NCJ Number
241191
Date Published
2015
Length
8 pages
Annotation
This report from the International Association of Chiefs of Police presents a set of guiding principles for cloud computing by law enforcement.
Abstract
Advances in cloud computing technologies can provide a number of benefits for both law enforcement and government agencies, including cost savings and rapid deployment of critical resources. This report presents a set of principles that law enforcement agencies should use when establishing contractual agreements with service providers offering cloud computing services. These principles are as follows: 1) services provided by a cloud service provider must comply with the requirements of the Criminal Justice Information Services Security Policy; 2) law enforcement agencies should ensure that they retain ownership of all data; 3) agencies should ensure that the cloud service provider does not mine or otherwise process or analyze data for any purpose not explicitly authorized by the law enforcement agency; 4) upon request, or at regularly scheduled intervals, the provider should conduct, or allow the agency to conduct audits of the provider's performance, use, access, and compliance with the terms of any agreement; 5) the provider should ensure that law enforcement data maintained by the providers is portable to other systems and interoperable with other operating systems to an extent that does not compromise the security and integrity of the data; 6) the provider must maintain the physical or logical integrity of law enforcement data; 7) the terms should recognize potential changes in business structure, operations, and/or organization of the cloud service provider, and ensure continuity of operations and the security, confidentiality, integrity, access and utility of data; 8) the provider should ensure the confidentiality of law enforcement data it maintains on behalf of the agency; 9) the provider must ensure that law enforcement data will be available to the law enforcement agency when it is required within agreed performance metrics; and 10) law enforcement agencies should focus cloud acquisition decisions on the Total Cost of Ownership model.