Effective July 1, 2016, GCIC will conduct state and national fingerprint-based background checks of vendor personnel who are involved with the administration of criminal justice and have unescorted physical or virtual access to criminal justice information (CJI). The FBI CJIS Security Policy defines CJI as “data necessary for law enforcement agencies to perform their mission and enforce the laws” as well as “data necessary for civil agencies to perform their mission”.
All vendor employees vetted by GCIC must use the Georgia Applicant Processing Service (GAPS) for fingerprint submission; out-of-state vendors have the option of submitting ink, hard-copy fingerprint cards to GAPS. Here are some tips for using the GAPS website:
- The drop down box of the “Reason” field will default to “Non-Criminal Justice Contractor”. Select this option and proceed to the next field.
- In the “Position Applied for” field please enter your company name.
- If you are mailing ink, hard-copy fingerprint cards in lieu of electronic fingerprints, you must click the “Fingerprint Card User” check box, otherwise your request will be rejected.
Refer to the GAPS website for additional instructions.
All vendor employees with access to CJI must be vetted every 2 years. Please ensure your employees complete their bi-annual vetting within 90 days of their expiration date. If an employee is not vetted by their expiration date your company will be removed from the Vetted Vendor list.
In addition to a fingerprint-based check bi-annual vetting requires that all active employees sign the FBI Security Addendum and Awareness Statement and pass the Security Awareness training.
Direct questions about vetting to [email protected].
Authorization Process for Employees with Access to CJI
Once the results of the fingerprint-based background check are reviewed by GCIC personnel, you will be notified whether the employee is eligible to access CJI.
If the results of a criminal history record check (state or national) cause an adverse decision, GCIC will inform the person of all information pertinent to that decision. This disclosure will include information that a criminal history record check was conducted, the specific contents of the record and the effect the record had on the decision. The vendor will receive a letter stating whether the employee is eligible or ineligible to access CJI.
Additional information about obtaining criminal history record information for employment/licensing purposes is available through the GBI and Georgia Applicant Processing Service websites.
If a participating employee no longer works for the vendor, the Vendor Coordinator must notify GCIC Information Security immediately (FBI CJIS Security Policy 5.12.2).
Security Awareness Training
The FBI CJIS Security Policy states in Section 5.2 that "basic security awareness training shall be required within six months of initial assignment, and biennially thereafter, for all personnel who have access to CJI". The Policy establishes the minimum standard and allows local policy to be more stringent. Consequently, GBI requires that Security Awareness training be completed within 60 days. GCIC provides an easy way for vendors to keep track of personnel Security Awareness training through the GBI Learning Management System (LMS).
Vendor Coordinators must complete thein order to create an account in LMS for managing their employees’ Security Awareness training. Vendor employees should follow the instructions in the to complete their training. Thereafter, the vendor’s Coordinator can log into LMS to manage their employees’ training.
For more information, please contact GCIC Information Security at [email protected].