The Criminal Justice Information Services (CJIS) Security Policy provides guidance for the creation, viewing, modification, transmission, dissemination, storage and destruction of Criminal Justice Information (CJI). CJIS compliant document scanning services ensure sensitive criminal justice information is handled and stored securely. This includes personal information as well, such as fingerprints, criminal records, and all other sensitive data.
The first step in CJIS compliant document scanning is to ensure that the scanning equipment and software used meets the necessary security standards. Once the equipment and software have been properly configured, the next step is to properly handle the physical documents. In order to maintain compliance when processing CJI, document scanning companies must make certain that only authorized individuals have access to the documents.
In our case, Recordsforce sets up a separate location to process and store the confidential information. The access to this location is restricted by locked doors. Since access to the digitized documents and data should be restricted to authorized personnel only, the only employees able to access the records are those who have received unescorted access to the documents by passing a background check and fingerprinting from the specific department we are working with. Regardless of project access, Recordsforce performs their own background check on all employees and they each sign a CDA before hire. Additionally, all entrances to Recordsforce are secured by a mantrap that has a camera and employees have individual badges to be able to enter our building.
To stay CJIS compliant, document scanning companies must ensure the encryption of data both during transmission and storage, as well as during the deletion of data once it is no longer needed. At Recordsforce, once the files are digitized, the images are stored temporarily on an isolated server that is monitored by another pre-screened IT employee, in which all activity is logged on our network. During the data extraction and indexing process, it’s important to check that all relevant data is captured and that the scanning images are of high quality. This will ensure that the information can be easily found and understood by authorized personnel.
After scanning and data extraction, documents and data should be stored in a secure, CJIS compliant location, such as a secure server or cloud-based storage system. At Recordsforce, we offer the images and data to be delivered via an encrypted thumb drive or through a secure FTP portal. They are then deleted from our servers once reviewed by the customer. If the physical records are to be destroyed, a release form is sent to the customer with the list of files being destroyed and a certificate of destruction is sent to confirm the shredding.
Additionally, Recordsforce is SSAE-18 and SOC II auditing, meaning we have had a complete review of our controls, processes and design, operational controls and policies, and the management’s description of system or service to a professional standard by a third-party auditor. It is important to regularly audit and review your CJIS compliant document scanning process to ensure that it remains compliant with CJIS regulations.
In conclusion, CJIS compliant document scanning is a crucial process in ensuring the security and privacy of sensitive criminal justice information. By following the proper steps and guidelines, document scanning companies like Recordsforce, can make certain that their document scanning process is secure. Recordsforce can ensure best-in-class protection and security for your sensitive data and documents.