Don’t let your upcoming data migration risk compliance.
While other compliance standards like HIPAA are more well known, CJIS (Criminal Justice Information System) has a critical role to play in the daily functioning of a large number of government agencies, NGOs, and private businesses in the criminal justice and law enforcement sector. The policy covers a wide range of criminal justice information such as digital fingerprint records, arrest and stolen property reports, criminal records, and video evidence such as body worn camera footage.
Originally developed in the early 1990s by the FBI to create a network of data sharing arrangements between policy departments nationwide, CJIS was updated 10 years later to include a security policy that establishes guidelines for the creation, transition, and storage of criminal justice information. From then on, any organization that wanted to share CJI had to comply to these security standards put forth by the FBI. It has the dual effect of protecting national security while also safeguarding individuals’ civil liberties. The policy is comprehensive in that it covers wireless networking, data encryption, and remote access. Failure to comply can result in fines or even criminal charges.
As a result of these serious guidelines, migrations of CJI are understandably challenging. They require careful planning and knowledge about the particular obstacles that often plague CJIS compliant data migration projects. In our extensive experience working with law enforcement agencies like police departments, we have identified three of the biggest challenges that risk an organization’s CJIS compliance status during a data migration.
Ensuring that data in-transit stays encrypted throughout the migration is essential for maintaining CJIS compliance
A critical part of CJIS compliance rests on ensuring any digital CJI that is stored and transmitted is fully encrypted using at least 128-bit encryption. Similar to other compliance guidelines, these encryption requirements prevent leakages and ensure privacy. They also provide flexibility for data handling arrangements with most mainstream cloud service providers.
Given this requirement, it is essential that data being migrated stay encrypted every step of the way – from source to destination. It is not enough to just ensure encryption once at the storage facility.
Administrative, security, and user permissions must be maintained during and after the migration in order to avoid breaking compliance
As you could probably guess, a crucial part of CJIS compliance is that CJI can only be accessed by cleared and selected individuals or groups of users chosen based on certain criteria. For example, access controls often restrict what CJI users can access based on their location, job title, IP address, or even time of day.
During a migration, it is no different. Data should not be accessible to those who do not meet security criteria. These access controls cannot be left behind or temporarily disabled while the data is in transit. It is important to ensure that the tools or program you choose to help you with your migration project ensure the permissions are maintained during and after migration.
Eliminate the guesswork. Prove data integrity and CJIS compliance throughout your migration.
Given that lapses in protocol during tricky data migrations are difficult to avoid, there are frequent data audits done by regulatory bodies. Auditors are looking to ensure protocol has been followed and, importantly, your data integrity is intact.
Therefore, it is a good idea to plan ahead and ensure your team has a mechanism to prove that no files were tampered with during the migration and are identical from source to target. In addition, it can be helpful to collect data to show that the migration was monitored for compliance status from start to finish. Taking time to create an audit trail in the event of an audit can save you from potential catastrophe in the future.
Execute your next NAS migration with unparalleled security and compliance using DataBloc.
DataBloc’s 4 step process:
- Discover – Asses data and data storage environment
- Advise – Generate migration plan and recommend best practices
- Simulate – Estimate migration timeline, expenses, and cost savings using DataBloc
- Migrate – Move data fast while assuring full CJIS compliance and data integrity
- For more information, contact a migration specialist at https://databloc.io