Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP...
-
Upload
bruce-burns -
Category
Documents
-
view
221 -
download
0
Transcript of Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP...
![Page 1: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/1.jpg)
Washington State Patrol Non-Criminal Justice Agency
Compliance Audit Process
Marsha Stril
WSP Compliance Auditor
360-534-2135
![Page 2: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/2.jpg)
Introductions
• Your name• Your title
![Page 3: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/3.jpg)
![Page 4: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/4.jpg)
Fingerprints
• How do you verify that the person in front of you is who they say they are?– Verified forms of identification
• Current, valid, unexpired picture identification document (driver’s license)
![Page 5: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/5.jpg)
Secondary forms of identification• State Government Issued Certificate of
Birth • U.S. Active Duty/Retiree/Reservist
Military Identification • Card (000 10-2) • U.S. Passport • Federal Government Personal Identity
Verification • Card (PIV) • Department of Defense Common
Access Card • U.S. Tribal or Bureau of Indian Affairs
Identification • Card • Social Security Card • Court Order for Name Change/Gender
Change/Adoption/
• Divorce • Marriage Certificate (Government
Certificate Issued) • U.S. Government Issued Consular
Report of Birth • Abroad • Foreign Passport with Appropriate
Immigration • Document(s) • Certificate of Citizenship (N560) • Certificate of Naturalization (N550) • INS I-551 Resident Alien Card Issued
Since 1997 • INS 1-688 Temporary Resident
Identification Card • INS I-688B, I-766 Employment
Authorization Card
![Page 6: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/6.jpg)
Garbage in, Garbage out
![Page 7: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/7.jpg)
Audit for compliance
![Page 8: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/8.jpg)
Here’s the Deal
• How is this change relevant to what I do?• What specifically should I do?• How will I be measured and what
consequences will I face?• What tools and support are available?• What’s in it for me?
![Page 9: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/9.jpg)
Overview• Criminal Justice Information Services (CJIS)
Security Policy• Statutory Authority Review• User Agreements/Memorandum of
Understanding (MOU)• Criminal History Lifecycle
SecurityStorage/RetentionDisseminationDestructionMedia Security
• Audit Process
![Page 10: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/10.jpg)
CJIS Security Policy• Federal Requirements
• Protect the full lifecycle of the Criminal History Record Information (CHRI)
Whether at rest or in transit
• Applies to Non-Criminal Justice Agencies (NCJA)
• Provides a secure framework of laws and standards
http://www.fbi.gov/about-us/cjis
![Page 11: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/11.jpg)
Criminal History Record Information (CHRI) Lifecycle
• Requested (fingerprints)• Delivered (encrypted email)
• What happens next?• Where is it being stored?• How long do you keep it?• How is it destroyed?• How secure is your agency IT system?
![Page 12: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/12.jpg)
Is the CHRI Secure?
• Personnel• Who has access to it?• Are they sharing it?
• With whom?• Location
• Controlled access• Password protected
• Storage• How long can you retain it?
“Shoulder Surfers”
![Page 13: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/13.jpg)
Secure?
![Page 14: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/14.jpg)
Storage/Retention
• Store CHRI in a secure records environment• Dedicated area with restricted access
• Retain CHRI only as long as it pertains to a particular event
• Licensing • Employment• Fitness determination
![Page 15: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/15.jpg)
State & Federal CHRI
• CHRI cannot be shared with any internal or external body not involved in the fitness determination of an applicant
• CHRI cannot be given to a person or entity that has no direct interest (secondary dissemination).
• CHRI can be given to the applicant upon request– Verify ID
![Page 16: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/16.jpg)
Dissemination of CHRI
Is it okay to share (disseminate) the results to
anyone else?
![Page 17: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/17.jpg)
Here is an example• The State Department of Education (DOE) conducts
state and national fingerprint-based fingerprint CHRI checks under an approved state statute. Ms. Doe applies to work for the Wonder County Board of Education (BOE). The BOE conducts a state and national fingerprint-based CHRI check on Ms. Doe. The results of the national CHRI check are disseminated to the State Identification Bureau (SIB). The SIB disseminates the record to the State DOE, who is turn disseminates the record to the Wonder County BOE.
![Page 18: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/18.jpg)
DESTRUCTION OF CHRI
Remember: Safety First!
![Page 19: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/19.jpg)
Macy’s Day Parade Story
![Page 20: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/20.jpg)
Federally Approved Methods of CHRI Destruction
Incineration Shredding
![Page 21: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/21.jpg)
Media Security“at rest or in transit”
![Page 22: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/22.jpg)
Let’s review…..
• Security– Personnel & environment
• Storage & Retention– Where & how long
• Dissemination– Authorized or not
• Destruction– Only two authorized methods
• Media Security
![Page 23: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/23.jpg)
Any Questions so Far?
![Page 24: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/24.jpg)
Audit Process
![Page 25: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/25.jpg)
It’s not that bad!
• NCJA audits are mandated to the state repository (WSP) by the FBI
• On-site and/or Mail-in• Triennial audit cycle (every 3 years)
![Page 26: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/26.jpg)
The Audit Covers• Security• Retention/Storage• Dissemination• Destruction• Media Security• Statutory Authority Review• User Agreements/Memorandum of
Understanding (MOU)• Required “Security Awareness Training”
![Page 27: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/27.jpg)
Statutory Authority
• Authorized by state statute [ Revised Code of Washington (RCW)] – Can also be authorized by ordinance– Federal Regulations (HUD, etc.)– For purposes of employment, licensing, fitness
determination and/or emergency placement
![Page 28: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/28.jpg)
Memorandum of understanding (MOU)
• The FBI requires WSP to have an MOU with each of the non-criminal justice agencies (and criminal justice agencies) that submit fingerprint based state and federal background checks
• The purpose of this MOU is to set policy to ensure the protection of CHRI between WSP, the agencies, and the FBI
![Page 29: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/29.jpg)
Why Audit????
The intention of the audit process is to:
• Help agencies implement and/or review
policies, meeting state and federal security standards
• Increase safety practices with regards to CHRI • Limit Agency Liability (MOU)
![Page 30: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/30.jpg)
Pre-Audit
• Pre-audit questionnaire and an audit worksheet are sent out prior to on-site or mail-in audit
• WSP auditor draws a sample of data, verifying information
• The agency returns the completed documents-(timelines are important) Why???
• The auditor will notify you of the data drawn and the requested date and time for an on-site or mail in (correspondence) review
![Page 31: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/31.jpg)
During the Audit
• Verify information provided• Verify Training requirements
– Security Awareness Training mandatory in 2013
• Verify the security of the process• Verify the security of your IT services• Verify storage procedures• Verify how CHRI is disseminated• Verify how CHRI is destroyed• Verify MOU’s that cover these areas
![Page 32: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/32.jpg)
Post Audit• Conversation, compliance and completeness• Areas of concern noted
• Compliance letter sent to the audited agency
• Agency is given 30 days to respond with an action plan
• Be responsive • Official letter with completed findings sent to the
audited agency within 10 business days of reaching compliance standards
satisfactorily
![Page 33: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/33.jpg)
As we move forward
• Open and transparent communication• Clarification of any misunderstandings• What can the Washington State Patrol do to
assist you?
![Page 34: Washington State Patrol Non-Criminal Justice Agency Compliance Audit Process Marsha Stril WSP Compliance Auditor 360-534-2135.](https://reader035.fdocuments.net/reader035/viewer/2022062515/56649cea5503460f949b501c/html5/thumbnails/34.jpg)
Questions???
WSP Compliance Auditor
Marsha Stril
[email protected]: 360-534-2135
NCJA webpage: http://www.wsp.wa.gov/_secured/ncja/ncja.htm