COPS IN THE CLOUDS
ALEXANDRIA, VA – January 31, 2013 – The International Association Of Chiefs Of Police (IACP) unveiled guiding principles for law enforcement’s transition to cloud services as new study shows that over half of U.S. law enforcement agencies likely to be using cloud-based solutions in next two years.
The IACP released “Guiding Principles on Cloud Computing in Law Enforcement” at the
The IACP principles come after a newly released IACP/Ponemon Institute/SafeGov.org commissioned survey showed that over half of law enforcement agencies surveyed indicated that they had implemented, were planning or considering implementing cloud-based solutions in the next two years.
“Cloud computing represents an important shift in the way information resources are managed and deployed by law enforcement agencies,” said Bart R. Johnson, Executive Director, IACP. “Realizing the substantial potential benefits of cloud computing, however, requires that we recognize the sensitivity of law enforcement information, make every effort to maintain the security and availability of key systems and data, and that we work closely with industry to build solutions that meet the critical and evolving needs of law enforcement.”
The IACP principles focus on addressing some of the most tangible benefits that cloud computing offers, including cost savings, rapid deployment of critical resources, off-site storage and disaster recovery as well as meeting dynamic operational needs, while maintaining the security of systems and the proper use of data.
Key principles include:
· FBI CJIS Security Policy Compliance – Services provided by a cloud service provider must comply with the requirements of the Criminal Justice Information Services (CJIS) Security Policy.
· Data Ownership – Law enforcement agencies should ensure that they retain ownership of all data.
· Impermissibility of Data Mining – Law enforcement agencies should ensure that the cloud service provider does not mine or otherwise process or analyze data for any purpose not explicitly authorized by the law enforcement agency.
· Confidentiality – The cloud service provider should ensure the confidentiality of law enforcement data it maintains on behalf of a law enforcement agency.
IACP will be working in the coming months to develop model policies associated with cloud computing through the IACP National Law Enforcement Policy Center. Model policies are expected to be released at the IACP Annual Conference, scheduled for October 19-23, 2013 in Philadelphia, Pennsylvania.
<<< BIO BOX >>>
To view the IACP principles and results and methodology of the IACP/Ponemon Institute/SafeGov.org commissioned survey, please visit http://www.theiacp.org/cloudcomputing.