Houston Police Department

HPD Vendor Certification


CJIS Home | CJIS Security Awareness Audio Video | TCIC-NCIC Practitioner English Video

Police Department Logo

 

Thank you for your interest in working with the Houston Police Department to enhance the services we provide to the citizens of our great city. The Houston Police Department recognizes that by allowing physical or logical (electronic) access to HPD facilities or network resources, people may gain access to information or systems they are statutorily prohibited from accessing. In compliance with state and federal regulations, the Houston Police Department is required to document and investigate access requests to be sure access is necessary and legally sound.

Please take a moment to review the information contained in this Website. There are several forms included herewith that must be legibly completed in black ink, or filled in on a computer. Certain forms must be completed if physical access is necessary and others must be completed in the event logical access is necessary. This check-list will attempt to provide you direction regarding the forms necessary for your level of access. If you have any questions or need additional information, please contact your project manager, vendor sponsor or call the CJIS Compliance Unit at 713-308-9018.

 

We highly recommend that you use this check-list as a way to verify you are returning the correct forms for the level of access you need. Since some of these forms are time-sensitive and must be processed through different channels, incomplete submissions may delay your access request or require you to resubmit additional paperwork. In some cases, we can expedite your access request by processing faxed or e-mailed copies of your signed forms; however, please be advised that we MUST have signed originals of all paperwork in our files within ten (10) working days of the date your access request is granted or we are required to terminate your access privileges. This requirement is not negotiable as it is necessary for our compliance with state and federal regulations. Deliver completed forms to the Houston Police Department CJIS Compliance Unit, 1200 Travis, Room 1577,Houston, TX 77002.

 

As a reminder, some of the documents contained on this site are considered sensitive in nature and have a Sensitive but Unclassified (SBU) designation. Improper disclosure of these documents could affect the conduct of government programs, impair law enforcement activities, or violate the privacy of individuals. Therefore, contractors and noncriminal justice agencies ensure the submission of documents is through a secured method and receipt of such documents is verified with the CJIS Compliance Unit.

 

 

Install Microsoft Word Viewer Install Microsoft Word Viewer Install Adobe Acrobat Reader Install Adobe Acrobat Reader

 

 

The following forms must be submitted for each company or vendor that will be accessing HPD facilities or HPD network environments. Only one form must be completed for each company or vendor employee:

 

(The forms below are in .pdf unless otherwise indicated. Click each icon to access the forms)

 

 

CJIS Icon

 

Security Addendum - A multi-page packet required for each vendor to complete if not included in previously entered contracts. The addendum is required by vendors only if employees need "Unescorted" physical or logical access to police facilities, network data systems or secured areas where Criminal Justice Information (CJI) may be accessible. The Security Addendum packet must be completed in a timely manner in order to file with the Texas Department of Public Safety (DPS) CJIS Security Committee BEFORE employees are allowed to work "Unescorted" in secured areas where CJI may be transmitted, processed or stored. The approval process could take several weeks to finalize, so please plan accordingly.

 

CJIS Icon

 

Contractor Employee Reference Documentation – Code of Federal Regulations Title 28, Part 20 – Criminal Justice Information Systems. Each employee performing work on computer systems or networks, or in law enforcement facilities, that store, process, transact, or transmit must be aware of the federal regulations pertaining to the protection of those systems, networks, or facilities. A copy of the referenced document must be afforded to each employee authorized to work "Unescorted" within the specified police facilities where CJI is accessible.

 

CJIS Icon

 

Contractor Employee Reference Documentation NCIC2000 Manual – National Crime Information Center (NCIC) System 2000 introduction, system description, policies, standards, and sanctions for non-compliance. Each employee performing work on computer systems or networks, or in law enforcement facilities, that store, process, transact, or transmit must be aware of the federal regulations pertaining to the protection of those systems, networks, or facilities. A copy of the referenced document must be afforded to each employee authorized to work "Unescorted"within the specified police facilties where CJI is accessible.

 

CJIS Icon

 

CJIS Security Policy - The essential premise of the CJIS Security Policy is to provide appropriate controls to protect the full lifecycle of Criminal Justice Information (CJI), whether at rest or in transit. The CJIS Security Policy provides guidance for the creation, viewing, modification, transmission, dissemination, storage, and destruction of CJI data. This policy applies to every individual—contractor, private entity, noncriminal justice agency representative, or member of a criminal justice entity—with access to, or who operate in support of, criminal justice services and information.

 

TXDPS Icon

 

Contractor Employee Reference Documentation – Texas Government Code 411.083 thru 411.085 pertaining to unauthorized access, use, or disclosure of criminal history record information.  Each employee performing work on computer systems or networks, or in law enforcement facilities, that store, process, transact, or transmit must be aware of the state regulations pertaining to the protection of those systems, networks, or facilities.  Failure to abide by state regulations could result in severe civil or criminal penalties.

 

Small HPD Logo

 

Security Addendum Certification Form - Each employee performing work under a security addendum must complete a security addendum certification form. Prior to commencing on-site work, your project manager or vendor sponsor must coordinate with the HPD CJIS Compliance Unit to ensure contract employees are vetted accordingly through the HPD Employee Services Division. CJIS vetting involves national fingerprint based- background checks to ensure contractors with "Unescorted" access to areas where CJI is accessible meet the Texas CJIS Systems Access policy.

Additional forms to be completed and submitted along with the employee "Security Addendum Certification Sheet."

 

Small HPD Logo

 

Authorization for Release of Personal Information – Each employee performing work under a security addendum must consent to signing the form in order for HPD to conduct a national fingerprint based-background check and criminal history review.. The criminal history record must be in accordance with the minimum guidelines specified within the Texas CJIS Systems Access Policy. This form must be signed by a witness who can attest to the authenticity of your signature.



TXDPS Icon

 

TCIC/NCIC Criminal Justice Practitioner's Training Video Acknowledgement Form – Each employee performing work under a security addendum must complete the minimum TCIC/NCIC training.. For employees outside the Houston area that need access into HPD networks the video may be watched on-line TCIC-NCIC Practitioner English Video The link will open a new window that will run the video. Once the employee has completed watching the video, they are required to complete the Practitioner's 2-Hour Video Acknowledgement Form and turn it in with their packet.



TXDPS Icon

 

CJIS Security Awareness Training Acknowledgement Form - Persons authorized to have direct access to CJIS-regulated data, such as criminal history information, or computer systems than interact directly with CJIS-regulated data must undergo a minimum of eight (8) hours of TCIC/NCIC training as designated by the Criminal Justice Information Systems (CJIS) Compliance Office. Access is understood to be any contact with an HPD computer system that is connected to the HPD network.

Training is offered by way of this HPD audio video named, " CJIS Security Awareness. " The Houston Police Department provides the training video if such training is not available through your company. Your r project manager or vendor sponsor can arrange the Security Awareness Training viewing on-site, if necessary. In all cases, you must submit a signed CJIS Security Awareness Training Acknowledgement Form attesting that you have attended the training before you are allowed any type of computer or IT related access. Please understand, this training is mandated every two years by the State of Texas and any Security Awareness training sponsored and completed outside of the Houston Police Department may be audited by the State of Texas.



Small HPD Logo

 

Identification Information Form (CJIS) – Every non-police employee must provide a complete and legible copy of this form in order to facilitate national fingerprint based background check submissions for state and federal government processing.. This form is maintained by the HPD Identification Division along with your fingerprint cards.

 

 

Small HPD Logo

 

Valid driver’s license or valid government-issued identification card - Each employee performing work under a security addendum must submit one (1) legible copy of their valid driver’s license or valid government-issued identification card.  Please note that the address of your residence must be current and correct.

 

 

In addition to the forms listed above, the following forms must be submitted for each company or vendor employee that will be accessing HPD facilities or network environments via logical (remote) access methods:

 

 

Small HPD Logo

 

Two (2) state approved (Texas) Fingerprint Cards - Each employee performing work under a security addendum must provide two (2) fingerprint cards. One set of prints will be e retained by the Houston Police Department and the second set is forwarded to the Texas Department of Public Safety CJIS Compliance Office. Fingerprints must be processed by a local law enforcement agency in order to qualify for submission to the Houston Police Department.. Provide the two (2) fingerprint cards to your company project manager for submission to the Houston Police Department CJIS Compliance Unit.

 

City of Houston Seal

 

City of Houston Security Clearance Remote Access form - Each employee performing work under a security addendum that is requesting remote access by way of a Virtual Private Network (VPN) or some other method must submit a complete and legible copy of this two-page form.  Failure to submit this form could result in a delay in your ability to access the HPD network.

 

Small HPD Logo

 

HPD Network Remote Access AgreementEach employee performing work under a security addendum in a way that will utilize any remote access method to interact with the Houston Police Department’s computer systems must submit a complete and legible copy of this form.  Please carefully read the form as signing it signifies that you are aware of and will comply with the requirements it contains.

 

Small HPD Logo

 

HPD Security Baseline Questionnaire - This one-page form is necessary so the Houston Police Department can establish the security state of each computer that will be used to gain remote access to the police department’s computer systems and networks.  A form is required for each computer that will accomplish remote access.  If multiple employees will be using a single computer, only one employee must submit a form for that computer.  If an employee will use more than one computer, a separate form must be completed for each computer the employee will use.  The Houston Police Department reserves the right to audit remote access network connections for compliance and may reject or revoke connections from computers that are not in a secure operating state.