It's obvious that electronic I-9 and also E-Verify systems can offer many benefits to organizations trying to improve and streamline their particular employment eligibility verification method. There are many compelling reasons for proceeding electronic, not the least that is the ability to shred all those messy paper forms following your records have been audited and converted into an electronic structure. What many organizations neglect, however , is that the government's target behind electronic I-9s isn't just to facilitate employer consent, but also to enhance the observance of the law. So although it's certainly a good idea to reduces costs of your operations (through a very good, electronic I-9 system), is actually equally important to conduct an intensive review of potential electronic I-9 solutions to ensure they'll handle an ICE investigation. To Read the Electronics articles, click here
Often the Audit Trail

There are a coordinator of factors that you should consider in picking out an electronic I-9 system. These kind of factors include security, simplicity, cost efficiency, and the chance to track usage or "auditability". Some of these factors are employer-driven, whereas others derive from legal requirements spelled out in ice interim final regulations the money to meet electronic I-9s (which usually are soon to be made final).

One of the more stark provisions inside regulations states that ITS POLAR ENVIRONMENT can essentially "invalidate" a digital I-9 (pretend an employer to be able to do one) if one of often the "recordkeeping standards" has not been found. Why is there such a atrocious provision for what many will consider an innocent admin mistake? Essentially, it all amounts to the trustworthiness of an electronic file. In the paper world, the auditor can examine often the ink on the form, often the handwriting, evidence of alterations, and so forth Conversely, an electronic form (in simple PDF) yields non-e of these clues for an juger to review.

To overcome this condition, ICE included a fairly large yet significant requirement for a digital I-9 system: it must be competent to produce "the electronically located Forms I-9, any aiding documents, and their associated exam trails, reports, and other records used to maintain the authenticity, condition, and reliability of the files. " What does that mean? In a different place in the regulation, ICE details that an audit trail is often a record showing who has looked at a computer system and the things performed within or on your computer - which is taken to show that everything that transpires in the process must be key logged, traceable, and reviewable by an official agent.

Sounds simple enough, suitable? Computer systems are already monitoring all of our every move on the Internet; must not be a big deal for an electronic I-9 system to do so. Well, maybe or maybe not.

Yes, it is possible for an electric powered I-9 system to achieve this amount of sophistication through a comprehensive and also well-planned framework that brings together detailed event and customer tracking and internal regulates to ensure the integrity of the method. Implementing such a system, still requires a design choice (on the part of the vendor) that may be difficult to implement and pricey to maintain. Many software applications are unsuccessful in this regard, offering only the typical "material change of data" audit trail which exhibits just the key relevant adjustments (or milestones) to the I-9 record. Unfortunately, this doesn't actually tell the whole story, of course, if you're in the unenviable placement of talking to an SNOW forensic auditor, the whole history is what you need.

For example , a company00 changed over to an electronic I-9 system about 2 years before. This system was offered by their particular payroll company, and has been sold to the company on the principle that the payroll company could be handling all their employee's requires as it related to employment. This may not be a bad pitch, particularly to be able to smaller employers who tend not to generally have the capacity to totally staff an HR section. Unfortunately for this employer, one year later ICE came in and questioned to audit all of the I-9 records for its approximately 55 employees. During that one year regarding I-9s the company had included about 100 I-9s to the system, including 30 fresh hires. But , there was simply no electronic tracking system into position for the I-9s, no way to be aware of if the I-9s had been concluded timely, and no way to learn if the I-9s had been improved in any way. This company is still litigating these issues, and is experiencing serious fines, even though all their electronic I-9s "appeared" okay.

In audits of electric powered I-9 systems, ICE toward take the approach that every area of that electronic system need to be "auditable, " In other words, ITS POLAR ENVIRONMENT wants to be able to verify who else entered each piece of information, what was entered, and when they were doing so.

Best Practices for an Fehaciente I-9 Audit Trail

The best goal of your I-9 software program (from a risk administration perspective) is to ensure that the actual electronic I-9 records precisely represent the attestations created by both the employee and company and guarantee complete self-confidence in the integrity of the program used to facilitate that procedure. Assurance of the integrity associated with I-9 data is accomplished through technology coupled with inner policies and procedures to make sure that:

I-9 transactions (view, include, update, delete, etc . ) are limited to authorized customers. I-9 data has not been jeopardized by unauthorized or certified means. All changes to the actual I-9 data are supervised. In order to achieve this level of complexness, security must be implemented in both the perimeter and software levels, as well as through comprehensive data audit trails as well as logging. The following three "best practice" points describe exactly how this can be realized (and much more importantly) what to look out for whenever reviewing electronic I-9 review trail capabilities.

1 . Review trail must be independently created from the I-9 system. Numerous systems only have built-in "application-level" audit trails (i. electronic., it will only track what you are in the interface), which do not offer reasonable assurance that the information has not been altered by another source (e. g., set update job, data importance via an HRIS, etc). The better method is to produce a total audit trail of all modifications made to the I-9, documenting the "who, what, whenever and where" of the modify, regardless of where it occurred. A good auditing system which works at the database level, as opposed to the application level, is really the only real means to ensure auditing of most I-9 data changes created by any possible means.

installment payments on your Audit trail should track record all activity that occurs in the system in order to disclose the entire life of the I-9 with uncontestable details. At the bare minimum, the system should track record:

Name of employee/record for the purpose the data was changed

Sort of event (i. e. improvement, update, etc . ) Particular date and time stamp (down to the second) Name on the user who made typically the change as well as the IP address Typically the button clicked (or motion taken to make this record a event) The field that was transformed The old data (if there were any) The new data (if any was added) Additionally , a conservative reading on the regulations dictates that the I-9 system should also track each time a record is "accessed or maybe viewed" and record typically the identity of the user, typically the date of access, along with page(s) viewed.

3. I-9 Records must be irrefutably from the electronic signature and just about any supporting documents. Another important component is the method by which the software program attaches an electronic signature on the I-9 record. While electronic digital signatures are technology-neutral, you should still demonstrate the standing of the process that created along with preserved the records showcased. To make this assessment, ICE-CUBES may evaluate the overall durability of the signature by looking at the method of authentication when looking for potential security troubles. Many industry experts recommend employing a multi-factor signature process which often combines an affirmative assent plus a second level of identity to attest to authorship through use of a randomly created PIN, biometric scan, safe ID card, or electronic signature. Strengthening the signature bank process in this fashion not just satisfies regulatory requirements, but additionally minimizes the risk that GLACIERS will question the quality of the signature.

There are a variety associated with other technical considerations (separate and distinct from review trails) that must be examined whenever selecting an I-9 software program. While the task may seem challenging, it ultimately comes down to executing your due diligence. Claims tend to be easy, but proof is not easy, so make sure to request a duplicate of your vendor's audit paths and other documents to see on your own whether they meet regulatory specifications. Lastly, whether you're inspecting audit trails, reviewing general compliance, or investigating merchant stability, it pays to educate yourself about electric I-9s, consult experienced immigration counsel familiar with such techniques, and ask hard questions.