Today was a really great day for us.
Today’s blog is about a part of policing that normally isn’t very exciting. But it is important to us and to you. Like most organizations these days our records contain big data and we link to state and federal criminal justice big data too. I know you’ve read about and maybe have been affected by big hacks like Target, Home Depot, even the IRS got hacked. And your personal information is out there in cyberworld.
We know our data is sensitive and we know it is our responsibility to guard it properly and see that it is used lawfully. But even we, who are so very careful, swallowed hard when we got the following email message in May:
Dear Ms. Gina Thomas,
The FBI’s Criminal Justice Information Services (CJIS) Division will conduct a Criminal Justice Information Technology Security Audit of the Auburn Hills Police Department on Tuesday, June 28, 2016, at 9:00 AM. CJIS Division staff will evaluate compliance with applicable policy requirements associated with access to and use of CJIS systems and data.
In preparation for the audit, please complete and return the attached documents to me by Friday, June 17, 2016. Questions regarding the audit should be directed to me at the above listed email address or by phone.
Thank you in advance for your cooperation throughout the audit process.
Mr. Mark Fluharty
Federal Bureau of Investigation
CJIS Audit Unit
So our team went to work. They reviewed our processes, answered the pre-audit questions, examined the newest requirements and made sure we were in compliance. They poked us, prodded us, tested us across all of our personnel to get us ready. Led by our Terminal Agency Coordinator, Police Service Officer Gina Thomas they kept all of us on task with the moving pieces and parts to meet the deadlines. One of the challenges is the frequency of change in this area–the rules and processes change all the time.
Today was audit day. Auditors were here at 0900 hrs and at 1030 hrs announced that they were done. Done? I expected them to be on this most of the day. So I met with the team and the auditors for their report.
They told us that we had a perfect audit –no items of concern — at all. They had never seen that before. They said that they didn’t have a preformatted letter to send us with results because the letters always note what improvements must be made. And we had none. (Actually he seemed a little uncomfortable – as though he didn’t know what to say to us, exactly.)
I was probably the least surprised person in the room. I know the team, how careful and thorough they are so I was confident despite all their worrying and hand-wringing. (They do that BECAUSE they take it so seriously).
We took a photo with the auditors to mark the occasion and after they left it was high-fives all around. Congratulations to our team who did an excellent job on an important function of our agency!
I hope the other 13 Michigan agencies being audited had as good of a day as we did!