866.656.3338 sales@diversecomputing.com

Which of the 20+ Policy/Documentation Requirements of the CJIS Security Policy Do You Have?

Date Posted - 2nd Mar 2015 |  Category - CJIS Security Policy, Newsletter

CJIS ACE: The CJIS Audit and Compliance Experts

 

Don’t we all love a policy that requires you to have multiple other policies?

 

Actually, the CJIS Security Policy may require you to have 20+ policies, policy statements or procedure documentation depending upon your agency’s specific technology implementation and use.

 

I oversaw the CJIS audits for all CJIS-type agencies in New York, and I’m now out and about performing CJIS ACE Compliance Profiles for different agencies around the nation. From my experience, it is clear that documentation of required policies and procedures is often an afterthought, if a thought at all.

 

This fact doesn’t surprise me one bit.

 

Being a former sworn law enforcement officer and always heavily involved with information technology, security and compliance, I totally understand that the mainline business of law enforcement is job number one. Everything else seems to take a backseat on the priority list.

 

Even if an agency performs a technical requirement every single day to perfection (e.g. media protection), documenting the policy and process often lags behind. Sometimes, this documentation never gets done — resulting in being OUT OF COMPLIANCE.

 

I understand this scenario. I lived it and know it well. That being said, having the required local policies and procedures documented does serve a very important purpose beyond just complying with the CJIS Security Policy. I am not going to bore you with the philosophy of the need for policy and procedure documentation, but it does serve a critical role in helping to ensure more complete awareness, consistency and compliance across the criminal justice community.

 

To help you with your agency’s compliance with the required policies mandated by the CJIS Security Policy, I am offering a copy of the Required Policies/Procedures Checklist to all CJIS ACE Newsletter subscribers for free.  All you have to do is ask!

 

This checklist (of which many state CSOs and ISOs have versions available) extracts and references the sections of the CJIS Security Policy that may require an agency to have a documented policy or process in place in order to be compliant.

 

Just reply to this email or directly to me at wtatun@diversecomputing.com and ask for your checklist, and it’ll be on its way.

 

When you receive this checklist, review the required policies and how they may or may not apply to your agency. Admittedly, some of these can be difficult to draft up. So if you determine that you need assistance, CJIS ACE services are there to help. Just drop me an email or give me a call, and we can discuss your specific need and how our customized (and cost-effective) services can relieve you of these headaches.

 

Until next time, be safe.

 

Bill Tatun: Our lead CJIS Audit and Compliance Expert

========================

William “Bill” Tatun, CISSP, CISM

Chief Information Security Officer

Diverse Computing Inc.

850-656-3333 ext. 283

wtatun@diversecomputing.com

www.diversecomputing.com

========================
Were you forwarded this newsletter and found the content useful?

Then please take a few seconds and subscribe to our newsletter.

 

 CJIS ACE Newsletter Subscribe Link- Get great tips in your inbox

CJIS ACE is a division of Diverse Computing, Inc. that helps law enforcement, criminal justice, and non-criminal justice agencies as well as companies/organizations that provide criminal justice products and/or services comply with the FBI CJIS Security Policy and NCIC requirements.  CJIS ACE services are designed to help strengthen an organization’s information security profile and comply with any other CJIS-related policies that may be required (e.g. a State or County IT Security Policy). CJIS ACE brings real-world experience at the ready to assist your agency’s personnel in navigating the daunting and complicated path through audits and information security policy compliance.

 

More info about CJIS ACE- how CJIS ACE can help with your next audit

Let us deal with your audit and compliance hassles…

You already have enough to worry about.