And criminal justice. And compliance. Coincidence? Clearly not.
Okay, we’re done being clever. After all, criminal justice information services (CJIS) is no joke.
An Acronym I Should Know?
Do you interact with, manage, or otherwise handle criminal justice information (CJI)? Then “yes!’”
CJIS compliance was established and is currently enforced by the FBI. Compliance ensures that professionals handling CJI, including cloud vendors providing software as a service (SaaS), prosecutor’s offices, government agencies, and more, adhere to pre-established, best practices regarding information security when working remotely or on wireless networks, establishing data encryption tactics, developing authentication processes, and other workflow activities.
As you probably guessed, CJIS compliance audits are complex and uncompromising. This seems frustrating to criminal justice professionals trying to do their jobs, but it’s a necessary safeguard for protecting our nation’s justice system.
How Can I Get Started?
Step one: Take some time to read through and understand the FBI’s Security Policy Requirement Document, and accept that complying with the CJIS security policy is no easy gold star.
While we wish we could offer you a magic solution that brings organizations up to pace with every CJIS standard, we can’t. As of today, no one can. But, we can offer some insight into a few processes you’ll want to tighten up (or implement!) in your efforts to prepare for certification.
What Am I Looking At?
In a nutshell, your processes for managing and handling CJI.
From data storage and retrieval to accessibility, internal workflows and communication between law enforcement agencies, courts, prosecutors, etc., you should be able to answer where the information is (and quickly locate it), whose hands it has been in and how it’s been altered at any given time. AKA, an auditable trail.
Hand-in-hand with being able to trace your data’s history is ensuring and proving the integrity of the information entrusted to your care, which can be safeguarded by data encryption and multi-step authentication processes.
You’re Sure There’s Not an App For That?
Yup. But digitizing records, evidence, reports and other CJI material enables you to leverage digital portals that facilitate communication between all necessary parties. These portals, such as LEAP, walk you a few steps closer to meeting CJIS standards.
Implementing robust workflows do not fulfil CJIS compliance, but they do support your efforts in checking the boxes to uphold data integrity and secure confidence in your service to the public.
If you’re interested in CJIS compliance, we recommend partnering with a trusted software vendor who can assess your current processes and recommend solutions or “next steps” for optimizing information security.
Remember: partnering vendors are responsible for ensuring their solutions uphold the promised functionality, but you play a role in sustaining the leveraged technology and continuing to pursue best practices. To help you fulfil your part, ask your vendor to outline a matrix that details the implemented functionalities, and who is responsible for maintaining each aspect of the solution required to comply with the CJIS Security Policy.
We Want to Hear From You!
Are you CJIS compliant or in the process? What hurdles are you facing?
Respond in the “comments” section below or on our Court Solutions showcase page. We read and respond – promise!