Dissemination of Criminal Record Information policy

Date: 2014-06-24

Table of Contents

  1. Purpose
  2. Definitions
  3. Application
  4. Effective Date
  5. CPIC Policy Breach
  6. Working Group
  1. Agreement between CPIC Agency and For Profit Third Party Company
  2. Identity Verification
  1. Informed Consent
  2. Online Criminal Record Checks
  3. Retention of Data for Auditing Purposes
  4. CNI/CRS Queries - GENERAL
  5. CNI/CRS Queries - Standard Response Messages
  6. Release of Criminal Record Convictions by Police of Jurisdiction
  7. Disclosure of a Certified Criminal Record
  8. Investigative and Intelligence Databanks and Police Information Portal
  9. Virtual Front Counter
  10. Accreditation Standards

© (2010) HER MAJESTY THE QUEEN IN RIGHT OF CANADA as represented by the Royal Canadian Mounted Police (RCMP).

Executive Summary

This policy governs the use of the Canadian Police Information Centre (CPIC) system for police services that conduct Criminal Record and Vulnerable Sector Verifications. It is based on the Ministerial Directive Concerning the Release of Criminal Record Information by the Royal Canadian Mounted Police (RCMP).

In Canada, individuals may be required to have a criminal record check completed for employment, volunteer work, and other civil screening purposes. This policy identifies the various types of criminal record checks, and the requirements for accessing the CPIC system and disclosing criminal record information in support of civil screening. The policy contains specific requirements for conducting criminal record checks including obligations for: identity verification; obtaining informed consent; and, partnering with background screening companies. Police services must abide by this policy when conducting Criminal Record and Vulnerable Sector Verifications.

Criminal Record Verification: This process verifies whether an individual has a criminal record and provides any relevant details contained within the National Criminal Records Repository.

  • A certified Criminal Record Verification requires fingerprints.
  • Should a certified Criminal Record Verification not be required, a name-based verification may be conducted. Individuals with a criminal record must declare their criminal record information, which a police service will confirm if the information matches a criminal record contained within the National Repository (If a match is confirmed, a police service also has the option of providing individuals with a copy of their criminal convictions record in accordance with this policy). If a police service cannot match an individual's declaration to a criminal record contained within the National Repository, fingerprints are required.

Vulnerable Sector Verification: This process verifies whether an individual has a criminal record, including the existence of any pardoned sex offences, and provides any relevant details contained within the National Criminal Records Repository. Individuals applying to work in paid or volunteer positions where they will be in contact with children or other vulnerable persons may be required to undergo a Vulnerable Sector Verification.

  • A certified Vulnerable Sector Verification requires fingerprints.
  • Should a certified Vulnerable Sector Verification not be required, a name-based verification may be conducted. If the verification is inconclusive as to the existence of a pardoned sex offence, or an individual's declared criminal record does not match a criminal record contained within the National Repository, fingerprints are required.
  • A Vulnerable Sector Verification also includes a query of CPIC investigative and intelligence records, and of local police records.

It is anticipated that the Ministerial Directive and this policy will remain in effect until the RCMP criminal records system is fully automated and fingerprints are required for all Criminal Record and Vulnerable Sector Verifications.

General

1. Purpose

  1. 1.1 Identify policies for CPIC Agencies that are conducting Criminal Record and/or Vulnerable Sector Name Checks.

2. Definitions

  1. 2.1 The following definitions, used in singular or plural context, apply throughout this policy.

RCMP Business Lines

Policing Support Services: Policing Support Services (PSS) is responsible for providing support services to front line police officers, including: service lines that interact with units internal to the RCMP; and service lines that provide services to external RCMP partners.

National Police Services: National Police Services (NPS) supports Canada's law enforcement community through service lines that provide: forensic analyses of criminal evidence; criminal records information; identification services; technological support; and enhanced learning opportunities and coordination of criminal information and intelligence.

Forensic Science and Identification Services: Forensic Science and Identification Services (FS&IS) is an integral part of NPS, with a mandate to provide quality investigative support services for front line policing. FS&IS provides a wide range of forensic programs and services to clients in Canada and internationally through forensic science services, crime scene forensic identification, fingerprint identification and criminal record repositories, and the National DNA Data Bank.

Canadian Criminal Real Time Identification Services: A key component of FS&IS, the Canadian Criminal Real Time Identification Services (CCRTIS) maintains the RCMP National Repository of Criminal Records and is mandated to provide direct operational support to the Canadian law enforcement, criminal justice and public security communities, as well as international partners such as the Federal Bureau of Investigation (FBI) and INTERPOL for criminal, civil and immigration purposes. CCRTIS is the national provider of biometric-based criminal record verifications for civil and criminal court purposes as well as the security screening environment for all levels of government and the general public.

Canadian Police Information Centre: The Canadian Police Information Centre (CPIC) provides a computerized information system that supplies authorized CPIC agencies with tools and information to assist in combating crime. CPIC is operated by the RCMP under the stewardship of FS&IS, on behalf of the Canadian law enforcement community.

Repository

RCMP National Repository of Criminal Records: Canada's repository of criminal records relating to individuals that have been charged with indictable and/or hybrid offences. Since the Identification of Criminals Act only allows the taking of fingerprints in relation to indictable or hybrid offences and the RCMP National Repository of Criminal Records is fingerprint-based, the National Repository only contains information relating to these two categories of offences. Summary conviction offences are only included in the National Repository if submitted to the RCMP as part of an occurrence involving an indictable or hybrid offence. With the exception of "young person" indictable or hybrid offence convictions, police agencies are not required by law to report offences to the RCMP. A search of local police records may reveal criminal record information that has not been reported to the RCMP.

Systems

Canadian Police Information Centre (CPIC): CPIC is a computerized information system providing all Canadian law enforcement agencies with information on crimes and criminals. Electronically accessed by authorized agencies based on name and date of birth queries.

Real Time Identification (RTID) System: The RTID system is part of a major Crown project designed to improve the efficiency of Canada's national fingerprint and criminal record repository. It will replace outdated paper processes and legacy systems with re-engineered workflows and automation. Electronically accessed by authorized agencies based on fingerprint submissions.

Data Banks

Ancillary Data Bank: Contains information on vehicle registered owners, driver's licences, wandering persons, Interpol and penitentiary inmates. The information is contributed to and maintained by the originating agencies, and is used to supplement investigative information.

Identification Data Bank: Comprised of three (3) data sets, including: 1) offender's criminal record information; 2) summary of offender's biographical and offence information; and 3) indexed summary of offender names for rapid search. CCRTIS is the only entity that is authorized to update, delete, and/or modify information within the Identification Data Bank. Lawfully obtained fingerprints support each criminal record entry in the Identification Data Bank. This information is collected by virtue of Personal Information Bank (PIB) CMP PPU 030, pursuant to the Privacy Act.

Intelligence Data Bank: Records are entered directly into the CPIC system by agencies in support of gathering criminal intelligence.

Investigative Data Bank: Records are entered directly into the CPIC system by agencies in support of law enforcement investigations. The information is contributed and maintained by police agencies on wanted and missing persons, stolen vehicles, stolen boats and other stolen or lost property. Databank includes Accused, Court Action, Missing, Parolee, and Wanted as categories of person in CPIC records. This information is collected by virtue of Personal Information Bank (PIB) CMP PPU 005, pursuant to the Privacy Act.

Types of Record Checks

Criminal Record and/or Vulnerable Sector Name Checks: Used throughout this policy to generically refer to Name-based Criminal Record Verifications and/or Name-based Vulnerable Sector Verifications.

Name-based Criminal Record Verification: A query, based on name and date-of-birth, of active criminal files in the RCMP National Repository of Criminal Records. Used to determine the possible existence of a criminal record. Generally used as a preliminary search only to determine if a Fingerprint-based Criminal Record Verification may be required.

Name-based Vulnerable Sector Verification: A query, based on name and date-of-birth, of active criminal files in the RCMP National Repository of Criminal Records, and pardoned criminal files associated with sexually-based offences. Used to determine the possible existence of a criminal record and a sexual offence conviction for which an individual has received a pardon. Must also include a query of the CPIC Investigative Data Bank and CPIC Intelligence Data Bank, and a query of local police records where the Applicant resides. Must be conducted by the CPIC Agency of local jurisdiction where the Applicant resides. A Fingerprint-based Vulnerable Sector Verification is required if the Name-based Vulnerable Sector Verification is inconclusive as to the existence of a sexual offence conviction for which the individual received a pardon.

Fingerprint-based Criminal Record Verification: A fingerprint-based search of active criminal files in the RCMP National Repository of Criminal Records. The results of the search will produce a Certified Criminal Record product.

Fingerprint-based Vulnerable Sector Verification: A fingerprint-based search of active criminal files in the RCMP National Repository of Criminal Records, and pardoned criminal files associated with sexually-based offences. Used to verify the existence of a criminal record and a sexual offence conviction for which an individual has received a pardon. Produces a summary of an individual's offence convictions, non-convictions (where authorized) and sexual offence convictions for which the individual has received a pardon (where authorized) that are releasable in accordance with federal laws. The RCMP requires approval from the Minister of Public Safety to disclose a criminal file containing pardoned sexual offences to a police service, and a police service requires written consent from the subject of the search to disclose the criminal file to the requesting organization, pursuant to the Criminal Records Act. Must also include a query of the CPIC Investigative Data Bank and CPIC Intelligence Data Bank, and a query of local police records where the Applicant resides. Must be conducted by the CPIC Agency of local jurisdiction where the Applicant resides. The results of this verification will produce a Certified Vulnerable Sector product.

Police Information Check: The most comprehensive type of check. Includes a query based on name and date of birth of a local police agency's records management system, commonly referred to as a local indices check, in addition to queries of CPIC Identification, Investigative, and Intelligence Databanks. The query may also include a search of court records, and a query of records management systems in other police agencies' jurisdictions. The results of this query may produce a Police Information Product. Must be conducted in conjunction with a Name-based or Fingerprint-based Vulnerable Sector Verification.

Police Criminal Record Check: Includes a query of a local police agency's records management system and other systems/records where authorized. Used to produce a collection of offence conviction information. The results of this query may produce a Police Criminal Record Product.

Record Products

Certified Criminal Record Product: A collection of an individual's offence convictions and non-convictions (where authorized) that are releasable in accordance with federal laws. Based on the results of a Fingerprint-based Criminal Record Verification.

Certified Vulnerable Sector Product: A collection of an individual's offence convictions, non-convictions (where authorized) and sexual offence convictions for which the individual has received a pardon (where authorized) that are releasable in accordance with federal laws. Pursuant to the Criminal Records Act, the product applies to individuals that intend to work and/or volunteer with Vulnerable Person(s). Based on the results of a Fingerprint-based Vulnerable Sector Verification. Based on the Applicant's consent for disclosure, a Certified Vulnerable Sector Product containing pardoned sex offender records must be issued directly to the authorized Vulnerable Sector organization by a CPIC Agency of local jurisdiction where the Applicant resides.

Police Information Product: The most comprehensive collection of offence information, including conviction and non-conviction information available from a local police agency's records management system and other systems/records where authorized. The disclosure of information from a local police agency's records management system is pursuant to local police agency policies and procedures. Based on the results of a Police Information Check.

Police Criminal Record Product: A collection of offence conviction information from a local police agency's records management system and other systems/records where authorized. The disclosure of information from a local police agency's records management system is pursuant to local police agency policies and procedures. Based on the results of a Police Criminal Record Check.

Criminal Record Criteria

Absolute Discharge (Adult): The accused is not convicted, but found guilty of an offence and is discharged with no conditions. Absolute Discharges do not usually contribute to an individual's certified criminal record, but may contribute to local police records. Pursuant to the Criminal Code.

Absolute Discharge (Youth): The accused is not convicted, but found guilty of an offence and is discharged with no conditions. Pursuant to the Youth Criminal Justice Act.

Conditional Discharge (Adult): The accused is not convicted, but found guilty of an offence and is discharged with conditions listed in a probation order. Conditional Discharges do not usually contribute to an individual's certified criminal record, but may contribute to local police records. Pursuant to the Criminal Code.

Conditional Discharge (Youth): The accused is not convicted, but found guilty of an offence and is discharged with conditions. Pursuant to the Youth Criminal Justice Act.

Criminal Name Index (CNI): CPIC query function based on name and date of birth. Used to match names against possible criminal records.

Dual-Procedure Offence: Also referred to as a Hybrid offence. An offence that can either be prosecuted as a summary conviction offence or an indictable offence. The Crown chooses the mode of prosecution. Dual-procedure offences contribute to an individual's certified criminal record.

Indictable Offence: An indictable offence is more serious than a summary conviction offence. Conviction of an indictable offence exposes the offender to greater penalties and contributes to an individual's certified criminal record.

Provincial Offence (POA): The provincial legislation governing the prosecution of provincial offences, and municipal by-law infractions. (Examples: the Highway Traffic Act, the Occupational Health and Safety Act, and the Environmental Protection Act.). Provincial offences do not contribute to an individual's certified criminal record.

Summary Conviction Offence: A Summary Conviction Offence encompasses minor offences in the Criminal Code (e.g. cause disturbance, harassing telephone calls.) and in other laws at the federal and provincial level. Summary conviction offences do not contribute to an individual's certified criminal record unless submitted to CCRTIS with an indictable or dual-procedure offence.

Other

Agent: Any party (e.g. CPIC Agency, For Profit Third Party Company) involved with conducting Criminal Record and/or Vulnerable Sector Name Checks.

Agreement: A written agreement (e.g. contract, legal agreement, Memorandum of Understanding (MOU)) that identifies the participating obligations of both the CPIC Agency and the For Profit Third Party Company for the purposes of conducting Criminal Record and/or Vulnerable Sector Name Checks.

Applicant: An individual undergoing a Criminal Record and/or Vulnerable Sector Name Check.

Authorized Body: As described in the Criminal Records Act, an Authorized Body may conduct a Vulnerable Sector Verification. Policies applicable to CPIC Agencies for Vulnerable Sector Verifications also apply to Authorized Bodies.

Civil Screening: In support of screening an individual for reliability/security purposes, Civil Screening involves a name-based verification or fingerprint-based verification (where required) of an individual's registered criminal record in the RCMP National Repository of Criminal Records. Verification is completed for non-criminal purposes, including employment, adoption, volunteer work, foreign travel and legal name changes. Verification may also be completed for Vulnerable Sector purposes (where authorized), which would include verification of any sexually-based offences for which the individual received a pardon.

Client: A private and/or public organization that utilizes the services of a For Profit Third Party Company for the purposes of conducting a Name-based Criminal Record Verification and/or brokering and transmitting Applicant data directly to a CPIC Agency in support of a Name-based Vulnerable Sector Verification.

CPIC Agency: A Canadian police agency that is authorized to access the Canadian Police Information Centre (CPIC) for the purposes of conducting Criminal Record and/or Vulnerable Sector Name Checks.

CPIC Field Operations: Includes: RCMP CPIC Field Operation Sections; Ontario Public Safety Division (PSD) for provincial/municipal agencies in the Province of Ontario; Ontario Provincial Police (OPP) for OPP agencies; le Centre de renseignements policiers du Quebec (CRPQ) for provincial/municipal agencies in the Province of Quebec; and, Canada Border Services Agency (CBSA).

Declaration of Criminal Record: A process whereby the Applicant declares all offence convictions to the CPIC Agency in accordance with CPIC policy requirements and federal laws. Based on the declared criminal record information, the CPIC Agency may confirm that the Applicant's declared criminal record information possibly matches to a registered criminal record held at the RCMP National Repository of Criminal Records, pursuant to CPIC policy requirements.

Electronic Identity Verification: A process, in accordance with CPIC policy requirements and applicable privacy laws, whereby the identity of an Applicant is authenticated through answering questions from the Applicant's consumer credit file. An Electronic Identity Verification (EIV) solution must be developed by one of Canada's major credit reporting agencies, and must, at minimum, meet standards for EIV that may be employed by Canada's major banks and/or financial institutions. May be used in support of a Criminal Record and/or Vulnerable Sector Name Check.

Identity Documents: A document, in accordance with CPIC policy requirements and applicable privacy laws that may be used to authenticate an Applicant's identity in support of a Criminal Record and/or Vulnerable Sector Name Check.

Informed Consent: A process whereby an Applicant is informed, in accordance with CPIC policy requirements and applicable privacy laws, about the use of the Applicant's personal information in support of a Criminal Record and/or Vulnerable Sector Name Check.

Physical Verification: A process using Identity Documents, in accordance with CPIC policy requirements and applicable privacy laws, whereby the identity of an Applicant is authenticated in support of a Criminal Record and/or Vulnerable Sector Name Check.

For Profit Third Party Company: A private or public organization that charges a cost-for-service in support of conducting a Name-based Criminal Record Verification and/or brokering and transmitting Applicant data directly to a CPIC Agency in support of a Name-based Vulnerable Sector Verification. A For Profit Third Party Company is commonly referred to as a background screening company.

Non Profit Third Party Company: A private or public organization that is engaged with a CPIC Agency for conducting Criminal Record and/or Vulnerable Sector Name Checks, but does not charge a cost-for-service. The organization generally conducts Name-based Criminal Record Verifications and/or brokers and transmits Applicant data directly to a CPIC Agency in support of Name-based Vulnerable Sector Verifications for internal security screening purposes. As soon as the organization charges a cost-for-service in support of conducting a Name-based Criminal Record Verification and/or brokering and transmitting Applicant data directly to a CPIC Agency in support of a Name-based Vulnerable Sector Verification, the definition of For Profit Third Party Company applies.

Virtual Front Counter: A means of automating a portion of the Criminal Record and/or Vulnerable Sector Name Check process. Pursuant to an Agreement between a CPIC Agency and a For Profit Third Party Company. The process usually involves a For Profit Third Party Company and must meet CPIC policy requirements, whereby an Applicant's personal information is securely transmitted to the CPIC Agency for the purposes of conducting a Criminal Record and/or Vulnerable Sector Name Check. For a Vulnerable Sector Verification, a CPIC Agency must provide results directly to the Applicant or authorized Vulnerable Sector organization, pursuant to the Criminal Records Act.

Vulnerable Person: A person who, because of their age, a disability or other circumstances, whether temporary or permanent are (a) in a position of dependence on others or (b) are otherwise at a greater risk than the general population of being harmed by a person in a position of authority or trust relative to them, pursuant to the Criminal Records Act.

Young Person: The Youth Criminal Justice Act defines a young person as someone twelve years of age or older, but less than eighteen years of age.

3. Application

  1. 3.1 This policy applies to CPIC Agencies and all Agents that are involved with conducting Criminal Record and/or Vulnerable Sector Name Checks.
  2. 3.2 CPIC Agencies shall reference these policies in conjunction with all other CPIC policy requirements. In instances where these policies conflict with other CPIC policy requirements, these policies shall take precedence.
  3. 3.3 A CPIC Agency is solely responsible for ensuring that all Agents adhere to the policies where applicable.

4. Effective Date

  1. 4.1 This policy takes effect on August 4, 2010. It replaces the December 8, 2009 Interim Policy: Dissemination of Criminal Record Information.
  2. 4.2 This policy was updated on March, 12, 2012 to include provisions for Electronic Identity Verification (EIV).

5. CPIC Policy Breach

  1. 5.1 Any breach in policy will be investigated by the CPIC Field Operations unit within the appropriate territorial boundary, and sanctions will be undertaken as necessary.

6. Working Group

  1. 6.1 This policy was developed with the support of the Dissemination of Criminal Record Information Policy Working Group.
  2. 6.2 The Working Group is comprised of representatives from Canadian police services, federal and provincial ministries of public safety and the Office of the Privacy Commissioner of Canada.
  3. 6.3. Refer to the Dissemination of Criminal Record Information Policy Working Group: Terms of Reference for more information regarding the mandate of the Working Group.

Policy

7. Agreement between CPIC Agency and For Profit Third Party Company

  1. 7.1 A CPIC Agency must enter into an Agreement with the For Profit Third Party Company for whom they are conducting Criminal Record and/or Vulnerable Sector Name Checks. This Agreement must be submitted to the RCMP for review and approval to ensure that the Agreement conforms to applicable legislation, the Ministerial Directive and CPIC policy. The CPIC Agency is not permitted to conduct Criminal Record and/or Vulnerable Sector Name Checks on behalf of a For Profit Third Party Company until such time that the Agreement is approved by the Director General of the CPI Centre and the Director General of CCRTIS.
    1. 7.1.1 The Agreement must identify that the CPIC Agency authorizes the For Profit Third Party Company to act as an Agent on behalf of the CPIC Agency for the purposes of conducting Criminal Record and/or Vulnerable Sector Name Checks, and as an Agent on behalf of the Applicant for the purposes of performing a Criminal Record and/or Vulnerable Sector Name Check.
    2. 7.1.2 The Agreement must identify all Agents involved with conducting Criminal Record and/or Vulnerable Sector Name Checks, including any subcontracting work.
    3. 7.1.3 Any applicable consent requirements between the Applicant and Agent(s) must be clearly identified.
    4. 7.1.4 The Agreement must identify the policies that apply to all involved Agents.
    5. 7.1.5 The Agreement must identify that the RCMP is indemnified of all claims or demands of any kind caused by the Agreement. This condition will also be included in any arrangements (e.g. Memorandum of Understanding) between the RCMP and the CPIC Agency for the purposes of accessing CPIC.
    6. 7.1.6 The Agreement must identify that the CPIC Agency is solely responsible for ensuring that any retained data, pursuant to Section 11 of this policy, is immediately made available to CPIC for auditing purposes.
    7. 7.1.7 The Agreement must identify that the For Profit Third Party Company has met all of the Accreditation Standards in this policy.
    8. 7.1.8 A CPIC Agency must make copies of all Agreements available to the appropriate CPIC Field Ops for auditing purposes.
    9. 7.1.9 Approval of an Agreement may be withdrawn at the discretion of the Director General of the CPI Centre and the Director General of CCRTIS.

8. Identity Verification

  1. 8.1 A CPIC Agency is responsible for applying the minimum Identity Verification requirements set forth in this policy in consideration with any specific provincial considerations.
  2. 8.2 A CPIC Agency head or delegate thereof must be satisfied that an Applicant's identity is authenticated prior to performing a Criminal Record and/or Vulnerable Sector Name Check.
  3. 8.3 The CPIC Agency must verify that the Applicant's identity was authenticated prior to releasing the results of a Criminal Record and/or Vulnerable Sector Name Check.
  4. 8.4 Proof of Identity Verification must be retained by the CPIC Agency in accordance with the provisions of relevant privacy legislation, CPIC Agency retention and disposal schedules, and Section 11 of this policy.

Physical Identity Verification

  1. 8.5 An Applicant must provide government-issued identification prior to undergoing a Criminal Record and/or Vulnerable Sector Name Check when appearing in person in front of one of the Agents.
    1. 8.5.1 An Applicant must provide: two (2) valid pieces of identification, one of which must be government-issued and include the Applicant's name, date of birth, signature and photo.
  2. 8.6 The CPIC Agency head or delegate thereof must be satisfied that an Applicant's identity, including the original Identity Documents described in Section 8.5.1 of this policy, are physically verified by a trusted Agent.

Electronic Identity Verification

  1. 8.7 As a substitute for Physical Identity Verification, a CPIC Agency and/or For Profit Third Party Company may employ Electronic Identity Verification (EIV) to authenticate the identity of an Applicant.
    1. 8.7.1 A CPIC Agency's solution for EIV must be identified in the Agreement between the CPIC Agency and the For Profit Third Party Company, or in a separate document if the CPIC Agency intends to directly employ EIV.
  2. 8.8 If an Applicant fails EIV, the Applicant must undergo Physical Identity Verification as identified in Section 8.5 of this policy, in order to complete the Criminal Record and/or Vulnerable Sector Name Check.
  3. 8.9 All other policy requirements apply to Criminal Record and Vulnerable Sector Name Checks.

9. Informed Consent

  1. 9.1 An Applicant must grant consent prior to undergoing a Criminal Record and/or Vulnerable Sector Name Check.
  2. 9.2 The Informed Consent form(s) must be completed and signed by the Applicant, and witnessed by at least one of the Agents.
  3. 9.3 Legible copies of the Informed Consent form(s) must be retained by the CPIC Agency in accordance with the provisions of relevant privacy legislation, CPIC Agency retention and disposal schedules, and Section 11 of this policy.
  4. 9.4 A CPIC Agency is responsible for applying the minimum Informed Consent requirements set forth in this policy in consideration with any specific provincial considerations.
  5. 9.5 The CPIC Agency head or delegate thereof must be satisfied that the informed consent requirements have been completed by the Applicant and verified by a trusted Agent prior to conducting a Criminal Record and/or Vulnerable Sector Name Check.
    1. 9.5.1 A CPIC Agency must verify the Applicant's Informed Consent Documents (original or legible copies) prior to releasing the results of a Criminal Record and/or Vulnerable Sector Name Check.
  6. 9.6 An Informed Consent form(s) must include the following minimum criteria:
    1. 9.6.1 Identification of the Applicant: surname; given name(s); sex; date of birth; place of birth; current address; previous addresses, if any, within last five (5) years.
    2. 9.6.2 Reason for the Consent: purpose of the Criminal Record and/or Vulnerable Sector Name Check; description of position; name of person or organization requiring the Criminal Record and/or Vulnerable Sector Name Check.
    3. 9.6.3 Signature of Applicant: Applicant should clearly understand and sign to the purpose and intent of the Criminal Record and/or Vulnerable Sector Name Check.
    4. 9.6.4 Consent information must clearly indicate that a search of the RCMP National Repository of Criminal Records will be conducted based on the name(s), date of birth, and declared criminal record history provided by the Applicant.
      1. 9.6.4.1 Consent information must clearly indicate all databanks that are queried based on the type of verification.
        1. 9.6.4.1.1 A name-based verification must indicate if a query of the CPIC Investigative Data Bank and CPIC Intelligence Data Bank was conducted.
        2. 9.6.4.1.2 A name-based Vulnerable Sector Verification must indicate that a query of the Identification Data Bank, including pardoned sex offender records, is conducted. A name-based Vulnerable Sector Verification must also indicate that a query of a CPIC Agency's local police records and the CPIC Investigative Data Bank and CPIC Intelligence Data Bank are conducted.
    5. 9.6.5 Declaration of Criminal Record: Applicant must declare all convictions for offences under federal law.
      1. 9.6.5.1 Applicant should not declare:
        1. 9.6.5.1.1 A conviction for which the Applicant has received a Pardon in accordance with the Criminal Records Act;
        2. 9.6.5.1.2 A conviction where the Applicant was a "young person" under the Youth Criminal Justice Act;
        3. 9.6.5.1.3 An Absolute or Conditional Discharge, pursuant to section 730 of the Criminal Code;
        4. 9.6.5.1.4 An offence for which the Applicant was not convicted;
        5. 9.6.5.1.5 Any provincial or municipal offence, and;
        6. 9.6.5.1.6 Any charges dealt with outside of Canada.
      2. 9.6.5.2 Caveats must accompany an Applicant's declared criminal record to identify the following:
        1. 9.6.5.2.1 Declaration of Criminal Record does not constitute a Certified Criminal Record by the RCMP;
        2. 9.6.5.2.2 Declaration of Criminal Record may not contain all criminal record convictions;
        3. 9.6.5.2.3 A Certified Criminal Record can only be issued by CCRTIS based on the submission of fingerprints to the RCMP National Repository of Criminal Records.
  7. 9.7 Consent information should include requirements as identified in the Criminal Records Regulations (SOR/2000-303) if the search is being conducted for the purposes of a Name-based Vulnerable Sector Verification.

10. Online Criminal Record Checks

  1. 10.1 In accordance with Section 7 of this policy, an online Criminal Record and/or Vulnerable Sector Name Check process must undergo assessment by the RCMP to ensure policy compliance prior to approval for the implementation of an online Criminal Record and/or Vulnerable Sector Name Check process.
    1. 10.1.1 An online Criminal Record and/or Vulnerable Sector Name Check process must be approved by the Director General of the CPI Centre and the Director General of CCRTIS.
    2. 10.1.2 An online Criminal Record and/or Vulnerable Sector Name Check process must include all Identity Verification requirements in this policy, including requirements for Identity Verification and Informed Consent.
  2. 10.2 The CPIC Agency head or delegate thereof must be satisfied with the online Criminal Record and/or Vulnerable Sector Name Check process regarding the authentication of the Applicant's identity.
  3. 10.3 The online Criminal Record and/or Vulnerable Sector Name Checks process must be clearly identified in the Agreement between the CPIC Agency and the For Profit Third Party Company, pursuant to Section 7 of this policy.
    1. 10.3.1 The Agreement between the CPIC Agency and the For Profit Third Party Company (Section 7) must clearly identify how the online Criminal Record and/or Vulnerable Sector Name Check process accounts for the applicable Identity Verification requirements in Sections 8 and 9 of this policy. Other forms of Informed Consent and Identity Verification may be used to supplement the requirements, but are not considered substitutes for the minimum requirements in this policy.
  4. 10.4 An audit trail of the process for each online Criminal Record and/or Vulnerable Sector Name Check must be retained by the CPIC Agency in accordance with the provisions of relevant privacy legislation, CPIC Agency retention and disposal schedules, and Section 11 of this policy.
  5. 10.5 The transmission of electronic data must be secure.
    1. 10.5.1 The CPIC Agency is responsible for securing the electronic transmission of data involved with online Criminal Record and/or Vulnerable Sector Name Checks.
    2. 10.5.2 The method for securing the electronic transmission of data must be clearly identified in the Agreement between the CPIC Agency and the For Profit Third Party Company, pursuant to Section 7 of this policy.
  6. 10.6 The online Criminal Record and/or Vulnerable Sector Name Check process must authenticate the identity of the Applicant, pursuant to Sections 8 and 9 of this policy.
    1. 10.6.1 The CPIC Agency is responsible for ensuring that the online Criminal Record and/or Vulnerable Sector Name Check process authenticates the identity of the Applicant.
  7. 10.7 An online process involving a Name-based Vulnerable Sector Verification must ensure that results are sent directly to the Applicant or authorized vulnerable sector organization only.
  8. 10.8 The Virtual Front Counter requirements in this policy apply to online Criminal Record and/or Vulnerable Sector Name Checks.

11. Retention of Data for Auditing Purposes

  1. 11.1 Agreements, proof of Identity Verification, Informed Consent documents, and standard response messages for Criminal Record and/or Vulnerable Sector Name Checks as identified in this policy must be retained by the CPIC Agency for a minimum of two (2) years for CPIC audit purposes.
  2. 11.2 Retained information must be immediately made available by the CPIC Agency to the appropriate CPIC Field Ops for auditing purposes.
    1. 11.2.1 Data must be retained in Canada.
  3. 11.3 The CPIC Agency is responsible for ensuring that the Applicant is informed of the data retention requirements, pursuant to the Informed Consent requirements in Section 9 of this policy.

12. CNI/CRS Queries - GENERAL

  1. 12.1 Criminal Name Index/ Criminal Record Synopsis (CNI/CRS) queries are pursuant to all provisions relating to Civil Screening, including the Ministerial Directive Concerning the Release of Criminal Record Information by the Royal Canadian Mounted Police.
  2. 12.2 When conducting a CNI/CRS query in support of a Criminal Record and/or Vulnerable Sector Name Check, the CPIC Agency must use all names of the Applicant, including: given name(s); surname; maiden name (if applicable); and any name(s) that were changed in accordance with a legal name change (if applicable).
  3. 12.3 All employees of a CPIC Agency that conduct Criminal Record and/or Vulnerable Sector Name Checks should successfully complete the CPIC Query/Narrative course prior to performing CNI/CRS queries. The CPIC Query/Narrative course is available online through the Canadian Police Knowledge Network (CPKN).
  4. 12.4 A CPIC Agency is responsible for ensuring that a For Profit Third Party Company provides the appropriate CNI/CRS response messages to the Applicant (or third party as authorized by the Applicant).
  5. 12.5 A CPIC Agency is not permitted to access the data bank of the National Crime Information Center (NCIC) or the INTERPOL I-24/7 system via CPIC when conducting a Criminal Record and/or Vulnerable Sector Name Check.
  6. 12.6 Legible copies of CNI/CRS standard response messages issued by a CPIC Agency and any For Profit Third Party Company must be retained in accordance with the provisions of relevant privacy legislation and CPIC Agency retention and disposal schedules.
    1. 12.6.1. Legible copies of the CNI/CRS standard response messages must be retained in accordance with Section 11 of this policy.

13. CNI/CRS Queries - Standard Response Messages

  1. 13.1 A CPIC Agency must use one of the standard response messages when conducting a CNI/CRS query in support of a Criminal Record and/or Vulnerable Sector Name Check.
  2. 13.2 A CPIC Agency is only permitted to use the Confirmation of a Criminal Record standard response for a Criminal Record and/or Vulnerable Sector (Active Criminal Record Only) Name Check to confirm the existence of an Applicant's criminal record in the RCMP National Repository of Criminal Records.
    1. 13.2.1 Confirmation of a Criminal Record is pursuant to the Identification Verification and Informed Consent requirements in this policy. In particular, requirements for Declaration of a Criminal Record must be met in accordance with Section 9 of this policy.
    2. 13.2.2 A CPIC Agency is not permitted to use Confirmation of a Criminal Record when a Name-based Vulnerable Sector Verification is inconclusive as to the verification of a pardoned sex offender record associated to the Applicant, or for any verification results only relating to "young persons" pursuant to the Youth Criminal Justice Act.
    3. 13.2.3 If the Confirmation of a Criminal Record standard responses is used, the CPIC Agency must also provide the Applicant (or third party as authorized by the Applicant) with the Applicant's Declaration of Criminal Record.
  3. 13.3 For Confirmation of a Criminal Record, the CPIC Agency head or delegate thereof must be satisfied that the records declared by the Applicant match to a registered criminal record in the RCMP National Repository of Criminal Records.
  4. 13.3.1 When the authentication of the Applicant's identity cannot be confirmed in accordance with the requirements for Confirmation of a Criminal Record, the Applicant's fingerprints must be submitted to the RCMP National Repository of Criminal Records in order to complete the verification.

Name-based Criminal Record Verification - General

  1. 13.4 When performing a Name-based Criminal Record Verification, a CPIC Agency must query:
    1. 13.4.1 The RCMP National Repository of Criminal Records (Identification Data Bank).
  2. 13.5 When performing a Name-based Criminal Record Verification, a CPIC Agency is strongly recommended to query:
    1. 13.5.1 CPIC Intelligence Data Bank and CPIC Investigative Data Bank, and;
    2. 13.5.2 Police service records management system(s) where the Applicant resides.
  3. 13.6 For a Name-based Criminal Record Verification, a CPIC Agency shall only send standard response messages to the Applicant or authorized Agent (authorized by the Applicant).
  4. 13.7 For a Name-based Criminal Record Verification, a CPIC Agency may provide a negative standard response message if the CNI/CRS response identifies non-conviction records only and/or youth records only.

Name-based Criminal Record Verification - Standard Responses

Negative – Standard Response

  1. 13.8 When the CNI/CRS query does not identify any possible criminal record associated to the Applicant:

"Based solely on the name(s) and date of birth provided and the criminal record information declared by the applicant, a search of the RCMP National Repository of Criminal Records did not identify any records with the name(s) and date of birth of the applicant. Positive identification that a criminal record does or does not exist at the RCMP National Repository of Criminal Records can only be confirmed by fingerprint comparison. Delays do exist between a conviction being rendered in court, and the details being accessible on the RCMP National Repository of Criminal Records. Not all offences are reported to the RCMP National Repository of Criminal Records."

Incomplete - Standard Response

  1. 13.9 When the CNI/CRS query identifies any criminal record of possible association to the Applicant that does not match to the criminal record information declared by the Applicant:

"Based solely on the name(s) and date of birth provided and the criminal record information declared by the applicant, a search of the RCMP National Repository of Criminal Records could not be completed. Positive identification that a criminal record does or does not exist requires the applicant to submit fingerprints to the RCMP National Repository of Criminal Records by an authorized police service or accredited private fingerprinting company. Delays do exist between a conviction being rendered in court, and the details being accessible on the RCMP National Repository of Criminal Records. Not all offences are reported to the RCMP National Repository of Criminal Records."

CONFIRMATION OF A CRIMINAL RECORD - Standard Response

  1. 13.10 When the CNI/CRS query identifies a criminal record that matches to the criminal record information declared by the Applicant:

"Based solely on the name(s) and date of birth provided and the criminal record information declared by the applicant, a search of the RCMP National Repository of Criminal Records has resulted in a possible match to a registered criminal record. Positive identification that a criminal record does or does not exist at the RCMP National Repository of Criminal Records can only be confirmed by fingerprint comparison. As such, the criminal record information declared by the applicant does not constitute a Certified Criminal Record by the RCMP. Delays do exist between a conviction being rendered in court, and the details being accessible on the RCMP National Repository of Criminal Records. Not all offences are reported to the RCMP National Repository of Criminal Records."

Name-based Vulnerable Sector Verification

  1. 13.11 To conduct a Name-based Vulnerable Sector Verification, a CPIC Agency must be the police service of local jurisdiction where the Applicant resides.
    1. 13.11.1 A CPIC Agency must confirm the identity of an Applicant in person prior to issuing any Vulnerable Sector search results.
  2. 13.12 When performing a Vulnerable Sector Verification, a CPIC Agency must query:
    1. 13.12.1 The RCMP National Repository of Criminal Records, including Pardoned Sex Offender Records (VS:Y);
    2. 13.12.2 CPIC Intelligence Data Bank and CPIC Investigative Data Bank, and;
    3. 13.12.3 Police service records management system(s) where the Applicant resides.
  3. 13.13 Standard response messages for Name-based Vulnerable Sector Verifications must be provided by the CPIC Agency directly to the Applicant or authorized vulnerable sector organization, pursuant to the Criminal Records Act.
  4. 13.14 The CPIC Agency is responsible for releasing the results of a Vulnerable Sector Verification in accordance with federal laws.
    1. 13.14.1 When releasing the results of a Vulnerable Sector Verification, the CPIC Agency head or delegate thereof must be satisfied that the Applicant's identity has been verified in accordance with CPIC Policy, and that the results of the Vulnerable Sector Verification are accurate, up-to-date and complete.
  5. 13.15 For a Name-based Vulnerable Sector Verification, a CPIC Agency may provide a negative standard response message if the CNI/CRS response identifies non-conviction records only and/or youth records only, AND the scoring criteria have not been met for Flagged Pardoned Sex Offender Records (VS: Y).

Negative – Standard Response

  1. 13.16 When the CNI/CRS query does not identify any possible criminal record associated to the Applicant AND the scoring criteria have not been met for Flagged Pardoned Sex Offender Records (VS: Y):

"Based solely on the name(s) and date of birth provided and the criminal record information declared by the applicant, a search of the RCMP National Repository of Criminal Records, including pardoned sex offender records, did not identify any records with the name(s) and date of birth of the applicant. Positive identification that a criminal record does or does not exist at the RCMP National Repository of Criminal Records can only be confirmed by fingerprint comparison. Delays do exist between a conviction being rendered in court, and the details being accessible on the RCMP National Repository of Criminal Records. Not all offences are reported to the RCMP National Repository of Criminal Records."

Incomplete - Standard Response

  1. 13.17 When the CNI/CRS query identifies any criminal record of possible association to the Applicant that does not match to the criminal record information declared by the Applicant AND/OR the scoring criteria have been met for Flagged Pardoned Sex Offender Records (VS: Y):

"Based solely on the name(s) and date of birth provided and the criminal record information declared by the applicant, a search of the RCMP National Repository of Criminal Records, including pardoned sex offender records, could not be completed. Positive identification that a criminal record does or does not exist requires the applicant to submit fingerprints to the RCMP National Repository of Criminal Records by an authorized police service. Delays do exist between a conviction being rendered in court, and the details being accessible on the RCMP National Repository of Criminal Records. Not all offences are reported to the RCMP National Repository of Criminal Records."

  1. 13.17.1 If the scoring criteria have been met for Flagged Pardoned Sex Offender Records (VS: Y), the CPIC Agency will receive the following CPIC system output message:

**FOR SCREENING OF APPLICANTS APPLYING FOR POSITIONS WORKING

**WITH VULNERABLE PERSONS, SUBMIT FINGERPRINTS ON FORM C-216C

**AND CONSENT FORMS TO THE RCMP IDENTIFICATION SERVICES IN OTTAWA.

**NO INFORMATION RELATING TO THIS MESSAGE MAY BE DISCLOSED.

CONFIRMATION OF A CRIMINAL RECORD (Active Criminal Record Only)

  1. 13.18 When the CNI/CRS query identifies a criminal record that matches to the criminal record information declared by the Applicant AND the scoring criteria have not been met for Flagged Pardoned Sex Offender Records (VS: Y):

"Based solely on the name(s) and date of birth provided and the criminal record information declared by the applicant, a search of the RCMP National Repository of Criminal Records, including pardoned sex offender records, has resulted in a possible match to a registered criminal record, but not to a pardoned sex offender record. Positive identification that a criminal record does or does not exist at the RCMP National Repository of Criminal Records can only be confirmed by fingerprint comparison. As such, the criminal record information declared by the applicant does not constitute a Certified Criminal Record by the RCMP. Delays do exist between a conviction being rendered in court, and the details being accessible on the RCMP National Repository of Criminal Records. Not all offences are reported to the RCMP National Repository of Criminal Records."

14. Release of Criminal Record Convictions by Police of Jurisdiction

  1. 14.1 In addition to identifying that an Applicant's Declaration of a Criminal Record has resulted in a Confirmation of a Criminal Record, the CPIC Agency of local jurisdiction where the Applicant resides may also release criminal record information from the RCMP National Repository of Criminal Records, providing that the following conditions are met:
    1. 14.1.1 The CPIC Agency must be the police service of local jurisdiction where the Applicant resides.
    2. 14.1.2 The CPIC Agency confirms the identity of the Applicant, pursuant to CPIC policy.
    3. 14.1.3 The CPIC Agency confirms that the Applicant's declared criminal record possibly matches to a registered criminal record held in the RCMP National Repository of Criminal Records.
    4. 14.1.4 From the RCMP National Repository of Criminal Records, a CPIC Agency is only permitted to release adult criminal convictions and associated criminal record information in accordance with federal laws:
      1. 14.1.4.1 Releasable information includes the Criminal Convictions Conditional and Absolute Discharges and Related Information category of a CPIC search result only. Conditional and Absolute Discharges can only be released if adult criminal convictions are released.
      2. 14.1.4.2 Releasable information must not include the SUMMARY OF POLICE INFORMATION category of a CPIC search result, or Absolute or Conditional Discharges pursuant to section 730 of the Criminal Code if no adult criminal convictions are released.
    5. 14.1.5 The CPIC Agency is only permitted to release criminal record information from the RCMP National Repository of Criminal Records on a document that bears the insignia of the police service of local jurisdiction that is releasing the document. The document must not be a printout of the CPIC search results, and must be absent of CPIC markings.
    6. 14.1.6 The CPIC Agency must clearly identify the following caveats on any document that contains criminal record information from the RCMP National Repository of Criminal Records:
      1. 14.1.6.1 document does not constitute a Certified Criminal Record by the RCMP;
      2. 14.1.6.2 document may not contain all criminal record convictions;
      3. 14.1.6.3 a Certified Criminal Record can only be issued by CCRTIS based on the submission of fingerprints to the RCMP National Repository of Criminal Records.
    7. 14.1.7 The CPIC Agency provides any document containing criminal record information from the RCMP National Repository of Criminal Records directly to the Applicant only.
    8. 14.1.8 Legible copies of any documents issued by a CPIC Agency containing criminal record information from the RCMP National Repository of Criminal Records must be retained by the CPIC Agency in accordance with Section 11 of this policy.
    9. 14.1.9 The release of any document containing criminal record information from the RCMP National Repository of Criminal Records by a CPIC Agency of local jurisdiction is pursuant to the Ministerial Directive Concerning the Release of Criminal Record Information by the Royal Canadian Mounted Police.
      1. 14.1.9.1 It is anticipated that the Ministerial Directive will remain in effect until the RCMP criminal records system is fully automated and fingerprints are required for all criminal record and vulnerable sector verifications. At that point, a new directive will be issued to that effect.

15. Disclosure of a Certified Criminal Record

  1. 15.1 The release of an RCMP Certified Criminal Record is pursuant to the Ministerial Directive Concerning the Release of Criminal Record Information by the Royal Canadian Mounted Police.
  2. 15.2 Fingerprints are required for positive identification before an RCMP Certified Criminal Record may be released for identification purposes.

16. Investigative and Intelligence Databanks and Police Information Portal

  1. 16.1 When accessing the CPIC Investigative and Intelligence Databanks and the Police Information Portal, a CPIC Agency must do so in accordance with applicable CPIC policies and guidelines.

17. Virtual Front Counter

  1. 17.1 A CPIC Agency may enter into an Agreement with a For Profit Third Party Company for the purposes of deploying a Virtual Front Counter to automate a portion of the Criminal Record and/or Vulnerable Sector Name Check process. Any Agreement between a CPIC Agency and a For Profit Third Party Company must be approved by CPIC/CCRTIS policy centres, pursuant to Section 7 of this policy.
  2. 17.2 The Virtual Front Counter must provide for the secure, electronic transmission of data between the For Profit Third Party Company and the CPIC Agency.
  3. 17.3 The CPIC Agency is responsible for the secure transmission of data between a For Profit Third Party Company and the CPIC Agency.
  4. 17.4 A Virtual Front Counter must not involve any connection between a For Profit Third Party Company network/system/application and the National Police Services Network (NPSNet).
  5. 17.5 For a Name-based Criminal Record Verification, the transmission of data may be bidirectional between the CPIC Agency and the For Profit Third Party Company, providing that the For Profit Third Party Company is authorized by the Applicant to receive standard response messages. The Applicant or other authorized Agent (authorized by the Applicant) may receive data electronically, such as standard response messages, from the CPIC Agency.
  6. 17.6 For a Name-based Vulnerable Sector Verification, the transmission of data must be unidirectional only from the For Profit Third Party Company to the CPIC Agency. Data may only be compiled by the For Profit Third Party Company and sent electronically to the CPIC Agency in order to initiate the process.
    1. 17.6.1 The For Profit Third Party Company is not permitted to receive any electronic responses from the CPIC Agency for a Name-based Vulnerable Sector Verification. The Virtual Front Counter may only automate the transmission of data from the For Profit Third Party Company to the CPIC Agency.
    2. 17.6.2 A Virtual Front Counter for Name-based Vulnerable Sector Verifications must adhere to the Criminal Records Act, including verification and disclosure requirements.
    3. 17.6.3 Any Virtual Front Counter involving Name-based Vulnerable Sector Verifications must ensure that Name-based Vulnerable Sector Verifications are conducted by the CPIC Agency of local jurisdiction where the Applicant resides.

18. Accreditation Standards

  1. 18.1 A CPIC Agency must ensure that a For Profit Third Party Company meets the following accreditation standards as a precondition to entering into an Agreement with the For Profit Third Party Company.
    1. 18.1.1 A CPIC Agency must ensure that the For Profit Third Party Company has a designated security officer for the purposes of carrying out the Agreement.
  2. 18.2 The Accreditation standards, and details identifying that the For Profit Third Party Company meets or exceeds the standards, must be identified in the Agreement between the CPIC Agency and the For Profit Third Party Company.
  3. 18.3 A CPIC Agency must retain copies of all documents required to demonstrate that the Accreditation standards have been met, pursuant to Section 11 of this policy.
  4. 18.4 Accreditation Standards:

Verification of Legal Arrangement

  1. 18.4.1 A CPIC Agency verifies the legal arrangement that the For Profit Third Party Company uses to conduct business.
  2. 18.4.2 If the For Profit Third Party Company involves a Sole Proprietorship or Partnership, name of the For Profit Third Party Company and copies of registration documents (where applicable) are required.
  3. 18.4.3 If the For Profit Third Party Company involves a Corporation, the following is required: Name of the corporation and address of the registered office; copy of the Certificate of Incorporation; Name and address of the registered office of the immediate, intermediate, and ultimate parent organization, and the percentage of ownership. For this purpose, a parent is defined as an entity that owns a majority of the corporation's voting securities; copy of a corporate organization chart; if no parent organization(s) exist, a statement to that effect; identification of any foreign ownership; name, citizenship and position title of all executive management of the For Profit Third Party Company.
    1. 18.4.3.1 Any For Profit Third Party Company business licenses obtained at the municipal level must also be identified;
    2. 18.4.3.2 Any For Profit Third Party Company insurance protection must also be identified.

Verification of Personnel

  1. 18.4.5 A CPIC Agency conducts reliability screening of all For Profit Third Party Company personnel involved with the Agreement and any activities in support of the Agreement:
    1. 18.4.5.1 At a minimum, reliability screening must be composed of the following elements: Surname(maiden name) and given name(s); Verification of date of birth; Verification of address for the last five years; Verification of educational and professional qualifications or rade certification or accreditation; Verification of employment history; Assessment of performance reliability and personal character by checking previous employers and identified references; a Fingerprint-based Criminal Record Verification; and a personal credit check;
    2. 18.4.5.2 A CPIC Agency is responsible for assessing and determining the reliability of For Profit Third Party Company personnel;
    3. 18.4.5.3 At minimum, a CPIC Agency must perform reliability screening updates of For Profit Third Party Company personnel every ten (10) years from the date of the original reliability screening checks. Reliability screening updates are recommended every five (5) years from the date of the original reliability screening checks.
    4. 18.4.5.4 A CPIC Agency may require reliability screening updates to occur on a more frequent basis.

Verification of Facilities and Data Safeguarding

  1. 18.4.6 A CPIC Agency is responsible for assessing the security of For Profit Third Party Company facilities involved with the Agreement.
  2. 18.4.7 A CPIC Agency is responsible for demonstrating the security of a For Profit Third Party Company facility by ensuring that a site inspection of the For Profit Third Party Company facility is completed, and that a site inspection report is assessed by the CPIC Agency for approval. A CPIC Agency is responsible for assessing and determining the requirements of a site inspection report in accordance with CPIC policy:
    1. 18.4.7.1 Copies of site inspection reports must be retained by the CPIC Agency in accordance with Section 11 of this policy;
    2. 18.4.7.2 At minimum, a CPIC Agency must ensure that renewal site inspection(s) of For Profit Third Party Company facilities are performed every two years from the date of the original site inspection(s).
      1. 18.4.7.2.1 A CPIC Agency may require renewal site inspections to occur on a more frequent basis.
    3. 18.4.7.3 Site inspection reports must identify any facility clearance levels obtained by the For Profit Third Party Company, including data safeguarding specifications. Reports must also identify procedures for ensuring employee confidentiality regarding data safeguarding, and internal quality control processes.

Verification of Training

  1. 18.5 A CPIC Agency must verify that For Profit Third Party Company personnel have been trained on workflow management system procedures, policies, and laws applicable to conducting Criminal Record and/or Vulnerable Sector Name Checks.
    1. 18.5.1 Applicable security and privacy policies and laws must be identified as part of the training regimen.
Date modified: