Remaining compliant with CJIS in the cloud

Doug Owens
Director of Implementation

cloudSecurityFor Law Enforcement, the word “security” is taking on new meaning.

Today, security is as much about protecting information as it is about traditional policing definitions.

With an increasing amount of Law Enforcement information being stored in the cloud, department and public leaders are understandably concerned that the data is secure and protected.

With the SmartForce™ agency management system, you can be confident that your department’s vital data and documents are safe, secure, and compliant. Our commitment to security and protection of customer data is paramount, and SmartForce™ is fully compliant with federal data security regulations.

The need for security

The U.S. Department of Justice’s Criminal Justice Information Services (CJIS) Division issued updates to its security policy in October 2015. Also in 2015 the International Association of Chiefs of Police (IACP) issued its own guidelines recommending the use of cloud computing resources. The 12 IACP principles in short, are:

  1. Services must be CJIS-compliant.
  2. All criminal justice information (CJI) storage systems should use the highest common denominator.
  3. CJI storage and collection can be separated.
  4. Agencies should retain ownership of CJI.
  5. Service providers should not analyze stored data unless authorized by the law enforcement agency.
  6. Service providers should regularly audit, or allow law enforcement agencies to audit, use, access, performance and compliance with terms of agreements.
  7. Data stored in service provider solutions needs to be portable and interoperable with other systems without compromising security or data integrity
  8. Service providers must maintain data integrity of agency data and maintain access records that establish an accurate chain of custody.
  9. Service providers must ensure continuity of operations in the case of organizational changes to the service provider.
  10. Service providers must ensure confidentiality of stored data.
  11. Reliability, availability and performance must adhere to agreed-upon metrics. For critical services such as computer-aided dispatch, higher levels of availability and performance may be necessary.
  12. Departments should consider the total cost of ownership.

Remaining compliant

At Adventos, we take the issue of security compliance seriously. Our SmartForce™ agency management system runs on the Microsoft Government Cloud, a set of servers that is CJIS-compliant and has additional security features. In addition, Microsoft has signed the FBI CJIS Security Policy in more than 25 states (and the number is growing) that require information agreements. Finally, our contractual agreement includes Microsoft’s attestation to compliance with the CJIS guidelines.

As a company, we take several other steps to ensure that the data of customer agencies is secure. For example, we do not keep CJI on site. All employees are required to complete training on CJI and background screening is done on those employees with access to CJI.

We understand Law Enforcement’s need to keep and maintain the trust of the communities they serve. With SmartForce™, Law Enforcement can be confident that the data they store is protected, compliant and secure.

FacebooktwitterpinterestlinkedinFacebooktwitterpinterestlinkedin

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.