CalDoJ conducts random audits of Private Service Providers (PSP) and Live Scan Service Providers (LSSP) every year. This doesn’t mean they will audit every PSP or LSSP. They will audit a subset of PSPs and LSSPs belonging to each livescan equipment vendor, like Fulcrum Biometrics. If you are selected, you will receive an email with the subject line: Teams Audit Scheduling – LSID:_____ You may have some questions, so please take a few minutes to read through this information.
WHAT IS A CALDOJ AUDIT?
This audit may have several purposes. I’m aware of a couple, but there could be as many as five requirements that they want to verify. These are the five requirements that we have shared with you during your onboarding process. I would like to put these requirements top-of-mind so that our customers can confirm their own compliance prior to an audit.
1) Verify that you are not keeping livescan transactions beyond 30-days.
2) Verify that your operating system has been upgraded to Windows 11 Pro.
3) Verify that your Validation Tables are not older than 30 days.
4) Verify that only people with an FPC# (fingerprint rolling certificate) are using the system and are not sharing accounts.
5) Verify that the livescan system is being used for fingerprinting purposes only.
6) Verify that you are properly safeguarding Personally Identifiable Information (PII) when creating fingerprint records.
HOW CAN I PREPARE?
1) If your computer is still running Windows 10 Pro, you can upgrade it to Windows 11. It is recommended that you add 8GB of RAM for performance reasons. If your computer is more than 3 years old, you may want to buy a new computer. Be advised that another cert test with CalDoJ must be scheduled if you decide to replace your computer. You will need to contact support@fulcrumbiometrics.com, but only if you have an active support subscription with Fulcrum Biometrics.
2) Verify that you are not keeping fingerprint records that were submitted to CalDoJ more than 30 days. Your California Livescan User Guide shows you how to set up a transaction cleanup on page 9. Email training@fulcrumbiometrics.com if you can’t find this guide and need it sent to you.
3) Verify that your validation tables are up to date. They should not be older than 30 days. Your California Livescan User Guide shows you how to verify this and update your tables if they are older than 30 days. Email training@fulcrumbiometrics.com if you can’t find this guide and need it sent to you.
4) Make sure that only people with FPC#s have access to the livescan system and are logging in with their own user account.
5) CalDoJ will ask for a screenshot of your system. If they see that you have a bunch of other applications on your computer, they will determine that this computer is being used for more than just fingerprinting purposes. This is a big no no.
6) Make sure that the fingerprinting setup includes privacy so that Personally Identifiable Information (PII) is not disclosed to people who are not authorized to have this information.
WHAT HAPPENS IF I AM FOUND NON-COMPLIANT?
You will probably receive guidance on how to comply and will be given a deadline to comply. If you fail to comply there will be an escalation process to help you get into compliance. It is best to prepare and be cooperative with CalDoJ to comply with their requirements for safeguarding Personally Identifiable Information (PII) and making sure your livescan system is updated so that you can continue with your fingerprint submissions to CalDoJ.
Please let me know if you have any questions or if you need assistance. I'm your account manager in California and always very happy to help you.
CalDoJ conducts random audits of Private Service Providers (PSP) and Live Scan Service Providers (LSSP) every year. This doesn’t mean they will audit every PSP or LSSP. They will audit a subset of PSPs and LSSPs belonging to each livescan equipment vendor, like Fulcrum Biometrics. If you are selected, you will receive an email with the subject line: Teams Audit Scheduling – LSID:_____ You may have some questions, so please take a few minutes to read through this information.
WHAT IS A CALDOJ AUDIT?
This audit may have several purposes. I’m aware of a couple, but there could be as many as five requirements that they want to verify. These are the five requirements that we have shared with you during your onboarding process. I would like to put these requirements top-of-mind so that our customers can confirm their own compliance prior to an audit.
1) Verify that you are not keeping livescan transactions beyond 30-days.
2) Verify that your operating system has been upgraded to Windows 11 Pro.
3) Verify that your Validation Tables are not older than 30 days.
4) Verify that only people with an FPC# (fingerprint rolling certificate) are using the system and are not sharing accounts.
5) Verify that the livescan system is being used for fingerprinting purposes only.
6) Verify that you are properly safeguarding Personally Identifiable Information (PII) when creating fingerprint records.
HOW CAN I PREPARE?
1) If your computer is still running Windows 10 Pro, you can upgrade it to Windows 11. It is recommended that you add 8GB of RAM for performance reasons. If your computer is more than 3 years old, you may want to buy a new computer. Be advised that another cert test with CalDoJ must be scheduled if you decide to replace your computer. You will need to contact support@fulcrumbiometrics.com, but only if you have an active support subscription with Fulcrum Biometrics.
2) Verify that you are not keeping fingerprint records that were submitted to CalDoJ more than 30 days. Your California Livescan User Guide shows you how to set up a transaction cleanup on page 9. Email training@fulcrumbiometrics.com if you can’t find this guide and need it sent to you.
3) Verify that your validation tables are up to date. They should not be older than 30 days. Your California Livescan User Guide shows you how to verify this and update your tables if they are older than 30 days. Email training@fulcrumbiometrics.com if you can’t find this guide and need it sent to you.
4) Make sure that only people with FPC#s have access to the livescan system and are logging in with their own user account.
5) CalDoJ will ask for a screenshot of your system. If they see that you have a bunch of other applications on your computer, they will determine that this computer is being used for more than just fingerprinting purposes. This is a big no no.
6) Make sure that the fingerprinting setup includes privacy so that Personally Identifiable Information (PII) is not disclosed to people who are not authorized to have this information.
WHAT HAPPENS IF I AM FOUND NON-COMPLIANT?
You will probably receive guidance on how to comply and will be given a deadline to comply. If you fail to comply there will be an escalation process to help you get into compliance. It is best to prepare and be cooperative with CalDoJ to comply with their requirements for safeguarding Personally Identifiable Information (PII) and making sure your livescan system is updated so that you can continue with your fingerprint submissions to CalDoJ.
Please let me know if you have any questions or if you need assistance. I'm your account manager in California and always very happy to help you.
Sincerely,
Kathleen
0 Votes
0 Comments
Login or Sign up to post a comment