Agency Audit Worksheet
This audit will address five key areas:
  1. Administrative Functions
    • Authorized Recipient Contact Information Form
    • Agency Contacts
    • Access Agreement
    • Required Forms
  2. Utilizing Criminal History Record Information (CHRI)/III
    • Employment / Licensing Log Survey
    • Access
    • Use
    • Misuse
    • Dissemination
    • Review
    • Retention
  3. Personnel Security and Training
    • Audits
    • Agency Training
    • Fingerprinting
  4. Physical Security
    • Storage
    • Record Disposal and Destruction
  5. Information Security
    • Computer Systems
    • Vendor Outsourcing
BLUE fields are required

The acronym CHRI in this form stands for Criminal History Record Information.

Please review this entire form to assure you have all the required information available before you begin.  Some answers will require additional information.

If you have errors on the form, you will need to reattach the three required attachments after you correct the errors.

Administrative Functions

Agency Contacts    
()-
Access Agreement    
A copy of agreement is on file at the agency:
The Agency Head read and understood this agreement:
Agency staff understands the requirements of this agreement:
Required Forms    
Our agency has a signed copy of the Regulation Regarding Receipt of CHRI for each Authorized Personnel who accesses and/or processes CHRI:
Our agency has an applicant sign an Electronic Fingerprint Release of Information form (EFSR) or an Authority Release of Information (AFR) form:
A copy of the original EFSR/AFR signed by the applicant is retained in agency files:
Our agency has an applicant sign each form for consent to to a background check:
A copy or the original form signed by the applicant is retained in agency files:
These forms are maintained as follows:  
Our agency shares the "Authority for Release of Information" with other agencies:
 




Internal Policies    
Our agency maintains the following internal CHRI policies (check all that apply):






Authorized personnel receive a copy of the CHRI policies and signs their understanding of each policy:

Utilizing CHRI / III

Employment / Licensing Log Survey    
Our agency audits and / or monitors CHRI (check all that apply):


Access    
Access is granted on a "Need to Know" basis:
Our agency receives CHRI from the NCSBI (check all that apply):






Our agency requests law enforcement to run a State name check only on our applicants:
 




Our agency receives these name checks from law enforcement (check all that apply) :





Use    
Prior to a CHRI request, our agency conducts the following personnel screenings as part of the applicant background check (check all that apply) :





Our agency uses CHRI on (check all that apply) :





CHRI (check all that apply):



Misuse    
The term "Misuse of CHRI" means (check all that apply):





Our agency has a policy in place to contact the NCSBI when any misuse is detected:
Our agency has contacted the NCSBI regarding misuse:
Dissemination    
Our agency shares CHRI outside our agency by (check all that apply):



Our agency has a policy regarding dissemination:
Our agency disseminates CHRI as follows (check all that apply) :











Review    
Our agency contacts the appropriate Clerk of Court to obtain missing disposition information:
Our agency does not deny employment or licensing on grounds of name-based or incomplete CHRI received from the NCSBI:
Our agency has written criteria defining what CHRI information would be a disqualifier for employment / licensing:
Our agency has a policy to notify an applicant on how to challenge CHRI results received from the NCSBI and FBI:
Retention    
Our agency has a Hard Copy CHRI retention policy:
Our agency has an Electronic CHRI retention policy:

Personnel Security and Training

Audits    
Our agency monitors appropriate use of CHRI through (check all that apply) :



Our agency has a policy to address inappropriate use:
Our agency confirms positive identification on all applicants:
Agency Training    
Our agency makes authorized personnel aware of confidentiality rules and regulations regarding CHRI supplied by the NCSBI:
Our agency provides training to Authorized Personnel on internal policies and procedures governing the appropriate access, use, handling, dissemination and destruction of CJI/CHRI. This training occurs within six (6) months of employment or placement on the Authorized Personnel List (APL) and reoccurs biennially thereafter:
All authorized personnel sign confidentiality agreement and acknowledgement statements:
The mandatory CJIS Security Awareness training provided by the FBI was completed by our agency’s authorized personnel before this worksheet was finalized: NOTE: worksheet cannot be submitted if "NO"
Fingerprinting    
Our agency has a policy for processing applicant fingerprint card submissions:
Authorized personnel have been trained on how to complete applicant fingerprint cards:
To confirm positive identification, our agency requires (check all that apply) :






Our agency does not require photographic identification:
Our agency has personnel that fingerprint applicants on-site:
Our agency uses a contractor / vendor to fingerprint applicants:
Our agency receives fingerprint cards directly from applicants:
Applicants submit fingerprint cards to our agency (check all that apply):



Our agency submits applicant fingerprint cards to the NCSBI (check all that apply):






Our agency receives fingerprint cards from applicants who reside out-of-state:
For applicants fingerprinted out-of-state and fingerprint cards received by our agency, the out-of-state printing agency required a government issued photo ID:
Our agency receives out-of-state applicant fingerprint cards (check all that apply) :




Physical Security

Storage    
Our agency maintains CHRI in (check all that apply) :







Unescorted visitors are allowed in the agency building where CHRI is stored and accessible:
Our agency conducts a state and national fingerprint based background check of all agency personnel with access to CHRI:
Record Disposal and Destruction    
Our agency has a policy for destruction of CHRI:

Information Security

Computer Systems    
Our agency maintains an electronic format or computer database of applicant information:
Our agency database is password protected:
Our agency database is on a network:
Our agency database is on a standalone computer:
The following information is contained in our database (check all that apply) :






A contractor / vendor has access to our agency database for support, maintenance or other purposes:
Our agency participates in a national database that contains information about an applicant's hiring or licensing status:
Information contained in the national database indicates the reason why the applicant was not hired or licensed based on the results of CHRI:
Vendor Outsourcing    
Our agency has written permission from the NCSBI to outsource CHRI:
Our agency has a written agreement with a contractor / vendor approved by the NCSBI for outsourcing of CHRI:

CLOSING This document will be reviewed as the official agency audit submission by an NCSBI Criminal Information Auditor. The NCSBI will maintain a copy and any submitted supporting documentation in the NCSBI audit files, which are available, in part, pursuant to public records requests.
ACKNOWLEDGMENT As the designated agency head, I acknowledge the contents contained in this agency audit to be complete and accurate. I understand the NCSBI will review this audit report for compliance with requirements outlined in state and federal regulations and specific to my agency. I understand the NCSBI will contact my agency with findings and corrective actions to be taken. I understand a follow up written response must be sent to the NCSBI outlining corrective measures.
 
By checking this box, I (Agency Head) hereby acknowledge:
By checking this box, I (Agency Preparer) hereby acknowledge:
     
= 2 + 5