Audit of the Sex Offender Registry Board (October 25, 2023)
October 25, 2023 · Sex Offender Registry Board · Read the full official report on mass.gov ↗
source
“SORB does not have a documented and tested business continuity plan and disaster recovery plan.”
Read the plain-English breakdown
This is a Massachusetts State Auditor performance audit of the Sex Offender Registry Board covering July 1, 2019 through June 30, 2021.
“In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has performed an audit of the Sex Offender Registry Board (SORB) for the period July 1, 2019 through June 30, 2021.”
The audit checked whether SORB fixed problems found in an earlier audit and whether it had plans to keep operating during disruptions or disasters.
“The objective of our audit was to follow up on the issues identified in our prior audit report (No. 2016-1408-3S) to determine what measures, if any, SORB had taken to address those issues, as well as the adequacy of those measures.”
If classifications or addresses are late or incomplete, the public and police may not have information they need about certain offenders.
“As a result, the sex offenders’ names, addresses, offenses, and registration statuses were not posted to SORB’s website for level 2 and 3 sex offenders and were not otherwise available to the public.”
For an ordinary resident, this matters because the registry is meant to help protect the public, especially children and people with disabilities.
“This could endanger children, people with disabilities, and the general public.”
SORB acknowledged some problems and said it would make changes, but the auditor said timely, accurate information remains essential.
“We believe SORB could address the issues raised in this finding if SORB enacts the changes proposed in its response to our recommendations.”
The auditor said the office would follow up to check whether SORB actually made the promised changes.
“We will be conducting a post-audit review to ensure that SORB has implemented these changes.”
The report is significant because it found repeat weaknesses in basic public-safety functions: classification, address tracking, and emergency preparedness.
“In our current audit, we again found that SORB did not ensure that all sex offenders were assigned their final classifications at least 10 days before their earliest possible release dates.”
SORIS2 is the main computer registry used by SORB and law enforcement to track registered sex offenders.
“The Sex Offender Registry Information System (SORIS2) is a web-based sex offender registry overseen by the Executive Office of Public Safety and Security for use by SORB, as well as by state and local police departments and federal law enforcement, to keep track of registered sex offenders and to identify possible suspects when a sexual offense has been committed.”
What the Auditor checked
- Did not comply Did SORB assign final classifications of sex offenders at least 10 days before their earliest possible release dates, as required by Section 178E(a) of Chapter 6 of the General Laws?
- Complied Did SORB give priority scheduling for classification hearings to determine risk levels of sex offenders involved in crimes against children or persons with disabilities and youthful sex offenders, as required by Section 178K(3) of Chapter 6 of the General Laws?
- Did not comply Did SORB use Department of Revenue and other executive branch agency information available to it under Section 178F of Chapter 6 of the General Laws to identify sex offenders who may be in violation?
- Did not comply Did SORB establish a business continuity plan and a disaster recovery plan in accordance with the Executive Office of Technology Services and Security’s (EOTSS’s) Business Continuity and Disaster Recovery Standard IS.005?
What the Auditor found
Why it matters: Sex offender information was not posted or otherwise available to the public, creating a public safety risk.
Standard: Section 178E of Chapter 6 of the Massachusetts General Laws requires SORB to classify a sex offender at least 10 days before the offender’s earliest possible release date. ( Section 178E of Chapter 6 of the Massachusetts General Laws )
2 recommendations
- SORB should collaborate with correctional facilities to establish more reliable procedures for providing anticipated release dates.agency: agreed
- SORB should track the progress of each sex offender’s classification process, including identifying delays or issues and addressing them, to ensure final classifications are assigned at least 10 days before earliest release dates.agency: agreed
Agency response & Auditor reply
Agency: "SORB will continue to track the progress of each sex offender’s classification process closely and minimize any delays while continuing to ensure each offender is afforded due process as required by law."
Auditor: "In its response, SORB acknowledges that 86 of the 103 sex offenders identified by the audit did not receive a final classification at least 10 days before their earliest possible release dates."
Why it matters: SORB may not communicate accurate sex offender location, offense, and classification information to law enforcement and the public, creating a public safety risk.
Standard: Section 1.26(5) of Title 803 of the Code of Massachusetts Regulations requires SORB to keep the registry up-to-date and accurate; Section 178F of Chapter 6 of the General Laws requires SORB to obtain sex offender addresses from executive branch agencies when there is reason to believe a required registrant has not registered. ( Section 1.26(5) of Title 803 of the Code of Massachusetts Regulations; Section 178F of Chapter 6 of the General Laws )
2 recommendations
- SORB should use all interdepartmental service agreements with executive branch agencies to conduct address verification data matching for sex offenders considered in violation.agency: agreed
- SORB should update SORIS2 with all updated address information received through address verification data matching with executive branch agencies.agency: agreed
Agency response & Auditor reply
Agency: "SORB will continue to utilize established [interdepartmental service agreements] with various executive branch agencies to ensure that it regularly obtains sex offender address information for offenders who are considered in violation."
Auditor: "Both this regulation and the above-cited section of the General Laws require SORB to update SORIS2 to include the most up-to-date address SORB has, which it can obtain through address verification data matching with executive branch agencies."
Why it matters: SORB may be vulnerable to a disruption of services if its information technology systems are inoperable for an extended period.
Standard: EOTSS’s Business Continuity and Disaster Recovery Standard IS.005 requires agencies to establish a business continuity program and develop, maintain, and annually test disaster recovery plans. ( EOTSS Business Continuity and Disaster Recovery Standard IS.005, Section 6 )
2 recommendations
- SORB should develop, document, and test a business continuity plan and disaster recovery plan.agency: agreed
- SORB should select an offsite location to recover SORIS2 data, then update and test its disaster recovery plan and incorporate test results into the plan.agency: disagreed
Agency response & Auditor reply
Agency: "SORB has since finalized a Business Continuity and Disaster Recovery Plan and will test its plan later this summer."
Auditor: "The regulations from EOTSS are clear in assigning each agency the responsibility of creating a business continuity plan and disaster recovery plan and stating that each agency should include the minimum operating requirements to restore business functions, applications, and services in a timely manner in these plans."
Prior findings revisited
"In our prior audit (No. 2016-1408-3S) of the Sex Offender Registry Board (SORB), we found that SORB did not assign final classifications for 63 incarcerated first-time sex offenders at least 10 days before their earliest possible release dates."
"In our prior audit (No. 2016-1408-3S) of SORB, we found that SORB did not ensure that it had current addresses for sex offenders considered in violation."
More audits of this entity
Other Office of the State Auditor reports on Sex Offender Registry Board , including the prior audits referenced above.
- Sex Offender Registry Board (SORB)Authority / Commission · September 26, 2017
- The Examination Of Information Technology Controls At The Sex Offender Registry BoardAuthority / Commission · FEBRUARY 15, 2011