Thanks to a Freedom of Information Act request from LawLogix, a memorandum from the Executive Associate Director of Homeland Security Investigations (HSI) that provides guidance to all HSI field offices on the collection of electronically generated I-9 forms and the minimum electronic audit trail requirements for use in contemplating civil fines was released to the public.
As background, every electronically generated or stored I-9 form must meet all of the requirements for electronic I-9 found in the regulations. One requirement is the form must be accompanied by an audit trail. The HSI memorandum states in part that whenever an electronic Form I-9 record is created, completed, updated, modified, altered or corrected, a security and permanent record must be created (audit trail) that establishes the date accessed, who accessed it and what action was taken. The HSI memorandum attaches a flow chart and example audit trial to illustrate the minimum acceptable standards for electronically generated I-9 forms.
The HSI memorandum also states that, in addition to the audit trail, special agents or auditors must request the name of the software product being utilized and any internal business practices and protocols related to the generation of, use of, storage of, security of, and inspection and quality assurance programs for the electronically generated Forms I-9.
Moreover, the HSI memorandum states that the employer being audited should provide the indexing system identifying how the electronic information contained in the Form I-9 is linked to each employee and documentation of the system used to capture the electronic signature, including the identity and attestation of the individual electronically signing the Form I-9.
Finally, the HSI memorandum recommends that special agents or auditors request access to the electronic system for a demonstration of the generation of an electronic I-9 form.
What is the take away? Recall that HSI has very clearly stated in the past that it would hold employers responsible for the mistakes and errors of their electronic I-9 vendors buyer beware. While HSI agents and auditors may not have dug into the dirty details of these systems during past audits, the days of employers getting a pass due to a lack of guidance or knowledge have past. If an employer is unsure if its electronic I-9 vendors system is in compliance with this guidance and the applicable regulations, now is the time to find out.
If you would like a copy of this memorandum, please contact us and we will be happy to send it your way.