1 / 14

Data Center Consolidation

Data Center Consolidation. CJIS Security Requirements on Background Checks. CJIS Background Check Requirement. The User is required to conduct fingerprint based background checks on: Personnel who are authorized access to FCIC/NCIC/III/CJNet data or systems,

shania
Download Presentation

Data Center Consolidation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Center Consolidation CJIS Security Requirements on Background Checks

  2. CJIS Background Check Requirement • The User is required to conduct fingerprint based background checks on: • Personnel who are authorized access to FCIC/NCIC/III/CJNet data or systems, • IT personnel who maintain/support information technology components used to process, transmit or store unencrypted data to and/or from the FCIC II message switch, and • Other personnel accessing workstation areas that are unescorted by authorized personnel. 

  3. Who else needs to be screened? • Support personnel, contractors, and custodial workers with access to physically secure locations or controlled areas (during Criminal Justice Information processing) shall be subject to a state and national fingerprint-based record check unless these individuals are escorted by authorized personnel at all times.

  4. Definition of Access Access to Criminal Justice Information: The physical or logical (electronic) ability, right or privilege to view, modify or make use of Criminal Justice Information.

  5. Procedures for Determining Access • A criminal history record check is conducted by the criminal justice authority within the data center • If a criminal history record or a warrant is found on the individual the applicant is not allowed access or access to work areas and the CJIS Systems Officer (CSO) at FDLE shall be notified • The CSO reviews the information and determines whether access is granted or denied

  6. Criteria for Access • Applicants are denied access if they: • Have been found guilty of, regardless of adjudication, or entered a plea of nolo contendere or guilty to a felony,  or • Are under court supervision for a criminal offense or • Have criminal charges pending.

  7. Criteria for Access (cont.) • Applicants may be denied access: • For misdemeanor crimes if a determination is made by FDLE that access by the applicant would not be in the public interest

  8. Standards for Continued Access • If the person already has access and is subsequently arrested and or convicted, continued access shall be determined by the CSO. • If the CSO determines that access would not be in the public interest, access shall be denied and the person’s appointing authority shall be notified in writing.

  9. Standards for Continued Access • In order to ensure compliance with the CJIS Security Policy all fingerprints on persons who are employed or contracted to a data center shall be retained and arrest notifications shall be sent to the agency that conducted original background check. The CSO shall be notified and access shall be suspended.

  10. Fingerprint Screening Process • If a data center maintains, stores or provides access to systems with criminal history information the following must be in place: • A criminal justice agency must be designated as the screening authority • The criteria must be in place • Fingerprints must be taken • If Criminal Justice Agency is conducting the check as part of the CJIS security addendum then no fees are assessed.

  11. Lessons Learned • Communicate with Board and Employees • Assess Physical Location • Assess Electronic Access • Assess Systems Issues • Is encryption required • Advanced Authentication • Develop comprehensive Plan/Review with FDLE • Request CJIS Pre-Assessment

  12. Criminal History Records Check • Develop Policies and Procedures to address background screening issues • Identify the CJ agency who will conduct the checks and receive arrest notifications • Identify Persons who have access and ensure screening complete

  13. Issues To Be Considered • Standard notification to employees that a criminal arrest will jeopardize access to data center information • Procedures if employee can no longer have access due to arrest notification • Alternative placement opportunities • Administrative issues for agency conducting checks • Workload • Documentation • Follow up • Communication with employees

  14. Current Status • DJJ has separate account to track data center screenings and retained prints • Northwood has a non-criminal justice account to do their own state and national criminal history record checks • Screening process and notification in place • Data Center Director provided status on those granted or denied access

More Related