The Federal Bureau of Investigation's Implementation of the
Laboratory Information Management System

Audit Report 06-33
June 2006
Office of the Inspector General


Introduction


Background

The collection, preservation, and forensic analysis of physical evidence are often crucial to the successful investigation and prosecution of crimes. The Federal Bureau of Investigation’s (FBI) laboratory, located in Quantico, Virginia, is one of the largest and most comprehensive forensic laboratories in the world. The laboratory not only supports FBI investigations, but also provides forensic and technical services to federal, state, local, and foreign law enforcement agencies. The FBI’s laboratory annually conducts over one million examinations involving analyses of physical evidence ranging from blood and other biological materials to explosives, drugs, and firearms. Laboratory examiners also provide expert witness testimony on the results of forensic examinations.

To keep a record of evidence provided to the laboratory for analysis, the FBI uses the Evidence Control System (ECS), created in 1978. The Laboratory Division converted this antiquated system to a database in 1998, but the ECS still has limited functionality. One FBI programmer developed the current version of ECS, and as new releases of database software become available, the database has been upgraded. The FBI currently uses Microsoft’s Access 2002 as the ECS database software.

The ECS system represents an “in and out” tracking system. Evidence is entered into the system when it arrives at the laboratory, and the system documents: (1) the control number for the evidence, (2) when an analysis has been performed on the evidence, and (3) when the evidence leaves the laboratory. Except for this information in the ECS, the laboratory relies completely on paper documentation that follows a piece of evidence as it passes through the laboratory’s various sections. Each section of the laboratory enters data into its own computers. However, these files are immediately printed out and paper copies, rather than an electronic file, are relied on to track the evidence and the work performed. In addition, the data entered into a section’s individual computers are not linked to provide an overall management view of where the evidence is located, what analyses have been completed, or how long each step of the process is taking.

One laboratory official described the current system as very limited, and stated that when evidence is returned to the originator, its departure from the laboratory is not always entered into the ECS. As a result, FBI managers are unable to identify with certainty the evidence contained in the laboratory at any point in time or its progress in being examined and analyzed. Moreover, another laboratory official stated that only one person is familiar with the ECS database, a programmer from the FBI’s Information Technology Operations Division (ITOD). The laboratory employee who created the original system has retired. The official also pointed out that despite available technology, the FBI continues to use a labor-intensive manual system. Each laboratory unit enters the same routine information, such as case number, date collected, and the submitting agency, for each item of evidence as it is passes from one unit to another for continued processing.

In comparison to the laboratory’s limited database, modern commercial-off-the-shelf (COTS) laboratory information systems can provide many useful functions, including: the ability to track evidence throughout the analysis process; Internet capabilities that allow external agencies to review and request information about evidence they have submitted; extensive reporting, workload analysis, and responses to ad-hoc querying; on-line help; and data searching.

Pre-acquisition Activities

The FBI’s laboratory hired a contractor in 1998 to assist in the development of requirements for an information management system to replace the ECS. The contractor also evaluated COTS systems. However, the FBI’s Laboratory Division was unable to fund the project at that time.

In 2002, the Laboratory Division reprogrammed funds to replace the ECS with a modern information system. The system requirements developed by the contractor in 1998 were updated and validated through Joint Application Development (JAD) sessions.8 JAD session participants included FBI personnel from the laboratory and other divisions. A contractor assisted with IT support and administrative tasks related to the proposed project, including facilitating and documenting the JAD sessions. The requirements resulting from the JAD sessions were then used in developing a Request for Proposal (RFP), issued in February 2003 to solicit bids for developing the new system.

A firm-fixed-price contract with a base year and four additional 1-year option contracts was to provide the laboratory with:9

  • a customized COTS information management system;

  • bar-code peripheral devices and software, used to label and track evidence as it enters the laboratory;

  • training;

  • help desk services, maintenance, and operational support; and

  • technical enhancements and upgrades to the application software.

The statement of work explained that the new system would:

  • streamline the examination process,

  • track evidence through the examination process,

  • provide quality and inventory control, and

  • provide management information relating to efficiency measures.

For example, if another laboratory needed any information on an item of evidence, FBI management would be able to log into the system, easily locate the evidence, and determine where the evidence was in the laboratory examination process and what needed to be completed. Laboratory managers would also be able to determine the length of time the evidence was at each stage of the testing and analysis.

The FBI also required bidders’ products to support the many responsibilities associated with the operation of a large and modern forensic laboratory by providing a repository for laboratory data as well as tools for accessing, processing, analyzing (providing performance metrics), and reporting the data. The RFP included 200 requirements in 7 categories: (1) functional requirements, (2) external interface requirements, (3) performance requirements, (4) design constraints, (5) security and legality, (6) data base requirements, and (7) system support and maintenance. Examples of the RFP requirements include the identification and tracking of evidence, a web-browser interface, and full-time user support.

The FBI received and began evaluating six responses to the RFP in early 2003. The Laboratory Division formed cost and technical committees to evaluate the proposals. The cost committee was comprised of personnel from the FBI’s Finance Division, and the technical committee was comprised of personnel from the Laboratory Division. The evaluations included an examination of each bidder’s costs based on the requirements listed in the RFP. The FBI’s technical review committee completed its evaluation of the bidders’ responses to the RFP in June 2003.

The FBI rated JusticeTrax, Inc., of Mesa, Arizona, as the lowest cost, qualified bidder for its Laboratory Information Management System (LIMS).10 The technical committee rated JusticeTrax as follows.

AREA

RATING

Technical – Functional Requirements

Acceptable

Technical – Performance Plan

Exceptional

Past Performance

Exceptional

Management

Exceptional

The FBI’s evaluation of the JusticeTrax proposal cited some strengths but also areas of risk. Examples of JusticeTrax’s strengths were: (1) It had a mature COTS system used by organizations with missions similar to the FBI’s, including the Royal Canadian Mounted Police Forensic Services Laboratory; and (2) LIMS was already integrated with bar-code scanner and printers that could be provided for testing within 15 days and for implementation within 45. Although the committee assessed LIMS as meeting the laboratory’s mission- critical needs, the evaluation also identified two key risks in addition to an ambitious delivery schedule: (1) because JusticeTrax is based in Arizona, it needed to hire employees to work on the project in Virginia, train them, and have them obtain security clearances within the timeframe proposed; and (2) the JusticeTrax product required significant customization of its software to meet the FBI’s requirements such as security standards, migrating data from the ECS, and providing the capability to issue alerts and notices. Another concern was that JusticeTrax did not have the capability to provide web-browser connectivity immediately, but instead proposed converting its LIMS product to a web-based application in early 2004.

JusticeTrax LIMS Product Selected

Based on its evaluation of the six proposals received in response to its RFP, the FBI awarded JusticeTrax a $4.3 million contract in September 2003 to customize its LIMS product for the FBI’s laboratory.11 The award included a base year of $1.6 million and 4 additional 1-year option contracts. The base year was September 2003 to September 2004. Rather than developing a separate contract document that included all of the RFP requirements for the information system, the FBI adopted JusticeTrax’s response to the RFP as the contract by attaching a signature page to the proposal. This proposal covered all the FBI’s LIMS requirements, which included weak and generally worded security requirements. According to JusticeTrax’s proposed project plan, the basic LIMS installation, training, and deployment were to be completed in December 2003, or 90 days after the contract award. The full LIMS implementation — including customization, enhancements, and testing — was to be completed in February 2004, or 5 months after the contract award. The additional option year contracts were to provide future enhancements such as software updates and maintenance of the LIMS product.

Prior Reports

The Office of the Inspector General (OIG) and the Government Accountability Office (GAO) each issued reports in 2002 recommending that the FBI establish an Information Technology Investment Management (ITIM) process to guide the development of its IT investments and avoid investing in IT that does not support its mission (see Appendix 3 for a listing of the reports related to the FBI’s IT management.)12 In response to these recommendations, the FBI established a Life Cycle Management Directive (LCMD) in 2004, the year after the FBI awarded the LIMS contract. The LCMD established policies and guidance applicable to all FBI IT programs and projects covering all elements of an IT system’s life cycle including planning, acquisition, development, testing, and operations and maintenance. Using the LCMD in the development of IT projects should enhance the FBI’s ability to manage IT programs and projects, leverage technology, build institutional knowledge, and ensure development is based on industry and government best practices. The LCMD also included certification and accreditation testing to ensure adequacy of IT systems security. (The LCMD is further explained in Appendix 4.) In addition to an ITIM process, the FBI continues to work on an Enterprise Architecture to further ensure that investments are made in an enterprise-wide decision.13

In May 2004, the OIG issued a report entitled The FBI DNA Laboratory: A Review of Protocol and Practice Vulnerabilities. This report discussed certain vulnerabilities in the FBI’s DNA laboratory. One of the vulnerabilities led to a recommendation for an information management system. Given the benefits of evidence tracking and chain-of-custody documentation, the report noted that successful implementation of such a system should be one of the laboratory’s top administrative priorities.



Footnotes
  1. JAD sessions, attended by system users and others interested in developing information technology (IT) solutions, help evaluate system requirements.

  2. A firm-fixed-price contract provides for a price that is not subject to adjustments for the actual costs in performing work under the contract. The contract for the information system also provided for cost-reimbursable delivery orders to migrate the ECS data into the new system. Cost-reimbursable contracts pay allowable incurred costs to the extent prescribed in the contract.

  3. The JusticeTrax product is called the Laboratory Information Management System–plus. We refer to the system as LIMS throughout this report.

  4. The JusticeTrax website, www.justicetrax.com, states that it has experience in software development, customization, integration, testing, and training. Additional services include data migration, custom report development, training, and enhanced network support.

  5. The Department of Justice, Office of the Inspector General. The Federal Bureau of Investigation’s Management of Information Technology Investments, Audit Report Number 03-09, December 2002. The Government Accountability Office. Campaign Finance Task Force Problems and Disagreements Initially Hampered Justice’s Investigation, Report Number GAO/GGD-00-101BR, May 2002.

  6. According to the GAO, an Enterprise Architecture is a set of descriptive models such as diagrams and tables that define, in business and technology terms, how an organization operates today, how it intends to operate in the future, and how it intends to invest in technology to transition from today’s operational environment to tomorrow’s.



« Previous Table of Contents Next »