The real work comes in with the nuts and bolts of implementing new changes according to policy updates.
As you can probably guess, this part is never as easy as it sounds.
Start by making sure the appropriate people sign off on all policy changes, including general counsel, GRC team, security officer, and so on.
Using a software like PowerDMS that keeps an audit trail of all signatures helps you keep track of who signs off on what and ensure everyone has access to the most recent version of every policy for optimal compliance.
Keeping your employees aware of all compliance requirements and what it means for them is critical.
As you work within your department to get in compliance with FBI CJIS Security Policies, communicate well. Make sure everyone knows what changes you make to your internal policies and how they affect your officers’ jobs.
This compliance process may take place over a matter of months, so it may help to roll out your procedure changes in phases.
Having the right policies in place is important, but your staff also need to comply with the new protocol.
Some changes, such as password strength or device auto-lock settings will be easy to explain. Others will require more extensive training.
At a minimum, all personnel with access to CJI must complete Security Awareness Training within six months of initial assignment and retraining every two years after that.
Make an effort to plan ahead for this training requirement.
If you need assistance, PowerDMS training management can help. With this feature, you will be able to create highly personalized training tools and tests to keep all your employees on the same page.
Auditing and accountability are additional requirements for CJIS security. According to the CJIS Security Policy, “Agencies shall implement audit and accountability controls to increase the probability of authorized users conforming to a prescribed pattern of behavior.”
Like most policy development, CJIS compliance is not a one-and-done process.
One of the requirements is ongoing audits, including a “State Audit” every three years.
It will be your responsibility to regularly review policies, procedures, location security, data/IT security. Work with your team to plan how you will keep all your files updated and organized ahead of time.
This way, when audit time comes, you won’t have to scramble for a solution.
Becoming CJIS Security Policy compliant is not a small undertaking, but an ongoing process of ensuring the safety and protection of critical documents.
As you know, documentation and organization will play important roles as you work with this confidential information.
PowerDMS is a robust policy and compliance management system that can help put all of your CJIS security documents in one, secure location.
With the right plans and systems in place, you can make compliance with FBI CJIS security policy happen.