Serving Colorado's Counties
Menu
Counties rely on secure technology systems to deliver essential services, from 911 dispatch to property tax systems, court records, and public health. Cybercriminals know this, and increasingly target public-sector networks and cloud environments, hoping to exploit vulnerabilities and disrupt operations.
Understanding the risks associated with both on-premises networks and cloud-based systems is crucial for maintaining security, safeguarding sensitive data, and protecting public trust.
A county's network serves as the digital backbone, connecting departments, employees, and citizens. Because it supports everything from law enforcement to payroll, a compromised network can grind operations to a halt. Common threats include ransomware, insider misuse, and exploitation of unpatched software.
Attackers often gain entry through weak passwords, outdated systems, or phishing emails. Once inside, they can move laterally across the network, escalating privileges until they control critical systems.
Cloud services provide counties cost savings, flexibility, and scalability, but they also introduce new risks. Misconfigured settings, weak access controls, and reliance on third-party providers can expose sensitive citizen data if not carefully managed.
Cybercriminals exploit common missteps such as publicly exposed storage buckets, shared administrator accounts, or poorly monitored application programming interfaces (APIs). A single mistake in a cloud configuration can leave thousands of records vulnerable.
Counties depend on secure networks and cloud systems to protect public safety, financial stability, and community trust. A single breach can put citizen data at risk, disrupt emergency response, and lead to costly recovery efforts. To reduce these risks, CTSI encourages providing regular cybersecurity training so staff can spot phishing attempts and other threats, adopting clear policies for system access, password use, and personal devices, and holding vendors accountable by requiring strong security measures in their contracts. It’s also important to invest in continuity planning so essential services can continue during an outage, and to build a workplace culture where employees feel confident pausing, verifying, and reporting anything unusual. For more information, contact CTSI at (303) 861-0507.
If a county vehicle is involved in an accident and declared a total loss, understanding the process and available options under CAPP is essential. A vehicle is typically considered a total loss when the estimated repair cost exceeds 80% of its current market value.
If the county vehicle is declared a total loss, a CAPP adjuster will determine its actual cash value using industry-accepted research guides, mileage, condition, and comparable vehicle data. Once the value is established, CAPP will issue payment to the county, less the $1,500 deductible.
In some cases, CAPP may sell the vehicle for salvage to reduce the overall claim cost to the pool. If CAPP does not retain the vehicle, the county may choose to:
Prompt communication is key. Counties should notify their CAPP adjuster of their decision as soon as possible so the claim can move forward, and unnecessary delays or costs can be avoided.
If a total loss vehicle is stored in a yard, it is the county’s responsibility to arrange removal, since storage fees can accumulate quickly if the vehicle remains. When CAPP takes possession for salvage, CAPP will arrange and cover removal. Maintaining close communication with the claims adjuster helps clarify responsibilities, prevent unnecessary costs, and keep the process moving smoothly.
If a county chooses to repair a total loss vehicle, specific steps must be followed before it can be placed back into service. The vehicle must be restored to safe driving condition, inspected by the Department of Motor Vehicles, and issued a salvage title.
Vehicles with salvage titles are legal to operate in Colorado and may be insured. However, coverage is limited to liability only. Collision and comprehensive coverage are no longer available, as CAPP has already paid the market value of the vehicle.
If the repaired vehicle is later involved in another accident, liability coverage for third parties will still apply under the CAPP policy. However, any damage to the salvage-titled county vehicle itself will not be covered. This limitation is important to consider when weighing whether to keep, sell, or repair a total loss vehicle.
When a county vehicle is deemed a total loss, factors such as reimbursement amount, repair or storage costs, and the limits of liability-only coverage on salvage-titled vehicles should all be considered. Reviewing these points with a CAPP claims adjuster can help determine the most appropriate course of action for the county. For assistance, please contact CTSI at (303) 861-0507.
Criminal background screening depends on the quality and scope of the information collected. There is no single comprehensive database for criminal records; instead, background checks draw from multiple sources. The accuracy of a screening report is influenced by the sources consulted, the technology applied, and the compliance practices of the provider. For counties, understanding these factors is important for making sound employment decisions. This Technical Update is the third in a three-part series on criminal background screening.
Criminal history information can be accessed through a variety of sources, each with strengths and limitations:
Because no single source is fully reliable, the best practice is to use multiple sources and validate critical findings directly with court records.
Counties must adopt strategies that maximize accuracy and fairness in the screening process. This includes providing applicants with notice and obtaining authorization in compliance with the Fair Credit Reporting Act (FCRA), and ensuring that searches cover all relevant jurisdictions where an applicant has lived, worked, or studied. For positions of greater sensitivity, such as law enforcement or child services, counties may need to supplement database searches with fingerprint-based checks and professional license verifications.
Counties can strengthen their background screening programs by:
The rise of remote and mobile workforces means applicants may have records in multiple jurisdictions, making thorough checks more complex. Cybersecurity and data accuracy remain concerns. According to the Bureau of Justice Statistics, about 30% of state criminal history records lack final disposition information, leading to incomplete or misleading results. Counties should be cautious about relying solely on bulk databases that may not reflect the whole picture.
Technology has introduced new opportunities and risks. Artificial intelligence is being used to accelerate record matching and identify potential issues, but it must be closely monitored to prevent bias or errors. Counties should demand transparency from providers about how automated tools are used in the screening process.
Background screening remains a powerful tool for reducing risk and building public trust, provided it is thorough, fair, and compliant. Counties that understand the strengths and weaknesses of various record sources, stay current with technology, and apply clear, consistent policies are better positioned to hire safely while protecting the rights of applicants. For questions, please contact CTSI at (303) 861-0507.
Criminal background checks are indispensable tools for counties, but they are also legally sensitive processes. Employers must navigate a complex web of federal, state, and local requirements while maintaining fairness and accuracy. A well-structured compliance program protects both applicants’ rights and the employer's interests. This Technical Update is the second in a three-part series on criminal background screening.
The Fair Credit Reporting Act (FCRA) remains the central federal law regulating background checks conducted by third-party providers, or consumer reporting agencies (CRAs). Under the FCRA, counties must provide applicants with clear disclosure, obtain written authorization, and supply notices if adverse action is considered. The process includes providing applicants with a copy of their report and a summary of rights, then waiting a reasonable period for corrections before finalizing any decision.
The Equal Employment Opportunity Commission (EEOC) enforces anti-discrimination laws and regulations. Employers must show that any hiring decision based on criminal history is job-related and consistent with business necessity. This means evaluating the seriousness of the offense, how long ago it occurred, and its relevance to the duties of the job. Blanket exclusions are discouraged, and individualized assessments are recommended.
Over the past decade, state and local regulations have expanded significantly. In Colorado, “ban-the-box” laws prohibit employers from asking about criminal history on initial job applications, ensuring candidates are first considered based on their qualifications. Counties must stay current on these and other state requirements to ensure fair hiring practices and compliance.
Privacy laws also add complexity. Legislation such as the Colorado Privacy Act (CPA) and similar state-level statutes grant applicants new rights over how their data, including criminal history, is collected and stored. Counties must ensure that their screening providers have in place the necessary safeguards to comply with data privacy obligations.
Counties must follow key requirements when conducting criminal background checks:
Remote work has widened applicant pools, increasing the need for multi-jurisdictional searches. Digital platforms and AI are increasingly used to streamline screenings, but they require careful oversight to ensure fairness and compliance. Courts continue to uphold employer liability in negligent hiring claims, underscoring the need for consistent practices. A 2023 report found that 85% of employers identified inaccuracies in consumer reports during disputes, highlighting why consistent, compliant adverse action procedures are essential.
When conducting criminal background screenings, be sure to follow the most recent regulations and guidelines. If you have any questions, please contact CTSI at (303) 861-0507.
Criminal background screening is a standard component of the hiring process for counties. Employers must navigate evolving legal requirements, respond to community expectations, and manage the use of new technologies in screening. Negligent hiring claims continue to present risks, making it important for hiring practices to remain thorough, consistent, and compliant. This Technical Update is the first in a three-part series on criminal background screening.
Counties rely on background checks to create safe workplaces and reduce liability. By carefully reviewing applicant histories, employers can prevent harm to employees, residents, and property. A 2023 Professional Background Screening Association (PBSA) survey found that 94 percent of employers conduct background checks on at least some applicants, a clear indication of the practice’s importance.
For counties, the stakes are exceptionally high. Positions involving law enforcement, public safety, or work with vulnerable populations require higher standards. Failure to screen effectively can lead to lawsuits, financial loss, and reputational damage.
Negligent hiring claims remain a significant concern. Courts continue to hold employers responsible if an employee causes harm that a reasonable screening process could have prevented. For counties, this risk is especially high given the safety-sensitive nature of many roles, from law enforcement to public works.
Examples of risks:
Most counties rely on consumer reporting agencies (CRAs) to conduct background checks. These agencies, regulated by the Fair Credit Reporting Act | Federal Trade Commission, provide access to county, state, and federal records that individual employers could not gather on their own. Working with a CRA can improve both accuracy and efficiency, but counties must choose providers carefully. Accreditation by PBSA is one indicator of quality.
Counties should adopt clear policies on criminal background screening that balance safety with fairness. This starts with identifying which positions require checks, such as roles involving vulnerable populations, financial responsibility, or operation of county vehicles. Policies must be applied consistently so that all applicants for similar positions are evaluated under the same standards, reducing both risk and the appearance of bias.
It is also important to provide training for HR staff and hiring managers so they understand the county’s procedures as well as the legal requirements under the FCRA, EEOC, and relevant state laws. Regularly reviewing and updating these policies helps counties stay compliant while ensuring their hiring practices remain both effective and equitable.
The regulatory and social environment has changed significantly. Over 37 states and more than 150 localities now have “ban-the-box” laws, which restrict when employers can inquire about criminal history. Privacy protections have expanded through legislation such as the Colorado Privacy Act (CPA). At the same time, the rise of remote work has broadened applicant pools across jurisdictions, requiring more complex searches.
Background checks remain a critical tool, but the landscape has changed. By working with reputable third-party providers, staying current on legal requirements, and applying screening policies fairly, counties can reduce liability while promoting safe, equitable hiring. For questions, please contact CTSI at (303) 861-0507.
The Family and Medical Leave Act (FMLA), enacted in 1993, guarantees eligible employees up to 12 weeks of unpaid, job-protected leave in a 12-month period for specific family and medical reasons. This federal law applies to all public agencies, including counties, regardless of size.
To be eligible, employees must:
Qualifying events include:
The U.S. Department of Labor (DOL) has made it clear that once an employer is aware that an absence qualifies for FMLA, it must be designated as such immediately. Neither the employer nor the employee can delay the designation or classify the absence under a different type of leave first.
For example, an employee cannot take two weeks of paid vacation and then begin 12 weeks of FMLA for the same qualifying event in order to extend their time away. Paid leave can run concurrently with FMLA, but it does not extend the 12-week entitlement.
Employers may choose to offer additional paid or unpaid leave beyond FMLA requirements, and state or local laws may grant greater rights than federal law.
FMLA leave cannot be used as a factor in any adverse employment decision, including termination, demotion, or disciplinary action. Even if other reasons for the action exist, the mixed-motive standard applies. If the employee’s use of FMLA leave was even a minor factor in the decision, it can be considered retaliation and a violation of the law.
Courts have repeatedly upheld this standard. In one case, an employee on intermittent FMLA leave had his position eliminated. The court ruled in the employee’s favor because the timing and circumstances suggested that the leave was a factor in the decision, even if other business reasons were present.
Employers must also be careful with performance metrics during FMLA leave. Employees cannot be disciplined for failing to meet productivity goals, deadlines, or attendance requirements when the shortfall is due to approved FMLA leave.
However, it is permissible to withhold bonuses or awards tied to perfect attendance or performance benchmarks if all employees who miss work for any reason, including vacation, are held to the same standard.
Counties should take special care to avoid these frequent mistakes:
For counties, compliance with FMLA is not optional and requires careful administration. Qualifying leave must be designated immediately, cannot be reclassified, and cannot be considered in employment decisions. Prevention of retaliation, intentional or inadvertent, must be a priority. Supervisors, County Managers/Administrators, and HR teams should work together to ensure consistency, fairness, and compliance in every case. For questions, please contact Siri Vensel via email or at (303) 861-0507.
Vandalism is a common cause of property damage claims for counties. Whether it’s graffiti, broken windows, stolen equipment, or even deliberate fires, these incidents are costly, disruptive, and sometimes dangerous.
The 2025 CAPP Property Policy generally defines vandalism as the willful and malicious destruction or defacement of property. Coverage typically applies to:
Recent covered claims include:
It’s important to understand the Occurrence Limit of Liability Clause in the property policy. This clause sets the maximum amount the insurer will pay for any one occurrence, no matter how many locations are affected.
For vandalism and malicious mischief, an occurrence means any one loss or series of related losses arising from a single event within a continuous 72-hour period. When filing proof of loss, you may choose when that 72-hour period begins, but it cannot be earlier than the time of the first loss.
The insurer’s liability is limited to the lesser of:
This means if multiple acts of vandalism occur as part of one continuous incident (e.g., widespread damage during a protest over two days), they will be considered a single occurrence for claim purposes.
Certain losses are excluded from vandalism coverage under the property policy, including:
Insurance provides financial recovery, but prevention is the most effective way to limit loss and disruption. CTSI recommends a layered prevention strategy:
1. Lighting & Surveillance
2. Physical Barriers
3. Protective Landscaping
4. Creative Deterrents
5. Graffiti Management
6. Community Engagement
For counties, the property policy protects most intentional acts of property damage, though specific exclusions apply and should be reviewed carefully. The Occurrence Limit of Liability means that any related vandalism incidents within a continuous 72-hour period are considered a single occurrence for claim purposes, which may impact the total payout. Proactive prevention measures, such as improved lighting, surveillance systems, and reinforced building materials, are key to reducing risk. When vandalism does occur, taking immediate action, especially with graffiti removal, helps prevent permanent damage and discourages repeat offenses. For questions about coverage or to develop a tailored prevention plan, contact CTSI at (303) 861-0507. This is only an overview; please review the CAPP Policy for coverage details. All claims must be submitted promptly for CTSI to review and determine coverage.
The Colorado Counties Casualty & Property Pool (CAPP) continues to provide broad insurance coverage tailored to the needs of member county governments. Over the years, there has been a growing trend of outside organizations and event sponsors requesting coverage under a county’s CAPP policy. While counties may wish to support these efforts, it’s essential to understand the limits and risks involved.
Counties should always transfer risk when possible by including specific language in contracts that requires the other party to obtain their own insurance. That party should then provide a valid certificate of insurance naming the county as an additional insured. Verbal assurances that coverage is in place should never be accepted as a substitute for documentation.
We encourage all CAPP members to review contracts, intergovernmental agreements (IGAs), and Memorandums of Understanding (MOUs) to ensure they don’t unintentionally commit to providing CAPP insurance for non-county operations.
For example, suppose a county enters into an agreement or provides funding for an independent ambulance or fire department. In that case, those entities must maintain their own insurance unless CTSI has granted written approval to extend CAPP coverage to them.
In limited circumstances, a county may request written approval from CTSI to extend CAPP coverage to a Sponsored Entity, a nonprofit or quasi-governmental agency with a close operational relationship to the county. Sponsored Entities must meet the criteria outlined in the CAPP and CWCP Operations Manual (document page #52), available in the Members Only section at www.ctsi.org. The County Workers’ Compensation Pool has similar standards for workers’ compensation eligibility.
We’ve also seen increasing interest in using county property for high-risk recreational activities. While CAPP does offer broad coverage, it is specifically designed for the homogeneous exposures of county operations.
Before allowing these types of activities, counties should carefully consider two questions:
For example, a county that was considering permitting a motocross course on public property was informed that the activity fell outside of CAPP’s acceptable risk profile due to the high liability potential and lack of operational alignment with county services.
Extending county insurance coverage beyond official operations, even with the best intentions, can introduce significant risk, legal exposure, and financial liability to your county and the CAPP pool as a whole. Counties must remain vigilant in evaluating requests for coverage, especially when engaging with outside organizations or permitting higher-risk activities on county property.
A proactive risk management approach is essential. This includes:
By following these practices, counties help maintain the financial integrity of the pool, avoid unnecessary claims, and demonstrate responsible stewardship of taxpayer resources. For support with insurance language, contract reviews, or CAPP eligibility questions, please contact CTSI at (303) 861-0507.
