Windermere Police Department Credits Computer Business with Helping it Securely Manage IT, Pass CJIS Audits
Cybersecurity has become a top concern for all law enforcement agencies because of the constant threat of intrusion from hackers and other bad actors. The Criminal Justice Information System (CJIS), which is used by law enforcement and related agencies on the local, state, and federal levels, has been identified as a critically important resource for protection. The U.S. Federal Bureau of Investigation (FBI) requires all users of CJIS data to pass a demanding CJIS technical audit every three years.
Even the largest law enforcement organizations — those with dedicated IT staff — find it difficult to pass the onsite CJIS audits, without which organizations can’t access CJIS information — which would severely limit a department’s ability to function.
For small organizations, such as the Windermere Police Department, which lacks an IT department, the challenge is even greater. Shortly after Dave Ogden joined the Windermere Police Department as its new Chief, he looked for an IT Service Provider who could manage the department’s computer infrastructure, and help ensure the compliance required to pass a CJIS technical audit.
The Windermere Police Department chose Computer Business Consultants to serve as its IT partner.
The selection of Computer Business turned out to be exactly what the Windermere Police Department needed. When Chief Ogden first arrived at the department, he found IT operations, which were being managed by a third-party provider, to be substandard and had to find another.
“The next organization we tried was better, but lacked the deep knowledge and reliability that we required,” Chief Ogden said. “Computer Business brought in the professionalism and knowledge we needed from an IT managed services provider.”
Chief Ogden, who had come from one of the 10 largest police departments in the country to lead one of the smaller forces in Florida, was used to having an entire IT department supporting the force — and ensuring CJIS compliance. So it was distressing when, prior to finding Computer Business, the department failed its CJIS audit six years ago, forcing it to scramble to deploy systems and documentation to achieve certification.
Meanwhile, year by year, the CJIS audit became ever more complex and demanding.
Computer Business helped Windermere Police Department pass its CJIS audit three years ago, and pass it again, just recently.
Along the way it continues to provide the department with the industry-leading IT support to keep its IT infrastructure up and securely running 24x7.
The Windermere Police Department has enjoyed a number of benefits from working with Computer Business, including passing CJIS audits with flying colors, enjoying the company’s deep and broad knowledge and great documentation, and earning a sense of pride in having other departments ask for help in passing their own audits. The department also values the fact that all Computer Business employees are CJIS-certified, and that the company works well with other police department partners and vendors.
Passing CJIS Audits with Flying Colors
Chief Ogden recalls the first CJIS audit he encountered after joining the Windermere force as a difficult ordeal — in part because of the lack of attention a previous IT provider had paid to security implementation, policies, and documentation.
Sergeant Jayson Bonk, who has long helped the department with his own IT knowledge, said it was a grueling process of all hands pulling together to go through CJIS requirements to ensure and document compliance. “For the first audit, before working with Computer Business, even when we had technology properly deployed — such as encryption, we lacked documentation of such. We also found that our network diagram was out of date.”
“A police department simply has to have CJIS compliance, because it would be extremely difficult for a department to operate without access to the Criminal Justice Information System,” Chief Ogden says. “So, we were under tremendous pressure.”
In contrast, the last two audits, which occurred after the department engaged with Computer Business Consultants, have gone smoothly, enabling them to easily pass the first time.
“The work we did with Computer Business three years earlier to gain CJIS compliance put us in very good shape as we headed into the most recent audit,” Sergeant Bonk says. “But at the same time, CJIS audits have become more complex and more demanding, so there were new things to deploy — such as two-part authentication for our mobile devices — and more rigid demands on our documentation of compliance.”
Prior to a CJIS audit, the Florida Department of Law Enforcement (FDLE) sends each law enforcement organization in the state a CJIS questionnaire, which outlines what is covered in the upcoming audit.
“Myself and members of Computer Business sat down and went through the FDLE entire questionnaire,” Bonk says. “That’s how we were able to make sure that we were within the security policy, by going through the questionnaire and verifying that we could answer — and document — each point. We worked together closely with Computer Business in a real team effort, and passed the audit on our first try.”
Other agencies didn’t pass.
“In the most recent audit, a lot of agencies weren’t in compliance because they weren’t able to show how they were doing certain things,” Sergeant Bonk says. “So that was definitely stressful, because obviously, no one wants to go into an audit and not pass.”
Deep and Broad Knowledge, Great Documentation & Organization
Sergeant Bonk appreciates the wealth of knowledge he can tap into whenever needed, through working with Computer Business.
“They have deep knowledge, and they have knowledge across whatever your need might be,” Sergeant Bonk says. “With Computer Business you aren’t depended upon just one person. They have a lot of people who are very well rounded in their IT knowledge.”
The precise organization of Computer Business and their tight documentation also proves valuable.
“Computer Business is much more organized than any other IT group we have worked with,” Sergeant Bonk says. “They pretty much document everything, which is exactly what you need when preparing for a CJIS audit.”
Sometimes documentation requires exceptional effort. For the most recent CJIS audit, agencies were required to provide specific encryption documentation for their wireless devices.
The Federal Information Security Management Act (FISMA) requires that U.S. government agencies (and participants in CJIS) must use the Federal Information Processing Standard (FIPS) publication 140–2 for validating cryptography modules. It turned out that the wireless service provider the Windermere force was using couldn’t provide FIPS documentation.
“Working with Computer Business, we were able to identify another solution, and get permission to use a RAS VPN [remote access service virtual private network], which allowed us to get the FIPS certificate required by CJIS,” Sergeant Bonk says. “Computer Business also helped update our network diagram, which can be complex, because it needs to show every system we interact with. This was easy for Computer Business because they take care of our network and have everything documented. Without them, the challenge would have been significant.”
Earning a Sense of Pride: “Police Departments 10 Times Our Size Called to Ask How We Passed CJIS”
Passing a CJIS audit is so difficult, that the Windermere Police Department takes pride in their ability to pass on the first try. Every month Chief Ogden attends a Chiefs meeting with the Sheriffs and all Police Chiefs for Orange and Osceola counties.
“During the last audit, lots of chiefs were talking about how tough the technical audit was, and about how they were failing,” Chief Ogden recalls. “I was able to go in there and say: ‘We passed 100% and had a seamless audit.’ Some of these agencies have more than 50 people just in their IT department to handle the audit, so jaws dropped. Police departments 10 times our size later called to ask how we passed the CJIS technical audit. So, there’s definitely a sense of pride in being able to do that.”
Sergeant Bonk agrees. “I’ve had agencies contact me after the audit asking for our policy, since our policy was accepted by CJIS,” he says. “It’s nice to have agencies that are several times larger than we are asking us for our policy because they knew that we passed.”
All Computer Business Employees are CJIS-Certified
Chief Ogden likes the fact that all Computer Business employees are CJIS-certified, meaning they have passed background checks and are approved to work with systems hosting CJIS data.
“In the past, we had smaller IT companies come to us wanting our business, and some of them couldn’t even pass a criminal background check,” Chief Ogden says. “That is a complete non-starter. One of the things that impressed me when I first met Clinton Pownall [Founder and CEO of Computer Business] was his military background. He understood the nuances, and the degree of security that a police department must have.”
As tough as the CJIS audits are, Chief Ogden sees their value in ensuring that all agencies are meeting the security and other technical demands required to handle confidential information.
“We are a small force, but we receive national critical information from the FBI, DHS [Department of Homeland Security], the full alphabet soup of agencies,” Chief Ogden says. “And we generate our own law enforcement data and investigations that must be secured. So it is good to work with a group like Computer Business that understands our needs and is able to help us achieve and maintain the infrastructure and policies we need to operate securely.”
Computer Business “Works Well with Other Police Departments We Partner with and with Vendors”
In addition to managing IT infrastructure for the Windermere Police Department, Computer Business also helps coordinate the sharing of resources with three other neighboring police agencies.
“We work with other departments in sharing SmartCOP technologies and our Computer Aided Dispatch, and information sharing platforms, “Chief Ogden says. “Computer Business works well with other police departments we partner with and with vendors to make sure these systems integrate, that all data is encrypted as it is transferred back and forth, and that everything is up and running because they know that is mission critical to law enforcement.”
All of this requires Computer Business to interact with other IT groups, which Chief Ogden says sometimes requires diplomacy.
“Sometimes it can be hard to get everyone to play together, so it is good for me to know that Computer Business does a very good job of this,” Chief Ogden says. “Just like my job as the chief is to make sure that I collaborate and work well with all my private partners and public partners, Computer Business, has to work well with all the partners that we have and make sure all of this work together fluently. And they do this.”
About Computer Business Consultants
Computer Business Consultants offers a full suite of customizable services, ranging from Professional Consulting Services, to Managed Services, Security Services, Backup & Recovery, Cloud Services, and Mobile Management. We provide 24x7x365 monitoring and management of IT networks, storage, backup, software, and security. Taking advantage of specialized technology, Computer Business operates efficiently — keeping costs low, while delivering outstanding customer service, and improving the profitability and efficiency of businesses. For more than 25 years Computer Business has been a leader in its field, providing services to any sized business in any location. Our experience covers a broad range of industries, including healthcare, technology, financial, manufacturing, legal, logistics, B2B and B2C, and the U.S. military. For more information, visit us at www.computerbusiness.com.
