The Director shall appoint auditors to
conduct performance audits of criminal justice agencies that access Georgia's
CJIS network to assess and enforce compliance with these Rules, O.C.G.A.
other relevant Georgia code sections and pertinent federal statutes and
(a) The GCIC audit program shall
be designed and conducted to meet the performance audit standards and practices
set out in the General Accounting Office (GAO) publication Government
Auditing Standards also adhered to by the FBI CJIS Division audit
(b) GCIC auditors shall
audit these agencies triennially as required by NCIC operating policy. A
representative sample of agencies that do not access Georgia's CJIS network
will be audited, based on the availability of auditor resources.
(c) Agency heads shall receive at least 15
days advance notice of on-site GCIC audits. Written notification will identify
all areas of audit program interest and the applicable performance
(d) Upon completion of
each performance audit, GCIC auditors shall discuss their
findings with agency heads, TACs, or their designees. GCIC auditors will
recommend strategies for remedial action to resolve any area of non-compliance.
In addition, GCIC auditors will assist agency heads in obtaining agency
personnel training or any other assistance related to efforts to resolve areas
auditors will provide agency heads with written reports, which
identify areas of compliance, non-compliance and other written comments
specific to audit assessments. The Audit Program Manager will report the
results of completed audits to the Assistant Deputy Director for Compliance and
Customer Support and the Director.
The Director shall report the status of
the Georgia audit program to the Chairman and members of the GCIC Council. In
cases of continued non-compliance, the Director shall provide recommendations
to the Council for sanctions or other actions per the provisions of GCIC
Agencies scheduled for audit
shall make the following available to GCIC auditors:
(a) Facility access policy.
(b) Personnel records (maintained in agency
files) to include results of employee fingerprint-based background checks, GCIC
Awareness Statements, records of relevant training, e.g., CJIS Network Terminal
Operator workbooks, end of chapter tests and final certification tests, as well
as any other training materials used for practitioners and any other documents
deemed appropriate to accomplish the audit responsibilities.
(c) Local criminal history record
(d) CHRI handling
(e) Standard operating
procedures governing the access, use, security and discipline regarding the
dissemination of criminal justice information.
(f) Case files that support GCIC/NCIC
computerized record entries, e.g. incident and supplemental reports, missing
persons reports, family violence reports, arrest warrants.
(g) Computer system hardware, when
(h) Computer system
software, when requested.
Computer system documentation to include system topologies, when
Ga. Comp. R. & Regs. R. 140-2-.07
U.S.C. 3771, 28 CFR 20.21.
Original Rule entitled
"Audit Procedures" adopted. F. Feb. 25,
1976; eff. Mar. 16, 1976.
New Rule of same title adopted. F. Jan. 7,
1983; eff. Feb. 1, 1983, as specified by the Agency.
New Rule of same title adopted. F. Sept. 6,
1984; eff. Oct. 8, 1984, as specified by the Agency.
New Rule of same title adopted. F. July 2,
1986; eff. July 22, 1986.
New Rule of same title adopted. F. Nov. 7,
1990; eff. Nov. 27, 1990.
New Rule of same title adopted. F. Dec. 2,
1992; eff. Dec. 22, 1992.
F. Apr. 16, 1993; eff.
May 6, 1993.
New Rule of same title adopted. F. Mar. 4,
1998; eff. Mar. 24, 1998.
F. Sept. 5, 2002; eff.
Sept. 5, 2002.
Repealed: New Rule of same title adopted. F.
Sept. 25, 2007, eff.
Oct. 15, 2007.