This site is best experienced in a newer version of your browser. Please take a few seconds to upgrade your browser.

Through a cooperative agreement between BJA and NCCD

Audit and Compliance

1. What information is forthcoming on the audit?

Click here for the latest information on audits.

Last updated March 14, 2013.


2. Does my agency have to audit exactly one third of its facilities each year? We are on an ACA audit schedule and ACA does not audit exactly one third of our agencies per year. Do we need to change the auditing schedule to comply with PREA?

Standard 115.401 focuses on audit frequency, timeframes, and specifies, and requires that the agency shall ensure that each facility operated by the agency, or by a private organization on behalf of the agency, is audited at least once during each three-year period. The standards require an audit during each one-year period of at least one-third of each facility type (prison, jail, juvenile facility, overnight lockup, and community confinement facility) operated by an agency or by a private organization on behalf of an agency.

There are two other FAQs that focus on what happens if an agency does not audit exactly one-third of its facilities each year, as follows:

Please click here to read the FAQ that describes what happens to an agency’s three-year audit timeline if it fails to have the required minimum of one-third of its facilities audited by August 19, 2014.

Please click here to read the FAQ that addresses whether there is a time limit to the number of years that a state can submit an Assurance without a reduction in Department of Justice (DOJ) grant funding.

While agencies are not prohibited from coordinating the timing of ACA audits with PREA audits, agencies must audit one-third of each type of facility as specified in Standard 115.401(b), irrespective of the timing of any ACA audit schedule.

Last updated January 14, 2015.


3. What is the minimum period of time, prior to the start of an audit, that an agency needs to demonstrate compliance with the standards in order to achieve favorable audit findings? For example, if an agency can demonstrate it is in compliance on a specific standard for 30 days prior to the audit, but not the eight months prior to the audit, is the agency considered compliant?

DOJ recognizes that audits conducted toward the beginning of the first audit cycle, which begins August 20, 2013, will take into consideration the fact that facilities will have spent a significant period of time institutionalizing the standards. By contrast, a short period of compliance during the end of the audit review period (meaning closer to August 2014 or thereafter) would not be sufficient to achieve compliance. DOJ is working with the PRC to define specific measures auditors will use to assess compliance. Additional information will be forthcoming soon. Additionally, pursuant to PREA Standard 115.404(d), facilities that auditors find not in compliance with provisions of PREA have an automatic 180-day corrective action period during which auditors will work with agencies to remedy and verify remedial action for any deficiencies. This process provides additional time for facilities to achieve compliance before the auditor issues a final audit determination.

Last updated March 14, 2013.

 

4. How long must an agency and facility be in compliance with a particular standard or provision before an auditor should find that a facility meets a standard?

A demonstrated record of sustained compliance with a standard during the one-year period preceding the audit will be sufficient to demonstrate audit compliance. Shorter periods of compliance may or may not result in an auditor’s finding of meets or exceeds a standard subject to the guidance below.

In general, auditors will need to see that compliance with a particular standard has become “institutionalized” at the facility. That is to say that a “quick fix” on the day of an on-site tour should almost never be sufficient for the auditor to find compliance. A short period of compliance during an otherwise sustained period of noncompliance should generally result in a finding of “does not meet standard.” By contrast, a discrete period of noncompliance during a period of otherwise sustained compliance should not, by itself, result in a finding of “does not meet standard.” The length of time required to demonstrate sustained compliance will depend upon the requirements of the individual provision being assessed. In any event, the auditor should be provided with sufficient evidence that the facility’s technical and short-term compliance has been “institutionalized” at the facility.

The following is an example of institutionalization: If a facility or an auditor determines that a new external reporting mechanism is required to comply with § 115.51(b), the mere creation of a satisfactory avenue for external reporting will effect several other standard requirements. The auditor may determine that the new external reporting mechanism should be included in the written policies outlining the agency’s approach to preventing, detecting, and responding to sexual abuse. See 28 C.F.R. § 115.11(a). The auditor may determine that employees, contractors, and volunteers need to be trained on the new reporting mechanism. See 28 C.F.R. §§ 115.31 and 115.32. This will generally require modification, approval, and implementation of the training curriculum. Inmates must receive information on the new reporting mechanism during intake and as part of the 30-day comprehensive inmate education. See 28 C.F.R. § 115.33. The auditor may determine that the inmate education curriculum must be modified, approved, and implemented before these requirements are satisfied. Further, because existing inmates had not been previously provided with comprehensive inmate education setting forth an appropriate avenue for external reporting, all inmates must be informed of the new reporting mechanism. See 28 C.F.R. § 115.33(c). If the new external reporting mechanism also serves as the avenue for the facility to receive third-party reports, then the new reporting mechanism must be reflected on the publicly distributed information pursuant to § 115.54.

It is important to note that, while a facility corrective action period may last for up to 180 days following the auditor’s issuance of the interim audit report, some corrective action will not require the full 180 days to complete and verify. Indeed, minor or technical violations with the standards may be remedied prior to the 30-day deadline for the auditor to issue the interim audit report—if, unlike the example provided above, the standard at issue does not implicate other related standards.

The standards require that each facility be audited at least once during the three-year audit cycle. See 28 C.F.R. § 115.401(a). Further, the standards require an auditor to review, at a minimum, a sampling of relevant documents and information for the most recent one-year period. See 28 C.F.R. § 115.401(g). Prior to the start of the first audit cycle, the Department of Justice issued the following guidance on this question:

DOJ recognizes that audits conducted toward the beginning of the first audit cycle, which begins August 20, 2013, will take into consideration the fact that facilities will have spent a significant period of time institutionalizing the standards. By contrast, a short period of compliance during the end of the audit review period (meaning closer to August 2014 or thereafter) would not be sufficient to achieve compliance. DOJ is working with the PRC to define specific measures auditors will use to assess compliance. Additional information will be forthcoming soon. See Existing FAQ (Audit and Compliance #3).

This revised and expanded FAQ includes the “additional information” referenced in that previously issued FAQ.

Last updated March 18, 2015.


5. Please provide recommendations for identifying an auditor while maintaining appropriate independence from the state criminal justice department. What role, if any, should the state criminal justice department play in identifying the auditor? Will the DOJ publish a list of certified PREA auditors?

Prospective auditors will apply to be PREA-certified auditors. Only DOJ can certify auditors. In order to be certified, auditors must 1) meet a number of qualifications; 2) submit to a criminal records background check; and 3) pass DOJ-developed auditor training. DOJ holds auditor trainings approximately every other month throughout calendar year 2014. For exact dates click here. A complete list of PREA-certified auditors is maintained publicly on the PRC website here.

DOJ has not placed restrictions on how agencies choose auditors. Each agency should develop its own process, consistent with PREA Standard 115.402, which provides that 1) the auditor cannot be part of, or under the authority of, the agency (but may be part of, or authorized by, the relevant state or local government); 2) an auditor cannot be a person who has received financial compensation from the agency being audited (except for compensation received for conducting prior PREA audits) within three years prior to the agency’s retention of the auditor; and 3) the agency cannot employ, contract with, or otherwise financially compensate the auditor for three years subsequent to the agency’s retention of the auditor, with the exception of contracting for subsequent PREA audits.

Last updated March 14, 2013. 

 

6. What constitutes “overnight” for purposes of PREA Standard 115.193, which states that “[a]udits need not be conducted of individual lockups that are not utilized to house detainees overnight?”

As a general matter, the term “overnight” is construed as a period of seven or more continuous hours between 8:00 p.m. and 8:00 a.m. In situations where the facility has only a remote chance of meeting the above time period threshold, or does so only in rare circumstances (less than one time per month on average), the facility will not be considered “overnight.”

Last updated March 26, 2014


7. How long must the documents that auditors relied on for making audit determinations be retained?

These documents must be retained for 12 months following the deadline for any agency audit appeal. Because audit appeals must be lodged within 90 days of the auditor’s final report, auditors must retain these documents for 15 months following the issuance of the final audit report. Longer document retention may be required in particular instances if so requested by the US Department of Justice.

Last updated March 26, 2014.

 

8. What is the scope of the requirement in § 115.401(j)? To what extent can and will this provision be enforced?

Relevant Standard:
(j) The auditor shall retain and preserve all documentation (including, e.g., video tapes and interview notes) relied upon in making audit determinations. Such documentation shall be provided to the Department of Justice upon request.

Existing FAQ (Audit and Compliance #7):
How long must the documents that auditors relied on for making audit determinations be retained? These documents must be retained for 12 months following the deadline for any agency audit appeal. Because audit appeals must be lodged within 90 days of the auditor’s final report, auditors must retain these documents for 15 months following the issuance of the final audit report. Longer document retention may be required in particular instances if so requested by the US Department of Justice.

This standard clearly establishes that it is the auditor who is responsible for retaining and preserving all documentation relied upon in making audit determinations. This includes both documentation relied upon in finding that a facility does not comply with a standard, as well as documentation relied upon in finding that a facility does meet or exceed a standard. If an auditor fails to comply with this provision, the auditor will be subject to actions that bear on the auditor’s continued DOJ certification status (e.g., retraining, restrictions on a certification, decertification, or denial of application for recertification).

The Department of Justice is in the process of finalizing an Online PREA Audit Instrument that agencies and auditors may choose to utilize for securely retaining the documents and information that could be used to satisfy the auditor’s document retention pursuant to § 115.401(j). The following guidance is provisional and subject to change once the Online PREA Audit Instrument becomes available and fully functional:

An auditor “retains and preserves” all documentation when: 1) the auditor has the continued ability to identify and access the documentation for 15 months following the issuance of the final audit report; and 2) the auditor can, upon request, provide the documentation to the Department of Justice or direct that the documentation be provided to the Department of Justice.

Auditors will typically review and evaluate documentation in two separate circumstances: 1) off-site, before conducting an audit (and potentially post-audit, if needed) and 2) on-site, during an audit. Each circumstance is discussed separately below.

A. Documents that an auditor receives off-site, either before or after an audit.

The PREA Compliance Audit Instrument Checklist of Policies/Procedures and Other Documents lists many documents and categories of documents that an auditor may request and receive from the facility or agency pre-audit. This checklist is not exhaustive. The PREA standards clearly state that an auditor “shall be permitted to request and receive copies of any relevant documents (including electronically stored information).” 28 C.F.R. § 115.401(i).

An auditor may also receive pre-audit documents from other sources, including inmates or community members. This category of documents is straightforward: An auditor must retain and preserve any documents that the auditor has physically or electronically received outside of an on-site audit for the 15-month retention period referenced above.

An auditor currently has the following options for preserving this documentation:

paper copies or other physical format (e.g., video);

any electronic format in the auditor’s physical control (e.g., documents scanned to a computer, thumb drive, or disc); and

any secure electronic format that is accessible to the auditor (e.g., the forthcoming Online PREA Audit Instrument or other secure cloud-based storage).

In selecting a combination of one or more of the formats enumerated above, an auditor must ensure that he or she will be able to readily identify and access all documentation as needed for 15 months after the issuance of the final audit report, and be able to provide it upon request by the Department of Justice.

B. Documents that an auditor receives or reviews on-site, during an audit.

The PREA Compliance Audit Instrument Checklist of Policies/Procedures and Other Documents also lists many documents and categories of documents that an auditor will review during the on-site audit. To the extent practicable, auditors are encouraged to employ one or more of the methods listed above in A.1-3 to retain and preserve much of the on-site documentation for the 15-month retention period. However, some documentation may be extremely burdensome to physically copy or scan. An auditor may consider contracting with the agency or facility, whereby the agency or facility maintains physical possession of the documentation but allows the auditor continued access to the documentation, if needed, and the agency or facility also agrees to allow the documentation to be provided to the Department of Justice, if the Department requests the documents pursuant to § 115.401(j).

This latter option raises several issues:

The auditor must have the ability to identify the documentation. As an initial matter, then, the auditor must take and maintain scrupulous notes regarding which documentation he or she reviewed during the audit. For example, the auditor could note “training files of every employee hired during the year 201X” or list the actual names of each employee whose training file the auditor reviewed. By contrast, a note of “reviewed 15 training files” would not be sufficient to identify the underlying documentation.

Once the auditor has ensured that his or her notes sufficiently identify the documentation, the auditor must ensure that, for the entire retention period, he or she has the continued ability to identify the documentation. That is, the auditor must understand the facility or agency’s record-keeping system so that the auditor could readily identify, find, and retrieve the documentation for up to 15 months after submission of the final audit report.

Once the auditor has ensured preliminary and continued identification of the documents, the auditor must ensure that he or she will have continued access to the identified documents during the 15-month retention period. The auditor may choose to ensure his or her continued access to the documentation by adding a clause to the auditing contract requiring the agency to provide the on-site documentation to the auditor and the Department of Justice upon written request with reasonable notice during the 15-month retention period.

Finally, the auditor must ensure that he or she can provide the documentation to the Department of Justice upon request, either personally or by directing the agency or facility to do so within the 15-month retention period. Again, the auditor may accomplish this by adding a contract clause stating that the agency or facility agrees to provide the identified documentation to either the auditor or the Department of Justice.

It is important to note that, regardless of any contractual relationship the auditor may enter into with an agency or facility, it is the auditor who retains ultimate responsibility for his or her compliance with this standard. If an auditor fails to retain and preserve all relevant documentation for the 15-month retention period, or fails to provide the documentation to the Department of Justice upon request, he or she will face actions that could bear on the auditor’s continued DOJ certification status.

Last updated March 18, 2015.


9. Can PREA auditors engage support staff to assist with completing PREA audits? 

PREA auditors may employ staff to provide assistance, including conducting interviews, but the DOJ-certified auditor is ultimately responsible for the final audit. In addition, the certified auditor is required to be present for, and supervise, the entirety of the on-site portion of the audit; to be the counterparty in an agency’s contractual engagement for the conduct of the audit; and to sign and certify the interim and final audit reports.  Failure to adequately supervise such support staff could have consequences for the responsible auditor, up to and including decertification by the Department of Justice.  

Last updated December 5, 2013.


10. Do any of the conflict rules governing who can conduct an audit of a given agency’s facilities apply to the staff they hire to help them conduct that audit?

The same restrictions regarding auditor conflict of interest also apply to staff who auditors hire to help conduct the audit.  Consistent with PREA Standard 115.402: 1) the auditor cannot be part of, or under the authority of, the agency (but may be part of, or authorized by, the relevant state or local government); 2) an auditor cannot be a person who has received financial compensation from the agency being audited (except for compensation received for conducting prior PREA audits) within three years prior to the agency’s retention of the auditor; and 3) the agency cannot employ, contract with, or otherwise financially compensate the auditor for three years subsequent to the agency’s retention of the auditor, with the exception of contracting for subsequent PREA audits.

Last updated June 11, 2014

 

 

11. Is reciprocal auditing conducted by employees of two confinement agencies permissible?

An auditor who is employed by one correctional agency may not conduct an audit of another correctional agency if an auditor employed at the time by the latter agency has concluded an audit of the former agency within the prior twelve months.

Last updated July 9, 2013.


12. I understand that reciprocal auditing is not permitted, but what about “circular auditing?”

Circular auditing, in which a consortium of three or more States, or three or more local jurisdictions, agrees to perform audits at facilities in other consortium States, is permissible, with a few caveats. First, the circular auditing schedule must be developed so that no audits would be considered impermissible reciprocal audits (see FAQ #9 under Audits and Compliance section of FAQ).  Second, no audits can be allowed in cases in which the auditor’s agency contracts for space in the facility being audited.  

Last updated December 5, 2013.


13. Should an auditor’s final report reflect deficiencies that were found in the interim report and actions taken to correct them during the corrective action period? 

Auditors are required to submit a report to the audited agency within 30 days of completion of an on-site audit.  It is expected that if an auditor determines that a facility does not meet one or more of the standards, this report will be considered an “interim report,” triggering a 180-day corrective action period, and the auditor will include in the report recommendations for any required corrective action and shall jointly develop with the agency a corrective action plan to achieve compliance.  The auditor is required to “take necessary and appropriate steps to verify implementation of the corrective action, such as reviewing updated policies and procedures or re-inspecting portions of a facility.”  At the completion of the corrective action period, the auditor has 30 days to issue a “final report” with final determinations.  Section 155.404 (d) states that, “After the 180-day corrective action period ends, the auditor shall issue a final determination as to whether the facility has achieved compliance with those standards requiring corrective action.”  The final report, which is a public document that the agency is required to post on its web site or otherwise make publicly available, should include a summary of the actions taken during the corrective action period to achieve compliance.

Last updated April 23, 2014


14. What are the financial consequences to a state if it is not in compliance with the standards?

The PREA statute provides that a state whose governor does not certify full compliance with the standards is subject to the loss of five percent of any DOJ grant funds that it would otherwise receive for prison purposes, unless the governor submits an assurance that such five percent will be used only for the purpose of enabling the state to achieve and certify full compliance with the standards in future years. 42 U.S.C. § 15607(e). For more information on the certification process, click here to access the letter sent from the Department of Justice to all state governors.

Last updated March 14, 2013.


15. At what stage in the audit process is an audit considered complete for the purposes of meeting the requirement that one-third of an agency’s facilities be completed by the end of each year in the auditing cycle?

For the purpose of the PREA standards, the audit is considered complete upon issuance of the initial audit report or 30 days after the conclusion of the audit’s on-site visit to the facility, whichever one comes first.

Last updated June 20, 2014.


16. Can an auditor find a federal Bureau of Prisons, state, county, or other local or private facility compliant with the PREA standards if an entity external to the confining agency, which conducts criminal investigations of sexual abuse in the facility being audited, is not compliant with the external investigative entity’s obligations under § 115.21, § 115.22, § 115.34, and § 115.71?

Yes, provided that the confining agency and facility being audited has met its own specific obligations under these standards. For example, § 115.21(f) requires the confining agency to request that the relevant external investigating entity follow the PREA standards regarding a uniform evidence protocol and forensic medical evaluations.

The four PREA standards referenced above explicitly apply to DOJ and state entities that are responsible for investigating allegations of sexual abuse in adult prisons, jails, lockups, community corrections facilities, and juvenile facilities. See, §§ 115.21(g)(2), 115.22(e), 115.34(d), and 115.71(k)&(l).

Last updated April 23, 2014.


17. In regard to §§115.21, 115.22, 115.34, and 115.71, what is required of agencies being audited, auditors, and external entities that conduct investigations of sexual abuse and harassment, and how will these obligations be audited?

There has been confusion in the field and among the auditor community about the requirements of §§115.21, 115.22, 115.34, and 115.71 as they pertain to investigators who are external to the agency being audited. The following guidance is offered to auditors and agencies subject to a PREA audit in order to clarify what obligations auditors and audited agencies have vis-à-vis those provisions that obligate external investigative agencies to comply.

The information in this FAQ is consistent with and expands upon the FAQ that focuses on whether an auditor can find an entity being audited to be compliant with the PREA Standards if an entity external to the confining agency, which conducts criminal investigations of sexual abuse in the facility being audited, is not compliant with the external investigative entity’s obligations under the standards. To review this FAQ, please click here.

Responsibilities of Audited Agencies and Auditors under §115.21

Under §115.21, the agency (a private, federal, state, county, or other local entity) being audited must demonstrate to the auditor that it has attempted to gain compliance from an external entity that conducts criminal investigations of sexual abuse with requirements (a) through (e) of that standard—that is, the agency being audited must have requested that the external entity responsible for investigations comply with all those provisions described in (a) through (e) of §115.21.

Auditors may find that the private, federal, state, county, or other local entity being audited has attempted to confirm that an external investigator is complying with (a) through (e) of the standard, and was unable to get such confirmation. In that case, the agency being audited can be found compliant with the standard, if they have documented these efforts.

Responsibilities of Audited Agencies and Auditors under §115.22

The requirements of §115.22 work in a way that is consistent with §115.21. If an external entity conducts criminal investigations of sexual abuse for the agency (a private, federal, state, county, or other local entity) being audited, the agency must have a policy in place that makes explicit both the responsibilities of the agency in a criminal investigation and the corresponding responsibilities of the external investigating entity. The agency being audited also must publish that policy on its website or make it available through other means if the agency has no website of its own. There is no exception here—the policy must be in place, as it is an agency policy, not the policy of the external investigator, and the agency can describe the respective roles and responsibilities in its own policy, regardless of whether the external investigating entity has a corresponding policy of its own.

Auditors must confirm that a policy is in place that makes explicit both the responsibilities of the agency in a criminal investigation and the corresponding responsibilities of the external investigating entity, and that the agency has published that policy on its website or has made it available through other means if the agency has no website of its own. 


Responsibilities of Audited Agencies and Auditors under §115.34

§115.34 describes the specialized training that the agency being audited must provide to its investigators in order to be PREA compliant. This standard further requires that, “any State entity or Department of Justice component that investigates sexual abuse in confinement settings must provide such training to its agents and investigators who conduct such investigations.”

The obligation of the agency being audited is to provide the required specialized training to its own investigators if they conduct sexual abuse investigations, whether administrative or criminal. External State and Department of Justice investigative entities that conduct investigations of sexual abuse in confinement bear a separate obligation to train their agents and investigators per the standard, and that obligation does not lie with the agency being audited. Auditors should not assess compliance with these training requirements by external entities.

Responsibilities of Audited Agencies and Auditors under §115.71

§115.71(a)-(j) sets out the requirements for both administrative and criminal investigations of sexual abuse and sexual harassment, and describes when, how, and by what standards those investigations should be conducted. §115.71(a)-(j) also reiterates the requirement that investigators who conduct those investigations must have received specialized training described in §115.34.

§115.71(k) requires that any external State entity or Department of Justice component that conducts these investigations in a confinement setting do so according to the requirements laid out in this standard.

§115.71(l) requires that the facility being audited cooperate with any outside investigative agency conducting sexual abuse investigations in the facility and must remain informed about the progress of the investigation.

The obligations under §115.71 of the agency being audited are to ensure that:

Its own investigators comply with this standard; 
It cooperates with external investigators; and 
It remain informed about any investigation being conducted by external investigators.

It is the responsibility of auditors to assess whether these obligations are being met by the agency being audited.

The obligation placed on external State entities and Department of Justice component investigators conducting sexual abuse investigations in a confinement facility to comply with the requirements laid out in this standard rests with the State entity or Department of Justice component. Auditors should not assess compliance with these obligations by external entities. 


Summary of Implications for Auditors

Consistent with the requirements stated above of §§115.21,115.22, 115.34, and 115.71, and as articulated in the FAQ that can be accessed by clicking here, the Department of Justice (DOJ) has determined that auditors should not:


Assess whether external entities that conduct criminal investigations of sexual abuse and sexual harassment for the agency being audited are in compliance with the PREA Standards. The sole focus of the audit is to determine whether the agency (a private, federal, state, county, or other local entity) being audited is in compliance with the standards. 


Include in interim or final audit reports information about compliance with the standards on the part of external entities that conduct criminal investigations of sexual abuse and sexual harassment. The sole focus of these reports is to document whether the agency (a private, federal, state, county, or other local entity) is in compliance with the standards. 


Affirmative Obligations of External Entities that Conduct Investigations to Comply with the PREA Standards

Standards §§115.21, 115.22, 115.34, and 115.71 do impose affirmative obligations to comply on both external State entities and Department of Justice (DOJ) components that conduct sexual abuse investigations in confinement. Nothing in this guidance changes that obligation. However, confirming compliance with these standards by external entities during a corrections facility/agency audit is beyond the scope of that audit. DOJ is working to develop tools to assist these external entities, state and territorial governors who are responsible for certifying full compliance with the PREA Standards, and others to assess whether these external entities are in compliance with their affirmative obligations under the standards.

Last updated February 19, 2015.


18. What happens to an agency’s three-year audit timeline if an agency fails to have the required minimum of one-third of its facilities audited by August 19, 2014? 

The standards require generally that an agency must have “at least one-third” of its facilities audited during each one-year period, which began on August 20, 2013; and that all facilities must be audited by the conclusion of each three-year period, which began on the same date.  See 28 C.F.R. § 115.401(a)&(b). Compliance with the audit timeline is evaluated both on a year-to-year basis and at the conclusion of the three-year audit cycle.  Failure to comply with the audit timeline during the initial year of an audit cycle does not preclude compliance during years two and three of an audit cycle.  Similarly, failure to comply with the audit timeline during the first two years of an audit cycle does not preclude compliance during the final year of each audit cycle.  It is important to note that, for purposes of complying with § 115.401(a) (requiring audits of each facility during the three-year audit cycle), agencies must ensure that each facility is audited at least once by August 19, 2016, and during every three-year anniversary thereafter. 

a. By way of hypothetical, what happens if an agency has seven facilities but receives no audits by the conclusion of the first year of the first audit cycle (by August 19, 2014)?

The agency would not be fully compliant with the PREA standards as of August 20, 2014. However, the agency may still become fully PREA compliant during the second year and the third year of the audit cycle. For purposes of the audit cycle, compliance is determined during each specific audit cycle year. So if this agency obtains three facility audits (at least one-third) between August 20, 2014 and August 19, 2015, then the agency would be PREA compliant with the audit cycle during that year.

During the final year of the audit cycle (ending August 19, 2016), however, the agency would be required to have all four remaining facilities audited. This is because an agency has a separate obligation under the standards to ensure that “each facility” must be audited “at least once” during the three-year audit cycle (concluding on August 19, 2016). See 28 C.F.R. § 115.401(a).

b.  As another hypothetical, what happens if an agency has only one facility but receives no audit by the conclusion of the first year of the first audit cycle (by August 19, 2014)?

Because the standards require that an agency have “at least” one-third of its facilities audited during each year of the three-year audit cycle, an agency with a single facility is required to receive an audit during the initial year of the audit cycle to be compliant as of August 19, 2014.  In other words, an agency with a single facility cannot be said to have had at least one third of its facilities audited by August 19, 2014, if it has had no facility audits.  However, a single-facility agency could become fully compliant at any point during the remainder of the three-year audit cycle (concluding on August 19, 2016) subject to a successful audit of that facility.  So for example, a single-facility agency that is not compliant as of the conclusion of the first year of the audit cycle because it had received no audits by August 19, 2014, could nevertheless become fully compliant with the audit standards if it receives an audit one month later (early in the second year of the audit cycle) and would remain compliant with this standard through the remainder of the first audit cycle.

Last updated April 23, 2014.


19. Is it ever appropriate for auditors to require the installation of cameras as part of a corrective action plan?

No, with respect to adult confinement facilities. Generally, no, with respect to juvenile facilities. In juvenile facilities that include specific camera coverage in their staffing plan, the absence of such camera coverage may appropriately provide the basis for an auditor to either insist on the camera requirements in their staffing plan or require that the staffing plan be amended. Note that there are different requirements regarding the deployment of video monitoring technology among the four sets of standards.

Prisons, Jails, Lockups, and Community Confinement Facilities

In adult facilities (adult prisons and jails; lockups; and community confinement facilities), the standards require facilities to develop and document staffing plans that provide for “adequate levels of staffing, and, where applicable, video monitoring, to protect inmates against sexual abuse.” See 28 C.F.R. §§ 115.13(a), 113(a), and 213(a). These standards require that facilities consider several enumerated factors in the development of the staffing plan, including, among other things, the physical layout of the facility. See also 28 C.F.R. §§ 115.13(a)(5) (“including ‘blind spots’”). In adult facilities, agencies are required to make “best efforts” to comply with the staffing plan and/or to “document and justify” deviations from it.

The adult standards also require agencies to reassess the adequacy of the “facility’s deployment of video monitoring systems and other monitoring technologies…[w]henever necessary, but no less frequently than once each year…” See 28 C.F.R. §§ 115.13(c), 113(c), and 213(c).

Finally, the adult standards require agencies “[w]hen installing or updating a video monitoring system, electronic surveillance system, or other monitoring technology…to consider how such technology may enhance the agency’s ability to protect inmates from sexual abuse.” See 28 C.F.R. §§ 115.18(b), 118(b), and 218(b).

Within this context, agencies have considerable discretion regarding how best to allocate resources devoted toward developing and implementing their staffing plans. For example, in developing an adequate staffing plan, an agency may choose to emphasize higher staffing levels rather than comprehensive video monitoring. Indeed, best practices suggest that video monitoring is not an adequate substitute for sufficient numbers of staff. In any event, so long as the above requirements are complied with (e.g., make best efforts to comply, document and justify deviations, and consider how technology may enhance protections), then the failure to incorporate or add video monitoring technology does not cause a facility to be out of compliance with the standards. Accordingly, it is not appropriate for an auditor to specifically require the addition of video cameras as a condition of finding compliance.

Juvenile Facilities

Unlike the adult facility standards, the juvenile facility standards require agencies to “implement…a staffing plan that provides…where applicable, video monitoring, to protect residents against sexual abuse.” See 28 C.F.R. § 115.313(a). The staffing plan must take into consideration, among other things, “the facility’s physical plant (including ‘blind spots’ or areas where staff or residents may be isolated)…” Further, the juvenile facility standards provide that the agency “shall comply with the staffing plan except during limited and discrete exigent circumstances, and shall fully document deviations from the plan during such circumstances.” See 28 C.F.R. § 115.313(b) (emphasis added).

By contrast, while adult facility standards require agencies to develop an adequate staffing plan, and to make best efforts and/or to document and justify deviations, the juvenile facility standards require agencies to comply with the staffing plan, absent exigent circumstances.

However, as discussed above with respect to the development of the staffing plan, agencies have considerable discretion regarding how best to allocate resources devoted toward developing and implementing their staffing plans. In developing an adequate staffing plan, an agency may choose to emphasize higher staffing levels rather than comprehensive video monitoring. For example, where an auditor or an agency identifies a “blind spot” that imposes considerable danger of the occurrence of sexual abuse, an agency may choose to reallocate existing staff or add staff to the area in question, rather than to install a new video camera in the area.

Accordingly, so long as the above requirements are met, the absence of a particular video monitoring system or camera would not preclude agency compliance with this standard, and it would be inappropriate for an auditor to specifically insist on the installation of a video camera (as opposed to other enhanced protective measures) in order to find compliance. However, if the staffing plan developed pursuant to this standard requires specific camera coverage, and that coverage is either not provided or inoperable, then it may be appropriate for the auditor to insist on agencies either complying with the staffing plan (absent exigent circumstances) or amending their staffing plan.

Please note the requirements for a periodic staffing plan reassessment and for consideration of the effect of video monitoring technology when installing or enhancing systems is substantively the same between adult and juvenile facilities. See 28 C.F.R. § 115.313(d) and 318(b).

Last updated September 23, 2014.

Search the PREA Library for Articles and Resources:

Sign Up for Updates

The PREA Resource Center will provide information on upcoming events, new resources to our library, and PREA-related issues in the news. Sign up to receive our communications via email.

signup