PREA Audit System Provides Tool for Auditors to Conduct Sexual Safety Audits
Highlights
- Develop a system to capture annual confinement facility sexual safety audits
- Abt developed and maintains the PREA Online Audit System.
- Abt enhances system functionality and ensures FISMA Moderate security.
The Department of Justice's PREA standards outline requirements for preventing, detecting, and responding to sexual abuse and sexual harassment in confinement facilities. Each year, hundreds of confinement facilities must be audited for compliance with these Federal standards, and complete corrective action where deficiencies are found. DOJ needed a system to capture critical information about facility compliance and corrective actions, to track key performance indicators for auditors, and to identify implementation trends in the corrections, detention, and law enforcement fields.
Abt, in partnership with the DOJ and the PREA Resource Center, designed, developed, and maintains the PREA Online Audit System (OAS), which enables correctional agencies and confinement facilities to securely upload documentation that demonstrates agency and facility compliance with the PREA Standards. The system was developed using agile principles, including iterative sprints and daily Scrum meetings, to ensure the system was built on time and on budget, and continues to fully meet the client’s and users’ expectations.
Abt released a major re-architecture of the PREA Online Audit System (OAS) to make it more responsive and efficient for a growing user base. Upgrades included:
- Migrating the system from on-premise to cloud hosting
- Replacing database servers with Amazon Web Services (AWS) Relational Database Services, and upgrading the web servers to our standard Amazon Linux 2 box with Center for Internet Security Level 2 hardening
- Implementing load balancers and autoscaling and
- Migrating the log monitoring functionality to AWS Cloudwatch and Cloudtrail.
We implemented Natural Language Processing script to evaluate the contracts between auditors and the audited facilities and agencies, which identified key variables like auditor and facility names, dates of the onsite portion of the audit, dollar values of the contract, and detecting signatures. Every day, an automated process pulls new contracts from the client’s Salesforce instance, runs the script, and sends the results back to the appropriate Salesforce audit record.
The system enables facilities and agencies to upload evidence of compliance for their auditor’s review. Auditors can review this information, make their compliance determinations, and collaborate with the audited agency and facility to determine corrective action steps, where necessary. The system’s robust content management features enable system administrators to change the language of virtually all question prompts in the system. The system has a robust export functionality, capturing audit responses and post-auditing performance indicators. Abt conducts real time monitoring and provides DOJ’s Chief Information Security Officer quarterly documentation and logs for more than 100 system security controls.