866.656.3338 sales@diversecomputing.com

Explaining the Advisory Process – Schoolhouse Rock Style

Date Posted - 12th Jun 2014 |  Category - CJIS Security Policy, Common IT Headaches, Newsletter

CJIS ACE- the CJIS Audit and Compliance Experts. The closest thing you ca get to CJIS Certification.

FBI CJIS Advisory Policy Board (APB) Process

Hello!

As promised we’re going to take a trip down memory lane.  Well, it’s only memory lane for those of us who are old enough to remember SchoolHouse Rock on Saturday mornings.  For those of you who are not old enough, here’s a link to what I am referencing:  http://www.youtube.com/watch?v=tyeJ55o3El0

 

The last newsletter was Part 1 of explaining the CJIS Advisory Process and laid out the structure, makeup and responsibilities of the FBI CJIS Advisory Policy Board (APB).  This newsletter is Part 2 where we’re going to complete the process by illustrating how an idea or request becomes policy.  How you, as a contributor and user of the CJIS systems, has input into the “process.”

 

First and foremost, you need to have an idea or request.  This idea or request needs to be transformed into a written proposal, called a “topic paper.”  A topic paper is similar to a bill in congress (or “Bill” from Schoolhouse Rock) and will need to successfully make its way through the “process” using your representatives before being implemented.  Keeping in line with our theme (those born prior to the 70’s will smile):

 

A written proposal, or paper topic.

 

To be considered complete, topic papers should include the following:

–  Clear statement of the request

–  How the subject of the request is being handled now or a description of the problem being solved

–  Suggested solution

–  A scenario or example that illustrates the problem/solution

–  Explanation of benefit(s) to the criminal justice community

–  Impact on state or local agencies, users and/or systems, if known

–  Importance

–  Contact person

It is important that the magnitude of any problem, solution or request is explained so that, if approved, a priority can be set to implement the change.

 

Though the CJIS Division sends out solicitations twice a year for agenda items, topic papers for discussion at the CJIS Working Group meetings may be submitted at any time.  The solicitation just lines up with the “process” and its deadlines.

 

Once a topic paper is created it can be submitted.  Exactly how it gets submitted and the steps it follows depends on where it originates.  It reminds me again of our modified Saturday morning cartoon and how “Bill” goes through Congress to eventually become a law.

 

A written proposal, or paper topic. Explaining the FBI APB.

 

If a state or local agency creates it’s own topic paper, it needs to get submitted through the CJIS Systems Officer or Agency (CSO or CSA).  This allows for a review to determine any effect on state or national programs.  After the CSO/CSA determination is made the topic paper if forwarded to the appropriate Working Group Chairperson and then to the CJIS Division for determination of inclusion on the next Working Group meeting agenda.

 

When a topic paper is created by a State Identification Bureau, they may submit it to the CSO/CSA or directly to the CJIS Division for determination of inclusion on the next Working Group meeting agenda.

 

When a topic paper is created by a professional organization, they may submit it directly to the CJIS Division for determination of inclusion on the next Working Group meeting agenda.

 

Once a topic paper is placed on the Working Group agenda each working group reviews and discusses the operational, policy and technical aspects of the proposal.  If input or a recommendation from subject matter experts in a specific area is warranted, the topic paper is forwarded to the appropriate ad-hoc subcommittee.  If not, Working Group recommendations are forwarded to the APB for further action.  

 

Once the proposal has been reviewed and discussed by the APB, their recommendation is forwarded to the FBI Director. 

 

From here, the FBI Director will review the APB recommendation(s) and either accept, modify or reject the recommendations.

 

Depending on the actions of the FBI Director, policy and/or program changes can be created, modified or deleted.

 

This is how our friend, “Topic Paper,” makes his way through the process of being created, sufficiently vetted, made into a recommendation and finally, acted upon by the FBI Director.  This is, similar to how “Bill” becomes “Law,” how “Topic Paper” can become “Policy.”

 

If you are a visual person, I’ve include a flowchart of the process below:

 

How a topic paper goes through the process of being created, sufficiently vetted, made into a recommendation and finally, acted upon by the FBI Director, and made into a policy.

 

know it takes a little to digest the entire process, but it is my hope that this and the last newsletter helped to explain and illustrate the CJIS Advisory Process.

 

You should now be able to answer the questions, “How did they come up with this policy?” and “Why do they require this?” 

 

Additionally, you should be more aware of the fact that, as a system contributor/user and through the shared management concept, known as the CJIS Advisory Process, you have a voice as to how policies and programs of FBI systems that benefit the criminal justice community are administered.

 

 

Until next time, be safe.

Bill Tatun: Our Lead CJIS Audit and Compliance Expert

=========================

e:  wtatun@diversecomputing.com

o:  850-778-3207

w:  www.diversecomputing.com/CJISACE

=========================

Were you forwarded this newsletter and find the content useful? Then please take a few seconds and subscribe to our newsletter.

CJIS ACE Newsletter Subscribe Link

CJIS ACE is a division at DCI that helps law enforcement agencies comply with the FBI CJIS Security Policy and NCIC requirements. CJIS ACE services are designed to help you be pro-active in strengthening your agency’s information security profile and comply with any other security policies that may be required (e.g. a State or County IT Security Policy). CJIS ACE brings real-world experience at the ready to assist your agency’s personnel in navigating the daunting and complicated path through audits and information security policy compliance.

More info about CJIS ACE

 

Let us deal with your audit and compliance hassles…

You already have enough to worry about.