In January 2013, IACP released the results of its cloud computing survey. Over half of the departments responding said they were already in or planning to go to the cloud. 61% of said the primary reason for going to the cloud was to “save money.”
Today, IACP has just released the updated “Guiding Principles on Cloud Computing in Law Enforcement” guidelines and model policies associated with cloud computing at the IACP conference in Philadelphia.
There are ten guiding principles intended to ensure that operational needs are met while ensuring the security of systems and data:
- FBI Criminal Justice Information System (CJIS) Security Police Compliance
- Data Ownership – LE Agencies should ensure they retain ownership
- Impermissibility of Data Mining – cloud service provider cannot mine or analyze data unless authorized by LE agency
- Auditing – cloud service provider should conduct audits of performance, use, access, and compliance
- Portability and Interoperability – Criminal Justice Information (CJI) should be portable to and interoperable with other operating systems
- Integrity (Physical or Logical) – must be maintained by cloud service provider
- Survivability – continuity of operations must be ensured in the face of potential changes in business structure, operations, etc.
- Confidentiality – must be ensured
- Availability, Reliability, and Performance – metrics/requirements should be specified by LE agency and ensured by cloud service provider
- Cost – Total Cost of Ownership (TCOP) model should be used.
These principles can be embedded in contracts or service agreements. IACP provides sample contract language that agencies can use to customize their agreements with cloud service providers. The structure and guidance provided by IACP will facilitate agencies’ adoption of cloud computing.
Visionations will provide cloud services that meet or exceed the IACP’s guidelines for cloud computing. Our commitment will be codified through customized agreements that meet the client agency’s needs.