REVIEW MONTH: OCTOBER Rick Raemisch Executive Director

Transcription

1 ADMINISTRATIVE REGULATION REGULATION NUMBER PAGE NUMBER 1 OF 4 CHAPTER: Facility Security COLORADO DEPARTMENT OF CORRECTIONS SUBJECT: Security Auditing Program RELATED STANDARDS: ACA Standards 2-CO-1A-22 and EFFECTIVE DATE: January 1, 2014 SUPERSESSION: 12/1/11 OPR: DOP REVIEW MONTH: OCTOBER Rick Raemisch Executive Director I. POLICY It is the policy of the Department of Corrections (DOC) to utilize all applicable correctional standards and DOC administrative regulations as a mechanism for self-evaluation; enhancement of security practices, procedures, and processes; and to enhance safety and security within the DOC. The DOC will annually conduct security audits of all DOC facilities, in conjunction with the internal American Correctional Association (ACA) audits. [2-CO-1A-22] [4-4017] II. PURPOSE The purpose of this administrative regulation (AR) is to provide guidelines and delineate responsibilities for the administration of the Security Audit Program in the DOC. The primary purpose of conducting security audits is to identify weaknesses or deficiencies in a particular security operation so that self-corrective actions can be taken. III. DEFINITIONS A. Agency: The unit of a governing authority that has direct responsibility for the operation of a corrections program, including the implementation of policy as set by the governing authority. B. American Correctional Association (ACA) and Commission on Accreditation for Corrections (CAC): Nonprofit organizations that administer a national accreditation program for all components of adult corrections. C. Compliance: Achieved when the agency/facility conforms with a policy or correctional practice statement in each element of the standard or section of the Security Audit Instrument. D. DOC Security Specialist: The DOC employee, with expertise in security practices, whose responsibility is to approve security auditing teams, coordinate the scheduling of audits, and evaluate the completed Security Audit Instrument and Executive Summary. Comprehensive reviews and critical issue follow-ups are scheduled by this individual. E. Executive Summary: A document that summarizes the observations and recommendations, including non-compliant issues, that is submitted to the DOC security specialist for review. This document is given to the administrative head and reviewed by the Prison Operations manager, deputy directors, director, and executive director.

2 CHAPTER SUBJECT AR # Page 2 Facility Security Security Auditing Program EFFECTIVE 01/01/14 F. Internal Audit: An internal review by DOC auditors to determine if national correctional standards, DOC administrative regulations, facility procedures, life/safety, and custody/control issues are being complied with. This audit results in a report to the appointing authority, directors, and executive director and is not normally shared with those outside the DOC. G. Non-Compliance: This occurs when an ACA standard cannot be satisfied by every detail or element contained in the standard. This also occurs when a statement in a segment of the Security Audit Instrument cannot be satisfied. If there is one aspect of the ACA standard that the agency/facility cannot meet, then it is in non-compliance. If there is one segment of any individual section (e.g. tool control, key/lock control) that the agency/facility cannot meet, then the security audit chair will determine whether the entire section is in non compliance based upon the extent of the deficient segments. H. Plan of Action: Developed by the agency/facility to respond to all portions of the Security Audit Instrument that are indicated as non-compliant. It specifies how compliance will be attained. I. Security Audit: An examination of agency/facility records and operations to check their compliance with departmental regulations and sound security practices. This audit is conducted by a DOC employee assigned by the DOC security specialist. This audit results in recommendations and observations to the facility warden/administrative head. J. Security Audit Chairperson: An experienced security auditor, selected by the DOC security specialist, who will lead the Security Audit Team, brief the warden/administrative head daily, and has full responsibility for a thorough audit. This DOC employee will also be responsible to ensure the executive summary and audit instrument are completed and submitted to the DOC security specialist for review within ten days of the completion of the security audit. K. Security Audit Instrument: A document comprised of applicable DOC administrative regulations and sound correctional standards to provide audit guidelines. Auditor knowledge and expertise are utilized in conjunction with the instrument. This document is updated on an annual basis. L. Security Audit Trainee: A DOC employee who has taken the security auditor training and has been approved by the administrative head and DOC security specialist to participate in a DOC security audit. After participating in two security audits, the trainee is a certified security auditor. M. Unscheduled Security Audit: An audit that occurs without the foreknowledge of the facility. Specific sections of the Security Audit Instrument may be utilized to audit the agency/facility. IV. PROCEDURES A. The DOC will administer the Security Auditing Program through the DOC security specialist. B. A Security Audit Instrument will be provided by the DOC security specialist to conduct each security audit. This instrument contains specific administrative regulations for auditing each correctional institution. Each custody/control manager will be provided a current updated copy which can be utilized, and is recommended, to conduct facility inspections. Portions of this instrument are based upon restricted documents. The instrument itself will be treated as a restricted document and confidential. Appropriate safeguards shall be maintained to ensure portions are not seen or come to be in possession of offenders or the general public. C. Formatting for the Security Audit Instrument will be created, updated, and maintained by the Office of Emergency Management. D. Security Audit Compliance: ACA Security audit compliance is based on the mandatory ACA security standards, key/lock control, tool control, force options, and armory management. If the facility passes all of the abovementioned sections they are ACA security audit compliant. Non-compliant Department Security Standards of the Security Audit Instrument will be

3 CHAPTER SUBJECT AR # Page 3 Facility Security Security Auditing Program EFFECTIVE 01/01/14 addressed by the DOC security specialist utilizing the footprints program as an accountability tool. E. Critical Issue Follow-Up audit: This occurs when an agency/facility fails a mandatory section of the Security Audit Instrument. Within 90 days of the agency/facility receiving the executive summary and completed Security Audit Instrument, a follow-up audit will be scheduled. The DOC security specialist will assign a team to conduct a review of agency/facility policy, practice, and procedures within the non-compliant section(s). A report will be generated detailing the findings. A response may be required. F. Internal Auditor Training: Security auditor training is available for any DOC employee who wishes to learn more about the security process; however, the individual must be employed by the DOC for a minimum of two years to participate as an auditor trainee. The DOC Security Auditor Certification Program will, at a minimum, include the following process for volunteer auditors: 1. A volunteer statement (Attachment C ) signed by the interested DOC employee, and approved by the DOC employee s administrative head, shall be forwarded to the DOC security specialist. The DOC employee will not be added to the security auditor trainee list until the approved form is received by the security specialist and the training has been completed. 2. Attendance at the eight hour DOC training course, DOC Security Internal Auditor Training. 3. Participation in two facility/office internal audits as a trainee. 4. When the DOC employee completes all components of the training certification program, the employee shall submit Attachment C, Page 2, to the DOC security specialist. A certificate will be issued to the DOC employee, by the DOC security specialist. 5. All other certified internal security auditors shall participate in a minimum of one internal audit per year, dependent upon space availability. 6. An internal auditor may be decertified for any of the following: a. Failure to participate in the minimum required audits per year, unless the security audit schedule precludes participation. b. At the request of a certified auditor s administrative head. c. For just cause, as determined by the administrative head or DOC security specialist. G. The DOC security specialist will: 1. Update and maintain the Security Audit Instrument to be utilized during each DOC security audit. 2. Review the executive summary and Security Audit Instrument completed by the security audit chairperson. 3. Submit the executive summary to the appropriate director and the executive director. Forward the completed executive summary and Security Audit Instrument for inclusion in the final ACA report. 4. Enter non-compliant deficiencies into the Footprints program for a plan of action response by the audited facility. 5. Schedule critical issue follow-up audits, when a facility fails a mandatory section of the instrument, within 90 days of the facility receiving the completed Security Audit Instrument and the executive summary. If necessary, a review team may

4 CHAPTER SUBJECT AR # Page 4 Facility Security Security Auditing Program EFFECTIVE 01/01/14 be assembled prior to the 90 days to provide the administrative head with a comprehensive report regarding a significant deficiency. 6. Provide technical assistance to facilities in preparing for security audits. 7. Schedule and coordinate internal audits and audit teams. 8. Develop and update security audit training as needed. V. RESPONSIBILITY A. It is the responsibility of administrative heads to comply with this administrative regulation. B. It is the responsibility of the DOC security specialist to ensure compliance with this administrative regulation and review and update this administrative regulation annually. C. It is the responsibility of the security auditor to find a replacement from his/her facility if he/she cannot participate in the security audit that was previously requested and scheduled. VI. AUTHORITY CRS Duties of the executive director. VII. HISTORY December 1, 2010 November 1, 2009 November 1, 2008 July 15, 2008 July 15, 2007 ATTACHMENTS: A. AR Form A, Executive Summary Format B. AR Form B, Sample Security Audit Instrument Table of Contents C. AR Form C, Security Internal Auditor Training Program D. AR Form A, Administrative Regulation Implementation/Adjustments

5 AR Form A (01/01/14) STATE OF COLORADO COLORADO DEPARTMENT OF CORRECTIONS Executive Director s Office 2862 South Circle Drive Colorado Springs, CO Phone: (719) Fax: (719) Web: John W. Hickenlooper Governor Rick Raemisch Executive Director M E M O R A N D U M DATE: TO: Director of Prisons FROM: SUBJECT: Executive Summary (Facility name Security Audit) Emergency Plan (DOC employee name): (Each section must be listed with the name of the DOC employee who was assigned that section - include both positive and negative statement(s). Include the names of DOC employees who were exceptionally helpful and/or knowledgeable. If there are no comments, then a statement should be made that All areas were compliant in this section, or No non-compliant issues in this section. ) Recommendations: (Document any issues which were discovered and any which were remedied during the audit. Include any training issues.) Inspection of Maintenance and Security Devices (DOC employee name): Recommendations: If any section was not completed then state why. General Comments: (Overall assessment of the facility, DOC employees, facility environment, security practices and procedures, etc.) Copy the warden/administrative head of the facility that was audited and the DOC security specialist. Attachment A Page 1 of 1

6 COLORADO DEPARTMENT OF CORRECTIONS SECURITY AUDIT INSTRUMENT TABLE OF CONTENTS 2013/2014 AR Form B (01/01/14) TITLE AR NUMBER EFFECTIVE DATE Hostage Policy AR RD Offender Counts AR Inspection and Maintenance of Security AR RD Devices Searches to Control Contraband AR Key/Lock Control AR Tool Control AR Post Orders AR Use of Force Options AR RD Facility Access and Control AR Incident Management System AR RD Armory Management and Practices AR RD Vehicle Transportation of Offenders AR RD Control Center Operations AR RD Security Monitoring Exercises AR RD Prison Rape Elimination Procedure AR June 15, 2012 First Responders/Mobilization AR RD September 1, 2011 Attachment B Page 1 of 1

7 COLORADO DEPARTMENT OF CORRECTIONS SECURITY INTERNAL AUDITOR TRAINING PROGRAM AR Form C (07/15/07) In accordance with administrative regulation , section IV.F, I hereby volunteer to participate in the Colorado Department of Corrections (DOC) Security Internal Auditor Training Program. I understand that I must complete all phases of the DOC Security Internal Auditor Training Program in order to achieve certification as a DOC security internal auditor. I understand that only a certified auditor may participate in the internal audit process as a security auditor. Signature of DOC Employee Facility Supervisor Signature Work Unit Approved/Disapproved Facility/Office Administrative Head Attachment C Page 1 of 2

8 AR Form C (07/15/07) DOC Employee Name: I. For those DOC employees who have been approved for participation in the DOC Security Internal Auditor Training Program, the following elements must be signed off by the appropriate approving officials: A. Completion of DOC Training Course, DOC Security Internal Auditor Training: Course Instructor B. Training for Internal Audits: Security Audit Chair Security Audit Chair II. Submit to Administrative Head for final approval/disapproval: Administrative Head III. Administrative head forward to DOC security specialist. IV. Auditor certification issued: DOC Security Specialist Attachment C Page 2 of 2

9 ADMINISTRATIVE REGULATION IMPLEMENTATION/ADJUSTMENTS AR Form A (04/15/08) CHAPTER SUBJECT AR # EFFECTIVE Facility Security Security Auditing Program /01/14 (FACILITY/WORK UNIT NAME) WILL ACCEPT AND IMPLEMENT THE PROVISIONS OF THE ABOVE ADMINISTRATIVE REGULATION: [ ] AS WRITTEN [ ] NOT APPLICABLE [ ] WITH THE FOLLOWING PROCEDURES TO ACCOMPLISH THE INTENT OF THE AR (SIGNED) Administrative Head (DATE) Attachment D Page 1 of 1