DRAFT - Conducting a P/CRCL Audit

fc audit small Participating in (or conducting) an audit of privacy, civil rights, and civil liberties (P/CRCL) protections is one of the key responsibilities for a fusion center P/CRCL Officer. Each fusion center's P/CRCL Policy (62pp | 1.4mb | PDF) requires an annual policy audit to ensure the policy is at least as comprehensive as the guidelines to ensure that the information privacy and other legal rights of Americans are protected in the development and use of the Information Sharing Environment (ISE Privacy Guidelines) (9pp | 130kb | PDF).

In addition, the DHS Fusion Center Annual Assessment of fusion center capabilities includes several questions about conducting an audit on P/CRCL issues. It is a best practice to conduct a comprehensive audit that includes questions on P/CRCL policy implementation.

Below is a representation of the fusion center P/CRCL process from the development of a P/CRCL Policy to conducting an audit and a Civil Rights and Civil Liberties Impact Assessment.

FC audit

Fusion Center Guidance: Compliance Verification vs. Audit

  • P/CRCL Compliance Review The first step for any fusion center is to assess whether the center has the capability to assess implementation of protections described in documentation, to identify areas for improvement, and to correct course if necessary. A compliance review is also a requirement under the Homeland Security Grant Program Requirements.
  • P/CRCL Audits An audit is an assessment of information for an organization, person, or project. Audits provide insight on the internal structure of an organization, root out any misconduct or misapplication of policy, and determine the accuracy of information that the organization, person, or project produces. The goal of an audit is to identify challenges and propose solutions.

Compliance and Audit "Tools"

Audits may be conducted by external entities and/or be initiated internally. There are numerous types of audits (e.g., financial audits, desk audits, self-audits, etc.) that can focus on specific issues. Organizations may also opt to roll several audits into one.

For additional guidance on how to get started, review our audit guidance page.

Source: The DHS Office for Civil Rights and Civil Liberties and the DHS Privacy Office.
Last date page updated: 08/13/13 (CRCL)

Back to Home