Today, the International Association of Chiefs of Police (IACP) released “Guiding Principles on Cloud Computing in Law Enforcement” at the Leveraging the Cloud for Law Enforcement Symposium held at the Newseum. Developed in collaboration with key law enforcement subject matter experts from around the nation as well as experts from SafeGov.org, the principles establish clear and concise parameters and a path forward for the exploration of cloud-based computing solutions and services by law enforcement. The IACP principles come after a newly released IACP/Ponemon Institute/SafeGov.org commissioned survey showed that over half of law enforcement agencies surveyed indicated that they had implemented, were planning or considering implementing cloud-based solutions in the next two years.
“Cloud computing represents an important shift in the way information resources are managed and deployed by law enforcement agencies,” said Bart R. Johnson , Executive Director, IACP. “Realizing the substantial potential benefits of cloud computing, however, requires that we recognize the sensitivity of law enforcement information, make every effort to maintain the security and availability of key systems and data, and that we work closely with industry to build solutions that meet the critical and evolving needs of law enforcement.”
The IACP principles focus on addressing some of the most tangible benefits that cloud computing offers, including cost savings, rapid deployment of critical resources, off-site storage and disaster recovery as well as meeting dynamic operational needs, while maintaining the security of systems and the proper use of data.
Key principles include:
- FBI CJIS Security Policy Compliance – Services provided by a cloud service provider must comply with the requirements of the Criminal Justice Information Services (CJIS) Security Policy.
- Data Ownership – Law enforcement agencies should ensure that they retain ownership of all data.
- Impermissibility of Data Mining – Law enforcement agencies should ensure that the cloud service provider does not mine or otherwise process or analyze data for any purpose not explicitly authorized by the law enforcement agency.
- Confidentiality – The cloud service provider should ensure the confidentiality of law enforcement data it maintains on behalf of a law enforcement agency.
IACP will be working in the coming months to develop model policies associated with cloud computing through the IACP National Law Enforcement Policy Center. Model policies are expected to be released at the IACP Annual Conference, scheduled for October 19-23, 2013 in Philadelphia, Pennsylvania.
To view the IACP principles and results and methodology of the IACP/Ponemon Institute/SafeGov.org commissioned survey, please visit http://www.theiacp.org/cloudcomputing.