Our BMI Imaging Systems Blog, Security articles provide you with useful information about the methods and processes you should consider when converting and accessing your sensitive records. How do you access your records? Who converts them for you? Where are they hosted? Understand security and protect your records!
CJIS Compliance And Document Management
What is CJIS? Does it apply to my records? Who can I talk to about this kind of thing?
These are all great questions, and potentially they’re the ones that you’re asking yourself if you’ve landed on this article. What we’ll do here is give you an overview of CJIS, why CJIS compliance is important, and who should be concerned about it. We’ll also talk a bit about how CJIS applies to scanning your records (such as microfilm, microfiche, and hard copy files) and accessing your documents through a hosted database.
What is CJIS?
CJIS stands for Criminal Justice Information Services and is a division of the FBI. The mission is “to equip our law enforcement, national security, and intelligence community partners with the criminal justice information they need to protect the United States while preserving civil liberties.” Basically, CJIS provides a quick-access information database to local, state, and federal law enforcement agencies, which can then use that information to help them catch the bad guys more efficiently.
The FBI heads the overarching CJIS division, but individual states usually have their own organizations for handling CJIS protocols, such as the California Justice Information Services (“CJIS”) and the Arizona Criminal Justice Information System (“ACJIS”). At a high level, the FBI CJIS policy is the standard for local agency policies, and must be adhered to. However, local agencies can also complement the CJIS policies with their own protocols, but the CJIS Security Policy must be maintained at a minimum and must not be detracted from or reduced.
Why is CJIS Compliance Important?
One, because the FBI says it’s important. Two, because if you have CJI (Criminal Justice Information) then you’re required to adhere to the policies provided by the FBI (and potentially local agency policies) related to this type of information. Three, because if you are responsible for CJI, the FBI can “pop in” and perform a security audit at any time.
Who Should be Concerned About CJIS?
CJIS compliance applies to records that contain criminal information, such as police department records or court documents with criminal data. If your organization (hint: police departments, sheriff’s offices, courts) handles records that contain criminal information, you are likely supposed to be following the rules and guidelines of the CJIS Security Policy to ensure that your content is handled by the proper individuals and in the proper way.
How Does CJIS Apply to Scanning?
Here’s where we come in.
It’s all well and good to know CJIS policies and requirements, and that you have records that fall under the CJIS umbrella, but if you’re interested in scanning physical records like microfilm, microfiche, and paper files into digital format, or transferring electronic data with that same type of information, how does that work? Who’s allowed to handle this type of material?
The first thing you should do is to go to the CJIS portal (https://www.cjisonline.com/index.cgi) and do a search for companies that provide scanning and document management services. If they’re not on the list, they’re probably not the best pick to provide CJIS-compliant records handling. If you didn’t find what you were looking for on the CJIS portal, another way to determine which organizations can work with CJIS data is to search the web for scanning companies and when you get in contact with them, just ask if they’re a CJIS-listed vendor. If the response to that question is “who’s CJIS?” then you know you’re not talking to the right company.
BMI is a CJIS-listed vendor, meaning we’ve been given the green light to work with criminal data records. Our folks have been vetted and cleared for this type of work, and our physical and network security policies and procedures comply with the rules and guidelines for the sensitive nature of the material we’d be handling. To get an idea of the type of security we employ at BMI, take a look at our Security page for a brief overview.
CJIS Secure Cloud Hosting Environment
Let’s say you have an archive of 1,000 microfilm rolls containing criminal records. And let’s also say that you decided to scan your microfilm into a digital format. Finally, let’s say that you found a company that is a CJIS-listed vendor and worked with them to scan your microfilm. Good job!
But now what?
As with most choices in life, you have many. You could have your microfilm scanned into a standard format, such as multi-page PDFs or single-page TIFFs, and returned to you on an encrypted USB drive; you may have an existing content management database and choose to have the images formatted for import to that system; or, you may want to have the digital images and data imported into a hosted database provided by a document management company.
If you’re interested in a CJIS Cloud Hosting solution, that’s fantastic. We provide CJIS hosting to many clients from the law enforcement arena, and our network is structured to accommodate CJI. Aspects of the BMI CJIS Cloud Hosting Environment include:
- The system will present a Community Cloud hosting model as defined by NIST SP 800-145.
- Unique login credentials (username and password) with two-factor authentication (2FA).
- IP Address Lock implementation to only allow system access to requests that originate from your network.
- Data within the system encrypted at rest using FIPS 140-2 certified encryption technology.
- Data in transmission encrypted using TLS encryption to conform with FIPS 140-2.
- Automatic session timeout after 20 minutes of user inactivity.
- All BMI personnel with access to the CJIS Hosted System or client data during the conversion process will have CJIS Level 4 certification and will have undergone and passed a criminal background investigation.
Next Steps
If you think it’s time to get serious about CJIS, we agree. As we mentioned in the section “How Does CJIS Apply to Scanning?”, you could check out the CJIS portal to get an idea of who may be a good fit to work with you on your project.
Another option is to give us a call (800-359-3456) or fill out a form (right side of this web page) and we’ll get one of our teammates to follow up with you and answer your questions.
planning or implementing cloud technologies today (according to InformationWeek April 2015 survey).