Statutes, codes, and regulations
Delaware Administrative Code
Title 1 - Authorities, Boards and CommissionsDelaware Criminal Justice Information System
Delaware Criminal Justice Information System Rules and Regulations
Section 1301-7.0 - Responsibilities of a Contracting Government Agency (CGA) and the Contractor

1 Del. Admin. Code § 1301-7.0

Download
PDF
Current through Register Vol. 28, No. 5, November 1, 2024
Section 1301-7.0 - Responsibilities of a Contracting Government Agency (CGA) and the Contractor
7.1 Responsibilities of a Contracting Government Agency (CGA)
7.1.1 CGA is subject to the CJIS Security Addendum and shall appoint an Agency Coordinator (AC).
7.1.2 The AC shall be responsible for the supervision and integrity of the system, training and continuing education of employees and operators, scheduling of initial training and testing, and all required reports by DELJIS.
7.1.3 The AC shall:
7.1.3.1 Understand the communications, records capabilities, and needs of the Contractor that is accessing federal and state records through or because of its relationship with the CGA.
7.1.3.2 Receive information from the CGA (e.g., system updates) and disseminate it to appropriate Contractor employees.
7.1.3.3 Maintain up-to-date records of the Contractor's employees who access the system, including name, date of birth, social security number, date fingerprint card submitted, date security clearance issued, and date initially trained, tested, certified or recertified (if applicable).
7.1.3.4 Ensure the training of Contractor personnel.
7.1.3.5 The AC must not permit unauthorized Contractor employees to access CJI or systems supporting CJI where access to CJI can be gained.
7.1.3.6 Where appropriate, ensure compliance by the Contractor with NCIC validation requirements.
7.1.3.7 Provide completed applicant fingerprint cards on each Contractor employee who accesses the system, whether direct or indirect, to the CGA for criminal background investigation prior to such employee accessing the system.
7.1.3.8 Any other responsibility for the AC promulgated by the DELJIS Board of Managers.
7.2 Responsibilities of the Contractor
7.2.1 Contractors must hold themselves to the highest ethical standards and must conduct themselves in a manner that will ensure the security, integrity, and confidentiality of the information contained within CJIS.
7.2.2 Contractors shall not access information contained within CJIS for any reason other than an authorized business-related reason.
7.2.3 Contractors agree to comply with Chapters 85 and 86 of Title 11 of the Delaware Code and these regulations.
7.2.4 Contractors must annually acknowledge that they have read and understand these regulations.
7.2.5 Contractors must complete DELJIS training prior to becoming an Authorized User. The Executive Director or designee may approve temporary or conditional access to CJIS by a Contractor before completing DELJIS training.
7.2.6 Contractors are required to follow the Records Retention and Destruction procedures provided in Section 15.0 of this regulation, that require CJIS, NCIC or NICS information be securely disposed of.
7.2.7 Contractors who improperly access or become aware of improper access of CJIS by another user, or by any other entity, shall immediately report the violation to the CGA, or directly to the DELJIS Security Manager or designee, and shall cooperate with and assist in the conduct of any administrative investigation pursuant to Section 12.0 of this regulation.
7.2.8 Contractors who have been arrested, charged, convicted of a criminal offense, a serious motor vehicle offense, or a violation in any jurisdiction shall notify the CGA or designee within 24 hours of the arrest, charge, or conviction.
7.2.9 Contractors must annually read and submit a Department of Technology and Information Acceptable Use Policy to DELJIS.
7.3 Indirect Access by Contractors. The CGA may only share CJIS information with a Contractor orally or via a secured and encrypted email, such as egress. Such email shall disable the ability of the Contractor to forward or print the information.
7.4 Contractors are responsible to ensure the security, integrity, and confidentiality of the information contained within CJIS, including to ensure that any computer system, service, product or deliverable interfacing with DELJIS or maintaining CJI complies with the standards and policies promulgated by DELJIS published at http://deljis.delaware.gov/policies, and as modified from time to time by DELJIS.
7.4.1 If any computer system, service, product or deliverable interfacing with DELJIS or maintaining CJI does not conform to DELJIS standards and policies, the Contractor shall either:
7.4.1.1 Replace it with a conforming equivalent; or
7.4.1.2 Modify it to conform to DELJIS standards and policies.
7.4.2 All Contractors interfacing with DELJIS or maintaining CJI must sign a CJIS Security Addendum.

1 Del. Admin. Code § 1301-7.0

18 DE Reg. 552 (1/1/2015)
25 DE Reg. 270 (9/1/2021)
26 DE Reg. 388 (11/1/2022) (Final)