Combined DNA Index System Operational and Laboratory Vulnerabilities
Audit Report 06-32
May 2006
Office of the Inspector General
In conducting the OIG’s CODIS laboratory audits, we considered the following elements of the NDIS participation requirements and the QAS. However, we did not test for compliance with elements that are not applicable to the laboratory. In addition, the OIG has established standards to test the completeness and accuracy of DNA profiles and the timely notification of law enforcement when DNA profile matches occurred in NDIS. Further, we considered applicable state legislation, specific to each location audited, as part of our testing of convicted offender DNA profiles. NDIS Participation Requirements The NDIS participation requirements, which consist of the MOU and the NDIS operational procedures, establish the responsibilities and obligations of laboratories that participate in NDIS. The MOU requires that NDIS participants comply with federal legislation and the QAS, as well as NDIS-specific requirements accompanying the MOU in the form of appendices. Audit criteria for the OIG CODIS laboratory audits includes the following requirements from MOU Appendix A – NDIS Responsibilities.
Audit criteria for OIG CODIS laboratory audits also includes the following operational procedures from MOU Appendix C ‑ NDIS Procedures Manual.58 The remainder of the manual consists of sets of procedures outside the scope of the OIG CODIS laboratory audits. DNA Data Acceptance Standards59 Interpretation of DNA Profiles (Sections 6.4.2 and 6.4.3) – Only forensic profiles derived from forensic evidence matching the suspected perpetrators or an unknown individual can be uploaded to NDIS. Profiles clearly matching the victim or any known person other than the suspected perpetrators cannot be uploaded to NDIS. In the case of mixtures, the profile must not contain any portion of the analysis results that clearly belong only to the victim; a mixture that cannot be clearly separated into a portion matching the victim or other known person and the portion matching the suspected perpetrator is allowable. Add a User from a Participating Laboratory to NDIS Adding a State or Local CODIS User to NDIS (Section 4.0) – Adding state or local CODIS users to NDIS can occur under two circumstances. First, users may be added when a state begins to participate in NDIS. Second, users may be added periodically as states add new CODIS users. To add a user, the designated state official will send a letter to the NDIS Custodian requesting the addition. The letter must be accompanied by:
The letter shall include a certification by the designated state official that all qualified DNA analysts being added will undergo external proficiency testing as required by the DNA Identification Act and the MOU. DNA Data Accepted at NDIS Annual Reminder for Users (Section 5.0) – At the beginning of each calendar year, on an annual basis, the CODIS administrator shall ensure that each user (personnel who have log-in access to the CODIS system and or qualified DNA analysts who are responsible for producing the DNA profiles stored in NDIS) is reminded of the categories of DNA data accepted at NDIS. The CODIS administrator shall then have each user confirm they have received their annual reminder and understand and will abide by the DNA data acceptance requirements. Completed annual reminders for each user shall be filed and maintained by the CODIS administrator and available for inspection. Review of External Evaluations Notification of External Evaluation and Forwarding of Evaluation Documents (Section 6.1) – It shall be the responsibility of the NDIS Participating Laboratory to arrange and schedule an external QAS evaluation once every two years. After January 1, 2002, the NDIS Participating Laboratory shall have only those persons who have successfully completed the FBI training course for the QAS Audit Document perform such external QAS evaluation. The NDIS Participating Laboratory shall notify the NDIS Custodian once the external QAS evaluation has been conducted and the evaluation report will be forwarded for review within 30 days of the laboratory’s receipt of the report. The NDIS Participating Laboratory shall include with the evaluation report any clarifications, responses and or corrective action plans or documents (hereinafter referred to as “evaluation documentation”), as appropriate. The NDIS Custodian shall acknowledge this communication. If the NDIS Participating Laboratory is unable to forward the required evaluation documentation within 30 days, the NDIS Participating Laboratory shall notify the NDIS Custodian to request an extension of time for sending the required evaluation documentation. Confirming an Interstate Candidate Match Responsibilities (Sections 3.2 and 4.2) and Procedures (Sections 3.3 and 4.3) – Candidate matches must be resolved within 30 calendar days. Resolution is refuting or confirming that the candidate match is a valid match. Laboratories are to document the disposition of a candidate match. Further, for confirmed matches, the documentation is to include the interaction between the two laboratories and the notification to law enforcement of the match for unsolved cases. Expunging a DNA Profile Responsibilities (Section 3.0) – Included in the DNA Analysis Backlog Elimination Act of 2000 was a requirement for states to expunge the DNA profiles of persons whose qualifying convictions had been overturned. This Act was effective December 19, 2001, and requires that states participating in NDIS “shall promptly expunge from that index the DNA analysis (DNA profile) of a person included in the index by that state if the responsible agency or official of that state receives, for each conviction of the person of an offense on the basis of which that analysis (profile) was or could have been included in the index, a certified copy of a final court order establishing that such conviction has been overturned.” A participating state shall have procedures in place for expunging a DNA profile, regardless of whether or not its state DNA law requires it. Quality Assurance Standards The FBI issued two sets of quality assurance standards – the Quality Assurance Standards for Forensic DNA Testing Laboratories, effective October 1, 1998, (Forensic QAS); and the Quality Assurance Standards for Convicted Offender DNA Databasing Laboratories, effective April 1, 1999, (Offender QAS). The Forensic QAS and the Offender QAS describe the quality assurance requirements that the laboratory should follow to ensure the quality and integrity of the data it produces. For the OIG CODIS laboratory audits, we generally relied on the reported results of the laboratory’s most recent annual external evaluation to determine if the laboratory was in compliance with the QAS. Additionally, we performed audit work to verify that the laboratory was in compliance with the quality assurance standards listed below, because they have a substantial effect on the integrity of the DNA profiles uploaded to NDIS.
(Offender QAS Standard 12.1) – The laboratory shall have and follow written procedures for reviewing database sample information, results, and matches. Office of the Inspector General Standards The OIG has established standards to test the completeness and accuracy of DNA profiles and the timely notification of law enforcement when DNA profile matches occur in NDIS. We test for compliance with these standards as part of our CODIS laboratory audits.
Footnotes
|
« Previous | Table of Contents | Next » |