Jail Management System - Maricopa County
Jail Management System - Maricopa County
Jail Management System - Maricopa County
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Issue 6 IT Policies and Procedures<br />
Summary<br />
MCSO does not have formal JMS security policies and procedures that should address Criminal<br />
Justice Information Services Security Policy requirements. Formalized IT procedures can help<br />
MCSO implement security and other control activities during personnel absences and turnover.<br />
MCSO should develop formalized JMS IT policies and procedures.<br />
Criteria<br />
The Federal Criminal Justice Information <strong>System</strong> (CJIS) Security Policy requires that MCSO<br />
develop formal, documented procedures to facilitate the implementation of both federal and local<br />
security policies.<br />
COBIT recommends that IT organizations develop and communicate IT policies throughout the<br />
organization.<br />
Condition<br />
MCSO’s policies and procedures do not include formalized information security policies and<br />
procedures over the following key IT processes:<br />
Effect<br />
JMS and remote user account management<br />
JMS security log reviews<br />
Change management and program development<br />
Patch management<br />
Disaster recovery<br />
Without formalized IT policies and procedures, MCSO may not be able to perform security and<br />
control activities during employee absences and staffing changes. Also, ACJIS (Arizona<br />
Criminal Justice Information <strong>System</strong>) and NCIC (National Crime Information Center) may<br />
remove MCSO from their networks because of incomplete security guideline compliance.<br />
Cause<br />
MCSO IT personnel rely on their extensive hands-on experience in operating JMS in lieu of<br />
formal policies and procedures and have focused their limited resources on day-to-day operations<br />
rather than documenting IT operations.<br />
Recommendation<br />
MCSO should develop formalized JMS IT policies and procedures.<br />
<strong>Maricopa</strong> <strong>County</strong> Internal Audit 15 <strong>Jail</strong> <strong>Management</strong> <strong>System</strong>–May 2012