Security Policy 5.5 The Criminal Justice Information Services (CJIS) Security Policy includes a number of technical safeguards designed to protect and secure criminal justice information. Compliance with this policy is mandatory for any agencies requiring access to FBI CJIS Division systems and information.

7 User Agreements GCIC NCJA Every 3 years Agency head changes Point of Contact changes (located on the Applicant Services Blog)

8

9

10

11

12

13 How To Challenge A Criminal History Record Georgia Arrests Contact the submitting agency first Submit a set of fingerprints to GCIC for comparison to arrest prints via the Record Inspection Record Inspection details are available on the GBI website Arrests Outside of Georgia Contact the submitting agency for instructions

14 How To Update A Criminal History Record If an applicant s criminal history record has inaccurate or missing information the applicant must contact either the arresting agency or the court where the case was handled. GCIC can only assist with updates for arrests within the State of Georgia.

15

16

17

18 Never disseminate CHRI outside of the receiving department, related agency, or other authorized entity unless authorized by law.

19 Time allowed to correct or complete criminal history records, and any appeals process that is afforded the applicant should reasonable and documented by the agency.

20 Fingerprinting Check ID Fingerprint applicant Follow livescan prompts Verify information

21 Rejections Resubmissions Bad Image FBI Name Search

22 Authorized Use of CHRI Employment Licensing Volunteers

23 Dissemination: Sharing CHRI CHRI may not be released outside the receiving department, related agencies, or other authorized entities.

24 Things to consider when sharing CHRI:

25

26 NEVER store CHRI in personnel files.

27 Destruction Cross-cut shredding Burning

28 Security Awareness Training Within 60 days of assignment Every 2 years Learning Management System (LMS)

29 Training NCJ Orientation NCJ Overview Agency Responsibilities GAPS Audits IDHS

30 Policies Natural/Man-made Disaster Policy Disciplinary Policy Media Protection Policy Applicant Privacy Rights Notification

31 Natural/Man-Made Disaster Policy The agency must have a written policy for the protection of CJI/CHRI from: Unauthorized access Theft Sabotage Damage resulting from fire, wind, flood, power failure, or other natural or man-made disasters

32 Disciplinary Policy The agency must have a written policy to include formal sanctions that specifically address violations of CHRI: Usage Dissemination Security Destruction

33 Media Protection Policy The agency must have a written policy for: Secure handling Transporting Storing Disposing of electronic and physical media: memory devices, laptops, computers, and flash drives printed documents

34 Applicant Privacy Rights Notification The agency must have a detailed written policy to include: How applicants are notified of their rights The procedures for challenging and/or correcting a criminal history record The time allotted to correct/update the criminal history record **Agencies must maintain a signed log**

35 Information Security meet the 128-bit encryption requirement firewalls in place to protect data from unauthorized access unique username and password *GCIC must be promptly notified of any security incidents involving CHRI.

36 Outsourcing Agencies that choose to outsource any responsibilities which involve the administration of criminal justice information including: Data Destruction IT Services Off-site Media Storage Dispositions Hiring Decisions Scanning Services

37 Outsource Agreements Provide a copy of the contract to GCIC which includes the Outsource Standard in order to receive written permission from GCIC to outsource

38 Audits At least every 3 years Pre-Audit Onsite Audit Technical Audit

39 Agency Resource The NCJ Blog is a forum where all agencies utilizing fingerprint based background checks can ask questions, gather information, and provide feedback on topics related to the Applicant Services community. Audit Training GCIC Agency Information Information Updates Support

40