Skip to content Skip to main navigation Skip to footer

Security Checks

Security Checks are an optional KeepnTrack add-on. Contact our Sales Team if you’re interested in adding it to your account!

See if you are licensed for Checks by going to Help > About Keepntrack.

Table of Contents
  • You need to purchase an add-on to your license in order to run security checks.
  • Security checks require tokens. Contact our Sales Team to refill your tokens.
  • There are two types of checks: Sex Offender Registry checks (SOR), and Criminal Background Checks (CBC).
  • Checks can be run from Users Management, or be set up to run automatically when users of certain roles sign in to kiosks.
  • History is kept for 2 years and is automatically removed after that period.

In order to perform checks, the account must be registered for checks, there must be enough tokens, and the operator must have permissions to run checks. Set operator permissions in Security, and make sure your operators are assigned the correct security group in Users > Security > Access.

Checks can run automatically in kiosks, so you will go through a similar process in the Attended Kiosk. However, for this informational page, we will concentrate on performing checks from the Security tab of Users Management.

Open Users and go to the Security tab > Checks subtab.

Determination. Establishes the standing of this person, usually because of checks or other security reasons. You can change this field manually, without running checks or being subscribed to the Security Checks service. Values are:

  • Undetermined = nothing has been set. You can also manually reset determinations by changing them to this value.
  • Pending = a check was run but no determination was made (or the operator chose to Defer); waiting on an operator. (Cannot be set manually.)
  • Always Allow = set manually. For example, students, or high-level administrators who always need to be able to sign in.
  • Always Deny = set manually. You may use this for a person who has been blocked from the premises for reasons other than a check, or for a check run outside of KeepnTrack.
  • Access Allowed = this person can sign in. This is set automatically when there are no check results, or when a determination was made on results. (Cannot be set manually.)
  • Access Denied = this person cannot sign in. This is set when a determination was made on results. When an operator chooses to ‘Allow Once’ the determination is set to this value. (Cannot be set manually.)

Users with a determination of Pending, Access Denied, or Always Deny can not sign in to kiosks.

Sex Offender Checks

SOR checks run against databases that are contained in the national sex offender registry.

  • Last SOR Check. The last time a sex offender check was run on this person.
  • Run by. The operator who ran the last check. If the check was run automatically it will show the operator who signed in to (set up) the kiosk.
  • Check Note. Optional note when making a determination. (If there were no possible matches, there will be no note.)

SOR Check Expiration. The date after which a SOR check will automatically run if the person tries to sign in to a kiosk. This date is based on your Preferences > Checks. If the date shows ‘expired’ that means it’s in the past and will be run again; if the date shows in the future it means it has not expired; if the date shows ‘never expires’, it means your setting is to NOT run the check again automatically.

Perform Sex Offender Check (1 token). Press this button to run the SOR check, which takes 1 token. If this person’s check expiration is in the future (i.e. it hasn’t expired), and there is a previous SOR check record, you will not be charged tokens and instead will see that previous check.

Background Checks

Background checks run against national databases, including those contained in the national sex offender registry.

Consent for Background Checks. FCRA requires that people get consent before running checks. Be sure to notify visitors that they may be checked by signing in to your kiosks. This field keeps track of people consenting to receive background checks; usually you ask this question on their volunteer application.

  • Last Background Check. The last time a background check was run on this person.
  • Run by. The operator who ran the last check. If the check was run automatically it will show the operator who signed in to (set up) the kiosk.
  • Check Note. Optional note when making a determination. (If there were no possible matches, there will be no note.)

CBC Check Expiration. The date after which a background check will automatically run if the person tries to sign in to a kiosk. This date is based on your Preferences > Checks. If the date shows ‘expired’ that means it’s in the past and will be run again; if the date shows in the future it means it has not expired; if the date shows ‘never expires’, it means your setting is to NOT run the check again automatically.

Perform Background Check (2 tokens). Press this button to run the CBC check, which takes 2 tokens. If this person’s check expiration is in the future (i.e. it hasn’t expired), and there is a previous background check record, you will not be charged tokens and instead will see that previous check.

Checks in Kiosks

Checks can run automatically in self-service or attended kiosks. In a self-service kiosk, as long as there are no matches, the visitor will be able to continue signing in. If there are any possible matches, however, they won’t be able to sign in and are directed to an attended kiosk. In an attended kiosk, the operator can make check determinations.


Set up rules and alerts for checks.

Token balance. The number of tokens you have left.

Token Alert. When tokens get below 50, KeepnTrack sends an email notification to the email entered here.

SOR Checks

  • SOR Frequency.
    • Disabled. SOR checks can’t be run.
    • On-demand. SOR checks can only be run manually (via Users Management).
    • Automatic. Checks will run on visitors when they sign in, if their check has expired (based on the SOR Checks Again After setting). “Automatic” for SOR only ever means a user of the default role only: Visitor (Role 0). In other words, if the person is also a Role 2 Student KnT doesn’t run SOR checks automatically on them.
  • SOR Checks Again After.
    • Run Once. The first time a person signs in, the check will run on them, but after that the check will never expire. This is useful to make sure checks are run on visitors on their first visit.
    • xxx Days. You can set up frequency of checks according to your security policies. e.g. If Volunteers must be re-checked every year.

CBC Checks

  • CBC Frequency.
    • Disabled. CBC checks can’t be run.
    • On-demand. CBC checks can only be run manually (via Users Management).
    • Automatic. Checks will run on users when they sign in, if their check has expired (based on the CBC Checks Again After setting). “Automatic” for CBC means users who have more than the single role of Visitor—choose which roles will be checked.
  • CBC Checks Again After.
    • Run Once. The first time a person signs in, the check will run on them, but after that the check will never expire. This is useful to make sure checks are run on volunteers on their first visit.
    • xxx Days. You can set up frequency of checks according to your security policies. e.g. If Volunteers must be re-checked every year.
  • Automatically check. Pick the roles that are subject to CBC checks. Note “Role 1” and “Role 2” are terms set in your Roles Preferences.

You can turn on certain alerts for security checks, at your site or system (all sites) level. Add contacts who will be notified.

Text alerts are not yet available, but email alerts are up and running.

  • Alert when a person who is Access Denied attempts to sign in. You may want a security officer to receive an alert if a person who has previously been denied access is trying to sign in.
  • Alert for kiosk checks that result in Failed (deny access). If a check is run on a person and the operator determines they are a match and should be denied access, you may want to alert an admin or security officer to help the operator escort the person off the premises.
  • Alert for possible matches in Self-Service kiosks. These will be quite common so usually you would want this off. However, if you have a true self-service kiosk with no operators in sight to monitor it, you would want to turn on this preference so someone is alerted that a possible offender is trying to access.
  • Alert Contacts. Enter the names and contact information (phone and/or email) for people who should be notified (limited to 3). COMING SOON The phone number will be used to send a brief text message containing the name of the kiosk (messaging rates may apply).

Checks History report

Get a history of checks, including the purchase of check tokens.