As detailed in the Audit Initiation section, the Audit Initiation Form must be used to initiate all audits.
Once the Audit Initiation Form has been submitted and the PRC has complete information, an OAS administrator will take the necessary steps to confirm that all individuals requesting access to the system are in fact authorized.
For auditors, the OAS administrators will confirm that the auditor has an active certification, has completed the annual information security course, and has been approved by the PREA Management Office to proceed with the audit (as outlined in the PREA Audit Assignment System tab found here).
For PREA Coordinators and PREA Compliance Managers who are new to the OAS, an OAS administrator will complete the new user confirmation process. First, an administrator will email the Supervisor Confirmation Form(s) to the supervisor(s) indicated on the Audit Initiation Form. Each supervisor must complete and submit their Supervisor Confirmation Form. Once their forms have been submitted, an OAS administrator will call the supervisor to verify the information provided on the form. This two-step process is required to ensure that individuals with access to the system are authorized users. This helps to maintain the security of the system and to protect the materials stored in it. Once a PREA Coordinator or Compliance Manager is confirmed, their confirmation is valid for one year. After one year, all users will need to be reconfirmed (see below).
For PREA Coordinators and PREA Compliance Managers with existing OAS accounts, an OAS administrator will check to see whether the user requesting access has been confirmed at their role for the facility or agency in the past year. If the user has been confirmed at their role for the facility or agency in the past year, the OAS administrator does not need to complete the reconfirmation process. If the user has not been reconfirmed within the past year, the OAS administrator will send an email to the user’s supervisor to confirm that the user is still in the same role. Verbal communication is not required for reconfirmation. Finally, if a user has an existing OAS account, but has changed role, facility, or agency, the OAS administrator will need to complete the new user confirmation process.
After the verification process is complete, an OAS administrator will set up the audit and users will be granted access to the OAS. All users will receive emails from the OAS indicating that an audit has been created and that their account has been set up (see the OAS User Guides for more information). Users who are new to the Online Audit System will receive a separate email from the OAS with their log-in information. New users should log in to the OAS as soon as possible after receiving this initial email to set up their password and two factor authentication (Duo authentication).
Note: An audit cannot begin, and access to the OAS cannot be provided, until the verification process has been completed.
For questions about audit and user account creation in the Online Audit System, contact OAS tech support.