Print Manual

Supplemental Guide For Web Services Users

EVerify Logo

Supplemental Guide for Web Services Users | Current as of September, 2019

How to Download Our Manuals in PDF (PDF, 152.73 KB)

USCISLogo.png

Last Reviewed/Updated:

1.0 Introduction

This guide outlines processes, rules and responsibilities for employers and employer agents enrolled in E-Verify through a Web service. Users must follow the guidelines set forth in the E-Verify Memorandum of Understanding (MOU) and the rules and responsibilities outlined in this guide and other applicable E-Verify guidance.

For purposes of this guide, the term “employer” means any person, company, or other entity who is required to complete Form I-9, Employment Eligibility Verification, including any individual with an E-Verify user account.

The term “E Verify employer agent” means any person, company, or other entity who provides the service of verifying employees as a third party to clients (employers) through the use of E-Verify.

The term ‘user’ refers to any members of the E-Verify employer agent who is granted access to E-Verify functionality, whether through the traditional Web portal or a Web service platform.
Employers and E-Verify employer agents who use E-Verify through a Web service have chosen to develop software that interfaces with E-Verify to create cases for newly hired employees and/or certain employees of Federal Contractors with federal contracts subject to the FAR E-Verify clause.

Employers and E-Verify employer agents using a Web service are held to specific requirements for the verification process, in addition to requirements for development and maintenance of their interface. E-Verify employers and employer agents using Web services are required to properly train all users on E- Verify policies and procedures. The E-Verify training for Web Services will provide training requirements and guidelines for employers and E-Verify employer agents who use E-Verify through Web services to create training for their users.

GETTING STARTED

Employers and E-Verify employer agents enroll in E-Verify online. Additional information regarding enrollment is found at www.E-Verify.gov.

The web services access method requires an employer to develop software that interfaces with E-Verify to create and manage cases. The employer’s software should extract data from its existing system or an electronic Form I-9 and transmit the information to E-Verify. Employers who choose this option receive a web services Interface Control Agreement (ICA) which contains the information used to develop and test the software interface. Both employers and E-Verify employer agents can use this access method.  Simple Object Access Protocol (SOAP) and Representational State Transfer (REST) are both communication protocols available to employers and E-Verify employer agents.

WEB SERVICES TECHNICAL CERTIFICATION PROCESS OVERVIEW

User requests Web Services CertificationUser can request the certification at their convenience
Certification testTest instructions and custom test data are provided to the user
User produces initial resultsUser enters test data and provides case information
Web Service Interface is validatedCase results are validated along with additional responses
Complete and close casesUser completes the verification process
Web Services CertificationProduction URL and User ID are provided to user

E-Verify Rules and Responsibilities

It is the employer’s and E-Verify employer agent’s responsibility to ensure proper use of E-Verify and protection of employee workplace rights. You should periodically review all of the program rules and responsibilities with your users. Web services users must follow the guidelines below in the Responsibilities Overview.

RESPONSIBLITIES OVERVIEW

Web services employers and E-Verify employer agents MUST:

  • Upgrade their software within specified timeframes for each update or new version of E-Verify. Perform necessary maintenance on the Web services interface in accordance with ICA requirements.
  • Update the company's E-Verify profile within 30 days of receiving a Federal Contract with FAR clause award date.
  • Follow E-Verify procedures for each newly hired employee while enrolled/participating in E-Verify.
  • Notify each job applicant of E-Verify participation by clearly displaying the most current version of the Notice of E-Verify Participation and the Right to Work posters in English and Spanish. You may also display the posters in other languages provided by DHS.
  • Complete Form I-9 for each newly hired employee before creating a case in E-Verify.
  • Obtain a Social Security number (SSN) from each newly hired employee on Form I-9.
  • Create a case for each newly hired employee no later than the third business day after he or she starts work for pay.
  • Provide each employee with notice of and the opportunity to take action on a Tentative Nonconfirmation (Mismatch).
  • Download the Further Action Notice before referring the case.
  • Ensure that all personally identifiable information (PII) is safeguarded and notify DHS immediately if a breach of PII occurs.
  • Not take adverse action against or terminate an employee because he or she received a Mismatch result, unless E-Verify issues a case result of Final Nonconfirmation.
  • Contact E-Verify if you believe an employee has received a final nonconfirmation in error.
Last Reviewed/Updated:

1.1 Information Security Requirements

Employers and employer agents who use E-Verify through a Web service must ensure that information they share through the Web service software  with DHS is appropriately protected through means that are comparable to security provided within the DHS environment. The following are best practices to achieve information security:

  • Conduct periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the DHS, SSA, and the Web service E-Verify Employer, E-Verify employer agent and its clients.
  • Develop policies and procedures that are based on risk assessments, reduce information security risks to an acceptable level, and ensure that information security is addressed
  • Implement subordinate plans for providing adequate information security for networks, facilities, information systems, or groups of information systems, as appropriate.
  • Conduct security awareness training for Web services users, contractors and others who use the information systems to support operations and manage assets. This training informs the users of the information security risks and responsibilities associated with their activities in complying with organizational policies and procedures designed to reduce these risks.
  • Develop periodic testing to evaluate the effectiveness of information security policies, procedures, practices, and security controls. The frequency of this testing and evaluation depends on the level of risk, but must be conducted at least once per year.
  • Develop a corrective process sometimes referred to  as a “Corrective Action Plan.” This plan implements, evaluates and documents remedial actions addressing any deficiencies in information security policies, procedures, and practices.
  • Implement security incident procedures for detecting, reporting, and responding to incident, sometimes referred to in security circles as a “Significant Incident Report (SIR)” or “Security Incident Report.”
  • Create continuity of operations (COOP) plans and procedures to ensure ongoing operations for information systems that support the operations and assets of the organization.
  • Establish the appropriate rules for the use and protection of information, as the ultimate  responsibility for sharing or providing information rests with the information owner.
Last Reviewed/Updated:

1.2 Privacy Breaches

Notify DHS immediately if a breach of personal information occurs. Breaches are defined as loss of control or unauthorized access to E-Verify personally identifiable data. All suspected or confirmed breaches should be reported by calling 1-888-464- 4218 or via email at E-Verify@uscis.dhs.gov. Put “Privacy Incident-Password” in the subject line of the email sent to report the breach to E-Verify.

Last Reviewed/Updated:

2.0 Interface Updates

Employers and E-Verify employer agents using E-Verify through Web services are required to update as new versions of E-Verify become available. After the DHS system enhancement, Web service employers and E-Verify employer agents have six months from the date DHS notifies them to update their systems. The DHS notice comes in the form of an updated Interface Control Agreement (ICA) and memorandum or email. Web services E-Verify employers and E-Verify employer agents agree to institute ICA changes to their interfaces including all functionality identified and data elements.

If the Web service employer or E-Verify employer agent’s system enhancements are not completed to the satisfaction of DHS or its assignees within the required time period, access to E-Verify through the Web service may be denied. In addition, support for previous versions of E-Verify may no longer be available. Limited access to E-Verify via the Web browser will continue to be available.

Last Reviewed/Updated:

2.1 Termination

DHS has a vested interest in protecting the integrity of E-Verify. E-Verify may terminate without notice any system users who engage in behaviors resulting in security breaches, fraudulent use of the system, adverse actions against workers based upon the employer’s failure to follow E-Verify rules, policies or procedures, violation of privacy laws, or other legal requirements.

DHS may also terminate without notice, the access of any Web service employer or E-Verify employer agent who creates or uses an interface that conflicts with E-Verify procedures.

The Web Services E-Verify employer agent may terminate participation in E-Verify at any time upon 30 days prior written notice to the other parties. In addition, any employer represented by the Web Services E-Verify Employer Agent may voluntarily terminate its MOU upon giving DHS 30 days’ written notice.

The employer may terminate this MOU and its participation in E-Verify at any time upon 30 days prior written notice to the other parties.

Users who are federal contractors may voluntarily terminate their MOU when the federal contract that requires their participation in E-Verify is terminated or completed. See the chart below for more information.

IF... THEN...
A web service employer or E-Verify employer agent a federal contractor uses wishes to terminate its MOU when the federal contract requiring E-Verify participation is terminated or completed, the Web services employer or employer agent must provide written notice to DHS.
the Web services employer or employer agent does not provide written notice of its intent to terminate the MOU, that account remains active and the E-Verify participant remains bound by the terms of the MOU that apply to non-federal contractor participants. The employer or E-Verify employer agent must continue to use E-Verify to verify employment eligibility of all newly hired employees and cannot use E-Verify to verify existing employees.

 

Last Reviewed/Updated:

3.0 Resource And Contact Information

The E Verify public website is the primary resource for all E Verify information, but do not hesitate to contact us via phone or email. For easy access to online resources, USCIS suggests that employers bookmark or save the websites as favorites for easy access to them in the future.

E-VERIFY RESOURCES

E-Verify Public Website
  • General information about E-Verify
  • Program information and statistics
  • E-Verify user manuals
  • E-Verify quick reference guides
  • E-Verify questions and answers
  • Information about employee rights and employer obligations
www.E-Verify.gov/
E-Verify Enrollment Application
  • Website for initial employer enrollment
www.E-Verify.gov/E-Verify-enrollment

E-VERIFY CONTACT INFORMATION

The E-Verify Contact Center is available to help you with using E-Verify, password resets, cases and technical support. We can also answer your questions about E-Verify policies and procedures, Form I-9 and employment eligibility. We are available Monday through Friday, from 8 a.m. to 8 p.m. Eastern, except when the federal government is closed. For users with hearing and speech impairment, TTY phone is available from 8 a.m. to 8 p.m. Eastern, except when the federal government is closed.

For Employers

Phone: 888-464-4218
TTY : 877-875-6028

For Employees

Phone: 888-464-4218
TTY: 877-875-6028

Our normal response time for e-mail inquiries is two business days. If we need more time to respond, we’ll contact you within two business days to explain why we need additional time and provide you with an estimated response time.

U.S. Department of Justice, Civil Rights Division, Immigrant and Employee Rights Section (IER)

IER is available to answer your questions about immigration-related employment discrimination, including discrimination based on citizenship status, immigration status or national origin in the Form I-9 and E-Verify processes.

For Employers

Phone: 800-255-8155
TTY: 800-237-2515

For Employees

Phone: 800-255-7688
TTY: 800-237-2515

Equal Employment Opportunity Commission (EEOC)

EEOC is available to answer your questions about employment discrimination, including discrimination based on race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), national origin, age (40 or older), disability, or genetic information.

For Employers and Employees

Phone: 800-669-4000
TTY: 844-234-5122
Website: www.eeoc.gov
Last Reviewed/Updated: