The Audit Division, Office of the Inspector General has completed an audit of the Washington State Patrol Crime Laboratory’s (WSPCL) compliance with standards governing the Combined DNA Index System (CODIS). The Federal Bureau of Investigation’s (FBI) CODIS program blends forensic science and computer technology to provide an investigative tool to federal, state, and local crime laboratories in the United States, as well as those from select international law enforcement agencies. The CODIS program allows laboratories to electronically compare and match DNA profiles in order to assist law enforcement in solving crimes and identifying missing or unidentified persons.1 The FBI’s CODIS Unit manages CODIS and is responsible for developing, providing, and supporting the program to foster the exchange and comparison of forensic DNA evidence.
The FBI implemented CODIS as a distributed database with hierarchical levels that enable federal, state, and local crime laboratories to compare DNA profiles electronically. The hierarchy consists of three distinct levels that flow upward from the local level to the state level and then, if allowable, the national level. The National DNA Index System (NDIS) is managed by the FBI as the nation’s DNA database containing DNA profiles uploaded by law enforcement agencies across the United States. NDIS is the highest level in the CODIS hierarchy and enables the laboratories participating in the CODIS program to electronically compare DNA profiles on a national level. The State DNA Index System (SDIS) is used at the state level to serve as a state’s DNA database containing DNA profiles from local laboratories and state offenders. The Local DNA Index System (LDIS) is used by local laboratories.
The objectives of our audit were to determine if the: (1) Laboratory was in compliance with the NDIS participation requirements; (2) Laboratory was in compliance with the Quality Assurance Standards (QAS) issued by the FBI; and (3) Laboratory’s forensic DNA profiles in CODIS databases were complete, accurate, and allowable for inclusion in NDIS.
We determined that the Laboratory was generally in compliance with those standards governing CODIS activities that we reviewed. Specifically, we found that the WSPCL complied with the Quality Assurance Standards for the areas we tested. However, we noted two exceptions during our review, as follows:
- The WSPCL did not adequately secure CODIS servers to prevent unauthorized personnel from gaining access to the computer equipment and stored data.
- Of the 100 forensic DNA profiles we sampled, 6 were unallowable and 1 was incomplete according to NDIS participation requirements. The WSPCL removed all of these profiles from NDIS.
As a result of our audit, we made two recommendations to ensure the Laboratory’s compliance with standards governing CODIS activities, which are discussed in detail in the Findings and Recommendations section of the report. Our audit scope and methodology are detailed in Appendix I of the report and the audit criteria are described in Appendix II.
We discuss these matters in the Findings and Recommendations Section of the report. Additionally, we discussed the results of our audit with Laboratory officials and have included their comments in the report, as applicable. In addition, we requested written responses to our draft report from the Laboratory and the FBI, which are included in Appendices III and IV, respectively. Our audit objective, scope and methodology appear in Appendix II of this report.
- DNA, or deoxyribonucleic acid, is genetic material found in almost all living cells that contains encoded information necessary for building and maintaining life. Approximately 99.9-percent of human DNA is the same for all people. The differences found in the remaining 0.1-percent allow scientists to develop a unique set of DNA identification characteristics (a DNA profile) for an individual by analyzing a specimen containing DNA.