CJIS Vendor Management Program - Vendor Instructions
Participation in the CJIS Vendor Management Program requires the following steps for enrollment:
- Carefully review and complete the CBI CJIS Vendor Agreement
- This agreement outlines the responsibilities of the vendor regarding participation in the program and adherence to the CJIS Security Policy. Agreements will be retained by the CBI, and must be resubmitted if the Vendor Representative or Vendor Services Coordinator (VSC) changes.
- Complete an Account Application and IRS Form W-9, Request for Taxpayer Identification Number
- An account is needed not only for identification of the vendor for fingerprint processing, but for billing purposed. Participating vendors will be invoiced monthly for any fingerprint submissions occuring during the previous month.
- Mail the completed forms to the CBI at:
Colorado Bureau of Investigation
Vendor Management Program
690 Kipling Street, Ste. 3000
Denver, CO 80215
- Alternatively, the forms can be emailed to firstname.lastname@example.org.
Once the CBI's Identification Unit approves the vendor and issues an account number, they will notify the vendor by email of the new account number, along with instructions on submitting the fingerprint cards. The account number must be included on all fingerprint submissions or the fingerprint cards may be returned.
Click for an example of how to complete a fingerprint card for the CJIS Vendor Management Program. Please mail fingerprint cards to the address above. Do not submit payment with the fingerprints; please wait for an invoice.
Employee Management and Security Awareness
The CJIS Security Policy states in section 5.2 that "basic security awareness training shall be required within six months of initial assignment, and biennially thereafter, for all personnel who have access to CJI". Peak Performance Solutions provides an easy way for vendors to keep track of personnel Security Awareness certifications through CJIS Online. Upon approval for the program, the Vendor Services Coordinator will be issued a CJIS Online account with administrator access, if one does not already exist. Thereafter, the Vendor Services Coordinator can log in to CJIS Online to add personnel, assign required training, and manage certifications.
The CJIS Online portal also allows the Vendor Services Coordinator to view which employees are authorized to participate in the program. Once the CBI reviews and approves the results of the fingerprint-based background check, authorized personnel will have an entry made by the Colorado Bureau of Investigation in the Fingerprint Information section of the Vendor Employee Details screen.
Employee Separation and Subsequent Arrests
If participating employees no longer work for the vendor, the Vendor Services Coordinator must notify the CBI's CJIS Vendor Management Group immediately (CJIS Security Policy 5.12.2).
While the nationwide subsequent-arrest notification system known as RAP-Back has not yet come to Colorado, Colorado employs its own state-level subsequent arrest notification system. If a participating vendor employee is arrested in Colorado, a notification will be sent to the CBI's Crime Information Management Unit (CIMU). CIMU staff will review the arrest and, if any disqualifying criteria are present, may revoke authorization to participate in the program. In such instances, the Vendor Services Coordinator will be notified as well as the criminal justice agencies with which they contract.
For more information, please contact CJIS Compliance Officer Ted DeRosa at (303) 239-4299 or email@example.com.