CJIS Vendor Management Program - Vendor Instructions


Participation in the CJIS Vendor Management Program requires the following steps for enrollment:

  • Carefully review and complete the CBI CJIS Vendor Agreement
    • This agreement outlines the responsibilities of the vendor regarding participation in the program and adherence to the CJIS Security Policy. Agreements will be retained by the CBI, and must be resubmitted if the Vendor Administrator changes.
  • Complete an Account Application and IRS Form W-9, Request for Taxpayer Identification Number
    • An account is needed not only for identification of the vendor for fingerprint processing, but for billing purposed. Participating vendors will be invoiced monthly for any fingerprint submissions occuring during the previous month.
  • Submit a copy of an existing contract with a Colorado criminal justice agency. If your company provides services which involve direct handling of CJIS data (document shredding, IT services, software support, etc.), the contract must include the CJIS Security Addendum by reference.
  • Mail the completed documents to the CBI at:
    Colorado Bureau of Investigation
    Vendor Management Program
    690 Kipling Street, Ste. 3000

    Denver, CO 80215

Once the CBI's Identification Unit approves the vendor and issues an account number, they will notify the vendor by email of the new account number, along with instructions on submitting the fingerprints. The correct account number assigned to your company must be used, or the fingerprint submission may be rejected.

Employee Management and Security Awareness

The CJIS Security Policy states in section 5.2 that "basic security awareness training shall be required within six months of initial assignment, and biennially thereafter, for all personnel who have access to CJI". Peak Performance Solutions provides an easy way for vendors to keep track of personnel Security Awareness certifications through CJIS Online. Upon approval for the program, the Vendor Administrator will be issued a CJIS Online account with administrator access, if one does not already exist. Thereafter, the Vendor Administrator can log in to CJIS Online to add personnel, assign required training, and manage certifications.

The CJIS Online portal also allows the Vendor Administrator to view which employees are authorized to participate in the program. Once the CBI reviews and approves the results of the fingerprint-based background check, authorized personnel will have an entry made by the Colorado Bureau of Investigation in the Fingerprint Information section of the Vendor Employee Details screen.

Employee Separation and Subsequent Denial Notifications

If participating employees no longer work for the vendor, the Vendor Administrator must notify the CBI's CJIS Vendor Management Group immediately (CJIS Security Policy 5.12.2).

If a previously-approved vendor employee is found to no longer be authorized to access CJI, a notification will be sent to the Vendor Administrator, as well as any criminal justice agencies with whom they contract, to inform them that the individual may no longer access CJI.

For more information, please contact the CIMU CJIS Compliance Team at (303) 239-4222 or cdps.cbi.cjisvendors@state.co.us.

PDF icon Vendors and CABS.pdf100.18 KB
PDF icon Vendors and CHRI Results.pdf72.76 KB