DBAA(REGULATION) - EMPLOYMENT REQUIREMENTS AND RESTRICTIONS: PRE-EMPLOYMENT REVIEWS

Criminal History Review

The District will conduct a criminal history record review for a final candidate for employment and will determine through the individualized assessment procedures described below whether the individual should be excluded from employment. [See DBAA(LOCAL)]

Only District employee(s) authorized to view criminal history records will be involved in conducting an individualized criminal history record review.

Notice to Candidate for Employment

Claim of Error in Records

A candidate for employment who has a criminal history record will be notified in writing that he or she may be excluded from employment due to criminal history. The candidate will be given an opportunity to provide additional information concerning his or her criminal history record to be considered as part of the individualized assessment process.

Additional information may include:

If the individual does not provide additional information in a timely manner, the District will proceed with an individualized determination with the information available to the District.

A candidate for employment who claims that the reported criminal history record is erroneous may be provided a copy of the record so that he or she can undertake efforts to correct the record.

Individualized Assessment

In conducting the individualized assessment, the District will consider both the factors described in DBAA(LOCAL) and any additional information provided by the individual. The District may obtain court records, if needed, to validate the information provided.

Using the available information, the District will determine whether or not exclusion from employment is consistent with business necessity.

Offenses for Which Exclusion is Likely

A record of certain offenses carries a high likelihood that the District will exclude the individual from employment. Subject to an individualized assessment, the following classes of offense will likely preclude employment with the District:

Adjudication of Offenses

In considering the adjudication of the offense, the following standards apply.

Conviction

The District will ordinarily treat a conviction as proof of guilt. A conviction record constitutes reliable evidence that a person engaged in the criminal conduct "beyond a reasonable doubt."

Arrest

An arrest record alone does not establish criminal conduct. Before the District makes an employment decision based on an arrest, the District will examine the circumstances surrounding the arrest and will make any necessary inquiries. The District is not required to conduct an extensive investigation to determine the individual's guilt or innocence but need only make inquiries that could shed light on the likelihood of the individual's guilt in committing the underlying offense.

An arrest will be treated as a conviction when inquiries suggest a high likelihood that the individual committed the underlying offense. Where such a determination is not found, the arrest will not be used to take an adverse employment action against the individual.

Deferred Adjudication

A grant of deferred adjudication resulting from a no contest or guilty plea will ordinarily be treated as an admission of guilt. However, the District will make inquiries similar to the inquiries made when an arrest is reported.

When such inquiries suggest a high likelihood that the individual committed the underlying offense, deferred adjudication will be treated as a conviction. Where such a determination is not found, deferred adjudication will not be used to take an adverse employment action against the individual.

Not Guilty, Withdrawn, or Dismissed Charges

For a not guilty, withdrawn, or dismissed adjudication, the individual will be asked to explain, in writing, the circumstances and must provide a certified copy of the court paperwork showing the final disposition of every charge. The District may make additional inquiries into the surrounding circumstances.

The charges will be treated as a conviction when such inquiries suggest a high likelihood that the individual committed the underlying offense. Where such a determination is not found, the criminal history in question will not be used to take an adverse employment action against the individual.

Types of Convictions

If the criminal history record shows a conviction, or if inquiries made during the record review indicate a high likelihood of guilt and/or recurrence, then the following employment restrictions will apply.

Felony

For a felony offense committed within the ten years before application for employment, see Offenses for Which Exclusion is Likely, above.

If the individual committed a felony offense more than ten years before application for employment, the District will determine whether the conviction was for an offense that generally requires exclusion by law or by policy or, if not, whether the underlying offense relates to the duties and responsibilities of the desired position.

The following guidelines will apply:

Class A and B Misdemeanors

An individual may be eligible for employment if the conviction for a Class A or Class B misdemeanor is not related to the duties and responsibilities of the position and/or has occurred more than five years prior.

If the conviction occurred in the past five years and does relate to the duties and responsibilities of the position, and if it is determined there is a high degree of likelihood for the recurrence of the behavior, the employee is ineligible for employment in the District.

Class C Misdemeanors

For a Class C misdemeanor offense involving moral turpitude committed within the ten years before application for employment, as applicable, see Offenses for Which Exclusion is Likely, above.

If convicted of a Class C misdemeanor that does not involve moral turpitude or that occurred more than ten years before application of employment, the District will determine whether the underlying offense relates to the duties and responsibilities of the desired position.

The following guidelines will apply:

Multiple Offenses

An individual with multiple offenses that individually do not make him or her ineligible for employment may be deemed ineligible for continued employment when repetitious criminal behavior indicates a high degree of likelihood for recurrence of the behavior.

Unlisted Criminal History

If a criminal history record does not list an event reported by the candidate for employment, he or she will be asked to explain, in writing, the circumstances for each reported incident. A certified copy of pertinent court paperwork showing final disposition of the charge must be included. The District may make additional inquiries.

Note: For further information regarding the handling of criminal history record information in accordance with federal standards, see the Criminal Justice Information Services (CJIS) Security Policy, Version 5.6

.

Criminal History Record Information

Scope

The following provisions apply to any electronic or physical media containing Federal Bureau of Investigation (FBI) criminal justice information, and its subset, criminal history record information (CHRI), as defined at DBAA(LEGAL).

Point of Contact

The District designates the chief information officer as the point of contact (POC), who will oversee compliance with the user agreement and all aspects of CHRI security.

Proper Access, Use, and Dissemination of CHRI

Authorized Personnel

Only authorized District personnel will access CHRI, and only for authorized purposes. Authorization is based on compliance with Texas Department of Public Safety (DPS) policy or other conditions of access set by information-granting agencies.

The District will conduct a fingerprint-based record check for all personnel who have direct access to CHRI, those who have direct responsibility for configuring and maintaining computer systems and networks with direct access to CHRI, and any persons with access to physically secure locations or controlled areas containing CHRI.

Note: Districts that contract with information technology or human resources service providers to manage activities such as hiring, records retention, media destruction, or document destruction should contact the Texas Department of Public Safety to review the Outsourcing Standards and develop regulations regarding these contractors' handling of CHRI.

Security Awareness Training

The District will require basic security awareness training within six months of initial hire or assignment for all personnel who have access to CHRI. Thereafter, the District will require basic security awareness training every two years.

Physical Security

CHRI will be kept in a location with physical and personnel security controls sufficient to protect the CHRI and associated information systems from unauthorized viewing or access. The perimeter of the physically secure location will be prominently posted and separated from nonsecure locations by physical controls.

Only authorized personnel will have access to the physically secure locations. The District will maintain and keep current a list of authorized personnel. The District will implement access controls and monitor physically secure areas to protect all transmission and display media of CHRI. Authorized personnel will take necessary steps to prevent physical, logistical, and electronic breaches.

Media Protection

The District will put controls in place to protect electronic and physical media containing CHRI while in storage, in transit, or in use. Electronic media include memory devices in laptops and computers, such as hard drives, and any removable, transportable digital memory medium, such as a magnetic tape or disk, backup medium, optical disk, flash drive, external hard drive, or digital memory card. Physical media include printed documents and imagery that contain CHRI.

The District will securely store electronic and physical media within physically secure locations or controlled areas. The District will restrict access to electronic and physical media to authorized individuals. If physical and personnel restrictions are not feasible, then the data shall be encrypted as described in the CJIS Security Policy.

Media Transport

The District will put controls in place to protect electronic and physical media containing CHRI while in transport (physically moved from one location to another) to prevent inadvertent or inappropriate disclosure and use. The District will protect and control electronic and physical media during transport outside of controlled areas and restrict the activities associated with transport of such media to authorized personnel.

Sanitation and Disposal of CHRI

Hard drives, diskettes, tape cartridges, CDs, printer ribbons, hard copies, printouts, and other similar items used to process, store, and/or transmit CHRI will be properly disposed of in accordance with measures established by the District.

Physical Media

Physical media such as printouts will be disposed of by one of the following methods:

Electronic Media

Electronic media such as hard drives, tape cartridges, CDs, printer ribbons, or printer and copier hard drives will be disposed of by one of the following methods:

Information technology systems that have been used to process, store, or transmit CHRI will not be released from the District's control until the equipment has been sanitized and all stored information has been cleared using one of the above methods.

Account Management

The District will manage information system accounts, including establishing, activating, modifying, reviewing, disabling, and removing accounts. The District will validate information system accounts at least annually and shall document the validation process.

All accounts will be reviewed at least annually by the POC or designee to ensure that access to and account privileges on systems that contain CHRI are commensurate with job functions, need-to-know, and employment status. The POC may also conduct periodic reviews.

Remote Access

The District will authorize, monitor, and control all methods of remote access to the information systems that can access, process, transmit, and/or store CHRI. Remote access is any temporary access to an agency's information system by a user (or an information system) communicating temporarily through an external, non-District-controlled network (e.g., the Internet).

The District will employ automated mechanisms to facilitate the monitoring and control of remote access methods. The District will control all remote accesses through managed access control points. The District may permit remote access for privileged functions only for compelling operational needs, but will document the rationale for such access in the security plan for the information system.

Utilizing publicly accessible computers to access, process, store, or transmit CHRI is prohibited. Publicly accessible computers include, but are not limited to, hotel business center computers, convention center computers, public library computers, and public kiosk computers.

Personally Owned Information Systems

A personally owned information system will not be authorized to access, process, store or transmit CHRI unless the District has established and documented the specific terms and conditions for personally owned information system usage. A personal device includes any portable technology, such as a camera, USB flash drives, USB thumb drives, DVDs, CDs, air cards and mobile wireless devices such as Androids, Blackberry OS, Apple iOS, Windows Mobile, Symbian, tablets, laptops, or any personal desktop computer. If bring-your-own-devices (BYOD) are authorized, they will be controlled using the requirements described in the most recent CJIS Security Policy.

Reporting Information Security Events

The District will promptly report incident information to appropriate authorities to include the DPS. Information security events and weaknesses associated with information systems will be communicated in a manner allowing timely corrective action to be taken.

Formal event reporting and escalation procedures will include:

In the event of a security breach, investigation and reporting to appropriate agency(ies) will commence in an appropriate time frame which will be initiated by the La Joya ISD Chief of Police and investigated by the Internal Affairs Department.

Wherever feasible, the District will employ automated mechanisms to assist in the reporting of security incidents.

All employees, contractors, and third-party users will be made aware of the procedures for reporting different types of events and weaknesses that might have an impact on the security of District assets and are required to report to the designated POC any information security events and weaknesses as quickly as possible.

Policy Violation

Violation by an employee of any requirements of this policy or the most recent CJIS Security Policy will result in suitable disciplinary action, up to and including loss of access privileges, termination, and/or civil or criminal prosecution.

Violation by a visitor of any requirements of this policy or the most recent CJIS Security Policy will result in suitable disciplinary action against the sponsoring employee, up to and including loss of access privileges, termination, and/or civil or criminal prosecution.

La Joya ISD

DBAA(REGULATION)-X

LDU 2018.06

DATE ISSUED: 11/20/2018