STATE OF MINNESOTA DEPARTMENT OF PUBLIC SAFETY
|
|
- Mark Hall
- 6 years ago
- Views:
Transcription
1 STATE OF MINNESOTA DEPARTMENT OF PUBLIC SAFETY BUREAU OF CRIMINAL APPREHENSION Query Person Information Service (QP) Published On: September 21, 2010 Service Release Version#: 1.0 Prepared By: Bureau of Criminal Apprehension Criminal Justice Information Systems 1430 Maryland Avenue East St. Paul, Minnesota Service Visibility Service Description Accessibility Service Inputs Service Outputs SERVICE SUMMARY Public Restricted Private See Glossary for definitions This service provides users with the capability to retrieve information on a person s MNJIS hot files and federal NCIC hot files. BCA Criminal Justice Partners Name (NAM) Date of Birth (DOB) MNJIS and NCIC Person Hot Files
2 Document Revision History Date Version Description Author 09/21/ Initial Document BCA MNJIS 11/24/ :20:24 PM Page 2
3 Table of Contents SERVICE SUMMARY... 1 BUSINESS SERVICE DEFINITION... 4 QUERY PERSON SERVICE... 4 SERVICE OVERVIEW... 4 REAL WORLD EFFECTS... 4 SUMMARY... 4 BUSINESS SCENARIOS... 5 INPUT DETAIL AND BUSINESS VALIDATION RULES... 5 SERVICE CONSUMERS AND ACCESS RIGHTS... 5 SERVICE-LEVEL EXPECTATIONS... 5 SERVICE LOGGING AND AUDITING REQUIREMENTS... 6 TRAINING AND CERTIFICATION... 7 POLICIES... 8 STATUTES AND RULES... 9 RULES... 9 STATUTES BUSINESS USE-CASE TECHNICAL SERVICE DEFINITION ACCESSING THE SERVICE PRE-CONDITIONS (TECHNICAL) POST-CONDITIONS (TECHNICAL) SERVICE INTERFACE MESSAGE FORMAT EXCEPTION CONDITIONS AND ERROR HANDLING SECURITY PROFILE APPENDIX A: GLOSSARY /24/ :20:24 PM Page 3
4 Business Service Definition Query Person Service Service Overview The Query Person (QP) information service is a message key in the Law Enforcement Message Switch (LEMS) system that retrieves information on a person s MNJIS hot files and NCIC hot files, if any. QP begins with a query by agency personnel and ends with agency personnel receiving information regarding a person per MNJIS and NCIC Person Hot Files. See the following example: Service Inputs: Name (NAM) Date of Birth (DOB) Consumer of Service: BCA Criminal Justice Partner Provider of Service: MNJIS Hot Files and NCIC Hot Files Service Outputs: MNJIS and NCIC Person Hot Files Real World Effects The following is a list of effects of using this service: Summary A BCA criminal justice partner obtains MNJIS and NCIC Person Hot Files for the specified person. A User s application hub submits a service call to the BCA Enterprise Service Bus (ESB), which authorizes, authenticates, and validates the request. A valid request is then routed through the Law Enforcement Message Switch (LEMS) as a query to the required data sources, MNJIS Hot Files, and NCIC Hot Files. Either hot files or No Hit responses are returned to the BCA via the LEMS, is validated, and stored in the SQL Server database until the User Application Hub 11/24/ :20:24 PM Page 4
5 requests the response. The BCA ESB sends the hot file responses (if any) or No Hit response to the User Application Hub. Business Scenarios This service s resulting hot file data will be used by courts, law enforcement, and other BCA criminal justice partners in investigations on individuals in line with officially assigned duties. This may be in conjunction with, but not limited to an investigation of an individual s legal status in connection with an actual or alleged crime, search for missing persons, confirmation of identity or other cause; often in conjunction with a traffic offense, an incident response, an investigation, et cetera. Input Detail and Business Validation Rules Mandatory QP input includes the following criteria: Name (NAM) Date of Birth (DOB) The following validation rules apply to QP service calls: Data inputs must be submitted in upper case alphanumeric characters with special characters as required or permitted for each input field. See Appendix A: Glossary for definitions and business rules. Service Consumers and Access Rights The authorized users of the QP service are select BCA personnel and BCA criminal justice partners including but not limited to law enforcement officials, courts, probation officers, and parole officers. The QP service is query-only. No updates occur with this service. Service-Level Expectations Support Availability On call support for this service is available Monday through Friday, 8:00 a.m. to 4:30 p.m., except state holidays, through the BCA Service desk at telephone number: or Service Availability This service is designed to operate 24 hours a day, 7 days a week, 365 days a year. Though this service is intended to operate 24/7/365, the BCA s technical support of this service is limited to what has been identified in the Support section above. External Service Dependencies The Law Enforcement Message Switch (LEMS) must be available in order for the service to complete successfully. If LEMS is not available for more than 30 minutes an exception will be returned indicating that the LEMS service was not available for 30 minutes. Minnesota Person Hot Files, including the Gang File, Predatory Offender File, Protection Order File, Wanted Persons File, and Keep Our Police Safe (KOPS) File must be available to the BCA ESB via LEMS in order for the service to complete 11/24/ :20:24 PM Page 5
6 successfully. If MN Hot File services are not available, the call will be repeated to MN Hot Files until the service is available. NCIC Person Hot Files data are provided by the FBI and includes the Foreign Fugitive File, Gang File, Immigration Violators File, Known or Appropriately Suspected Terrorist File, Missing Person File, Protection Order File, Sexual Offender File, Supervised Release File, U.S. Secret Service Protective Order File, and Wanted Person File. NCIC Hot Files must be available to the BCA ESB via LEMS in order for the service to complete successfully. If NCIC Hot File services are not available, the BCA ESB will continue to attempt to access the NCIC Hot Files until the service is available. Service Maintenance Window The LEMS and the ESB are designed to function 24 hour per day, seven days per week. When LEMS is down, it is for patches or upgrades, usually occurring on Tuesdays or Wednesdays at 11:00 AM and lasting five to ten minutes or longer, depending on the activity. These downtimes are announced and occur on an as-needed basis. Service Downtime Notification The message returned during system downtime and/or unavailability will depend on the source system and the destination system. Messages returned will either indicate the host system is unavailable or the request timed out. Expected Response Times Responses from each system queried are delivered separately to ensure the return of information as it becomes available. Average response times vary depending on the responding system as described below. MN Hot Files Responses: NCIC Hot File Responses: Service Logging and Auditing Requirements within two seconds within thirty seconds Service consuming agencies are responsible for complying with FBI security policies in Criminal Justice Information Services (CJIS) Security Policy, Version 5.0, (CJISD-ITS-DOC ), including but not limited to logging and auditing requirements in section 5.4 Policy Area 4: Auditing and Accountability. Log files should be maintained for six years to meet State legislature auditor requirements. If a six year retention program is not feasible for the consuming entity, the consuming entity may submit to the BCA a written request for an exemption to the sixyear retention policy. The written request must include a detailed explanation describing the reason why the six year retention policy is not feasible and specify an alternative retention period. BCA management will consider each such request on a case by case basis. Note: Responses from the BCA contain confidential data. Agency staff, including employees and contractors, that can access logs containing confidential data provided by BCA services must be fingerprinted and have a criminal background check 11/24/ :20:24 PM Page 6
7 performed. An individual must pass the background check before access to service logs is allowed. Training and Certification The BCA shall ensure that security awareness training is provided at least once every three years to all personnel who manage or have access to FBI CJIS systems. All new employees who have access to FBI CJIS systems and all appropriate IT personnel shall receive security awareness training within six (6) months of their appointment or assignment. Documentation pertaining to the materials used and those employees which receive security awareness training shall be maintained in a current status. The BCA s responsibilities: 1. Within 6 months of employment or assignment train, functionally test, and affirm the proficiency of terminal (equipment) operators in order to assure compliance with FBI CJIS policy and regulations; 2. Biennially, provide functional retesting and reaffirm the proficiency of terminal (equipment) operators in order to assure compliance with FBI CJIS policy; 3. Maintain records of all training, testing, and proficiency affirmation; 4. Initially (within 12 months of employment or assignment) provide all sworn law enforcement personnel with basic training in NCIC 2000 matters to ensure effective use of the System and compliance with FBI CJIS policy regulation; 5. Make available appropriate training on NCIC 2000 System use for criminal justice practitioners other than sworn personnel; 6. Provide all sworn law enforcement personnel and other practitioners with continuing access to information concerning NCIC 2000/state Systems using methods such as roll call and in-service training; 7. Provide peer-level training on NCIC 2000 System use, regulations, policy, audits, sanctions, and related civil liability for criminal justice administrators and upperlevel managers; 8. Annually review all curricula for relevancy and effectiveness; 9. Instituted appropriate and reasonable quality assurance procedures for all federal and state System users; and 10. Ensure reasonably sufficient record management, for electronic and/or hardcopy case management systems, by ensuring that there are security standards, audit standards, and personnel training standards which allow accurate and up-todate records and proper/secure dissemination of the same. The BCA s Criminal Justice Partners responsibilities: 11/24/ :20:24 PM Page 7
8 Policies 1. The primary responsibility for the entry and maintenance of accurate, timely, upto-date and complete records lies with the entering agency. 2. Each agency is required to develop system security training that covers appropriate use, dissemination, and security requirements for their agency. BCA policy ADMINISTRATIVE POLICY NO for the BCA s general handling of public, private, and confidential data states the following: Data accessible to BCA personnel is often Private or Confidential Data; therefore, it is important to ensure the integrity of that data. BCA Personnel may only access those data sources, systems and storage devices they have authority to access strictly for the purpose of fulfilling their assigned job duties. Accessing a data source, data system or storage device for any other purpose is a violation of this policy and may also be a violation of the data practices act and/or federal law. To clarify this policy further, one may not access data on individuals known to the employee (e.g. family members, friends, daughter s boyfriend, etc.). If during the course of your duties you encounter information or a need to access information on any such individual, you should immediately report it to your supervisor so the task may be reassigned. Violation of this policy will result in discipline, which may include dismissal from employment, and may result in criminal prosecution. Please see the BCA s General Policies for complete text. The following statements are drawn from the Data Practices Assessment Checklist and provide additional details regarding how to execute the following rules and statutes. A clearly defined and stated purpose for a service is necessary to help a government entity decide what data it needs to collect. It can also help it determine if providing the data is mandatory or voluntary by data subjects. Copies of data on individuals taken for backup and recovery purposes, as well as those used for development, testing, training and certification, should be protected electronically (via encryption) and physically. Consider opportunities for loss, theft, or disclosure of data on individuals through premeditated, opportunistic and accidental means. A data subject can challenge data wherever it is maintained, even if the data did not originate in that agency. While not required, coordinating data challenges with the originating agency would be the most effective way for an entity to reach a determination as to data that didn t originate with their agency. Additionally, providing assistance to a data subject in locating inaccurate/incomplete wherever it is maintained would be a valuable customer service and best practice. Training and certification activities, while necessary for administration and management of programs, can be accomplished without the aid of private or confidential data on individuals. 11/24/ :20:24 PM Page 8
9 As a responsible business practice, private/confidential data on individuals should not be used by or disseminated to employees or contractors if their work assignments could be completed using surrogate data that is not private or confidential data on individuals. Development and testing activities, while necessary for administration and management of programs, can be accomplished without the aid of private or confidential data on individuals. If data elements or records are removed, hidden or altered to prevent the identification of individuals, it must be evident that: 1) the resulting data set does not contain private or confidential data on individuals, and 2) one could not easily reverse these alterations to reveal the original data. If a data subject successfully challenges the accuracy and/or completeness of data, the responsible authority must make every reasonable effort to notify those who accessed the challenged data. Knowing the classification of data determines who has access and for what purpose(s). Security measures are also based on the sensitivity / classification of the data. Therefore, anyone can have access to public data and can t be required to explain how it will be used. Statutes and Rules Rules Access to Public Data: procedures regarding data collection must be easily accessible to the public with free copies available Access to Private Data, subp. 2: only individuals within an entity whose work assignments reasonably require it can have access to private/confidential data. Individuals can include employees in an entity as well as contractors. Subp. 3: safeguards are in place to ensure individuals given access to data are the correct individuals Access to Private Data Concerning Data Subjects Who are Minors; a government entity must have a plan for reviewing the administration of their data collection and storage. Subpart 5, provides direction for the treatment of any unnecessary data. Subp. 3: procedures must be in place for parents to access information about their minor children Access to Confidential Data, subd. 2(A): only individuals within an entity whose work assignments reasonably require it can have access to private/confidential data. Individuals can include employees in an entity as well as contractors Duties of the Responsible Authority in Administering Private and Confidential Data, subp. 5: state and federal law may require certification or baseline training of users for a particular data system before data may be accessed Duties of Responsible Authority in Administering All Entity Data: the responsible authority is required to establish procedures to ensure that data are accurate, complete and current. 11/24/ :20:24 PM Page 9
10 Statutes MSS Access to Government Data, subd. 1, all government data is public unless it is otherwise classified by state or federal law. Subd. 2(b): procedures regarding data collection must be easily accessible to the public with free copies available. Subd. 4: data classification travels from one government entity to another. Unlike the general rule, criminal justice data often remains public at a local level and changes to private/confidential classification at the state level. Ex: arrest data is private at BCA, public at local law enforcement agency. MSS Rights of Subjects of Data, subd. 2: a data subject is entitled to a warning before private or confidential data are collected from them. Subd. 3: the responsible authority must prepare data subject access procedures. Subd. 4: procedures must be in place to allow data subjects to challenge the accuracy and/or completeness of data about him or her, to flag any data being challenged, and to post the subject s statement of disagreement. MSS Duties of Responsible Authority, subd. 3, a government entity can only collect private or confidential data on individuals that are necessary for the administration and management of programs specifically authorized by legislature or local governing body or mandated by the federal government. Subd. 4: Private or confidential data on an individual shall not be collected, stored, used, or disseminated by government entities for any purposes other than those stated to the individual at the time of collection, therefore, private or confidential data on an individual can only be collected from that individual if the individual is given a Tennessen warning. Subd. 2, provides an exception when an individual is asked to supply investigative data pursuant to 13.82, subd. 7, to a law enforcement officer. Subd. 5(2): the responsible authority is required to establish appropriate security safeguards for data on individuals. Subd. The BCA must maintain a contract with Dakota County requiring compliance to data practices. Subd. 8: the responsible authority must prepare data subject access procedures. Subd. 13: the names of the responsible authority/designees/data practices official for an agency must be publicized. When private or confidential data on an individual is collected from a third party, a Tennessen warning is not given to the individual. If a Tennessen warning was required but was not given, the statute provides that the government agency cannot use the data at all. Subd. 5(1): the responsible authority is required to establish procedures to ensure that data are accurate, complete and current. Subd. 9: not public data can only be shared with another government entity if a state or federal law requires it. MSS Comprehensive Law Enforcement Data, subd. 2; Private/confidential data are not available to the public. Data related to arrest/deprivation of liberty are public at the originating law enforcement agency but become private as part of criminal history data at the BCA. MSS Criminal Justice Data, subd. 1; Private/confidential data are not available to the public. Data related to arrest/deprivation of liberty are public at the originating law enforcement agency but become private as part of criminal history data at the BCA. 11/24/ :20:24 PM Page 10
11 MSS Government Records Administration: Data must be maintained according to an approved retention schedule. A specific individual is assigned the task of assuring compliance to records management laws and procedures. MSS , subdivision 1A establishes access to driver photo information from Driver and Vehicle Services. MSS , subdivision 7(d) establishes access to driver license address data. MSS 260B.171 Records, subd. 5; peace officer records on juvenile offenders must be kept separately from records on individuals 18 yrs and over. MSS 299C.095, 299C.10, 299C.11, 299C.13, 299C.14: a government entity can only collect private or confidential data on individuals that are necessary for the administration and management of programs specifically authorized by legislature or local governing body or mandated by the federal government (See MN Stat , subd. 3). MSS 299C.15 Cooperation; Criminal Identification Organizations: provides access to required data. MSS 299C.46 Criminal Justice Data Communications Network: provides access to required data. 11/24/ :20:24 PM Page 11
12 Business Use-Case Main Flow Query The Main Flow for this use case is described below. Pre-Conditions The following must occur before the flow begins: 1. The following inputs are known and provided: Name (NAM) and Date of Birth (DOB). Post-Conditions Success End-Conditions The following have occurred as a result of the successful completion of the main flow: 1. The query results in either hits or no hits. 2. Hits produce information contained in the person s MNJIS Hot Files and NCIC Hot Files data sources. 3. No hits reveal that the data sources queried have no information on the person in question. Failed End-Conditions The following have occurred as a result of the main flow failing: 1. One or more of the databases queried return an error message indicating information submitted was in some way erroneous. This may be due to a syntax error, missing data, a system failure, or a system being down. 2. The ESB security or archive service returns an error message to the agency hub reporting an error with authentication, authorization, or validation. 11/24/ :20:24 PM Page 12
13 QUERY PERSON (QP) REQUEST INSTANCE Consumer Application HUB ESB LEMS Request Service LEMS, Data Source Data Server M1. Submit Request M2. Authorize, Authenticate, Validate M2.A. Receive Error Message N Pass? Y M3. Translate M4. Place hold in data store M6. Receive Message Receipt M5. Archive Req. Msg. Receipt M7. LEMS Queue M8. Query Data Sources M11. Hold in data store M10. Translate M9. LEMS Queue Request Response M1. Submit Request A law enforcement agent (user) initiates a query from the Consumer Application Hub, or hub. His or her system puts the request in XML format encased in a SOAP envelope, which is sent to the BCA. M2. Authorize, Authenticate, Validate The security service performs an authentication and authorization of the hub s ID and password to confirm whether the consumer application hub may request a QP query. The message SOAP format is validated against the schema. Pass? If the authentication, authorization, and validation are successful, then the flow continues to M3. Translate. If the authentication, authorization, or validation is unsuccessful, then the flow continues to M2.A. Receive Error Message. M2.A. Receive Error Message The ESB sends an error message to the user, indicating either a failure to authenticate, pass authorization, or validate the schema. 11/24/ :20:24 PM Page 13
14 The user s hub receives the response message including the correlation ID. M3. Translate The XML message is translated to SIF format. M4. Place hold in data store A placeholder is placed in the data store. In this way, the data store is prepared to receive responses. M5. Archive Request Message Receipt The archive service archives the response message with correlation ID being sent to the hub. The full response to the client is archived, including the correlation ID for the request. M6. Receive Message Receipt The Consumer Application Hub receives a message confirming the query has been received, which includes a correlation ID. M7. LEMS Queue The query is placed in the LEMS Queue, where it waits until LEMS is able to process it. LEMS removes the query from its queue and directs it the required data sources. M8. Query Data Source MNJIS Hot Files. The inquiry is received by Minnesota Hot Files data source. This data source returns information on the individual. A hit generates a hit response with information. A no-hit generates a NO HIT response. MNJIS Hot Files queried include Gang File, Predatory Offender File, Protection Order File, Wanted Persons File, and Keep Our Police Safe (KOPS) File. NCIC Hot Files. The inquiry is received by National Crime Information Center (NCIC) Hot Files data source. Its databases return information on the individual. A hit generates a hit response with information. A no-hit generates a NO RECORD response. NCIC Hot Files queried include the Foreign Fugitive File, Gang File, Immigration Violators File, Known or Appropriately Suspected Terrorist File, Missing Person File, Protection Order File, Sexual Offender File, Supervised Release File, U.S. Secret Service Protective Order File, and Wanted Person File. M9. LEMS Queue The query is placed in the LEMS Queue, where it waits until LEMS is able to process it. ESB removes the query result from its queue and directs them to SQL Database. M10. Translate The SIF message is translated into XML. 11/24/ :20:24 PM Page 14
15 M11. Hold in data store The separate responses received through LEMS from the data sources are held separately, until the user hub retrieves them by correlation ID. Main Flow Request Response The Main Flow for this use case is described below. Pre-Conditions The following must occur before the flow begins: 1. The response from the data source is received, translated to XML, validated, and stored in the data store. Post-Conditions Success End-Conditions The following have occurred as a result of the successful completion of the main flow: 1. Parsed XML is returned to the client. 2. The consumer of the service has a drivers license image for the person in question. Failed End-Conditions The following have occurred as a result of the main flow failing: 1. The database queried returns an error message indicating information submitted was in some way erroneous. This may be due to a syntax error, missing data, a system failure, or a system being down. 2. The ESB security or archive service returns an error message to the consumer application hub reporting an error with authentication, authorization, or validation. 11/24/ :20:24 PM Page 15
16 QUERY PERSON (QP) RESPONSE INSTANCE Consumer Application HUB ESB LEMS Request Service Data Server Query Request M12. Request Response M13. Authorize, Authenticate, Validate M13.A. Receive Error Message N Pass? Y M14. Retrieve from data store M16. Validate M15. Create Response Y N All anticipated responses in? M18. Receive Response Message M17. Archive Request and Response M12. Request Response The consumer application hub requests responses for the query, sending the correlation ID as the transaction identifier. M13. Authorize, Authenticate, Validate The ESB authenticates the hub s identity and whether the hub is authorized to request the query results. Pass? If the authentication and authorization is successful, then the flow continues to M14. Retrieve from data store. If the authentication and authorization are not successful, then the results of the inquiry are withheld and an error message is sent to the hub; the flow continues to M13.A. Receive Error Message. M13.A. Receive Error Message The hub receives an error message indicating the ESB rejected the request due to a problem with authorization, authentication, or validation. M14. Retrieve from data store The query results are identified by correlation ID, copied from the data store, and brought into the ESB. M15. Create Response The various responses from the SQL database are formatted into a Response Message instance document. 11/24/ :20:24 PM Page 16
17 M16. Validate The Response Message instance is validated. Pass? If the response message is valid, then the flow continues to M17. Archive Request and Response. If the message is invalid, the results of the inquiry are withheld and an error response message is generated; the flow continues to M17. Archive Request and Response. M17. Archive Request and Response The valid response or error message response is sent to Archive Services. Either response is sent to the hub. M18. Receive Response Message The consumer application hub receives the response from the ESB in XML, in a SOAP envelope. All anticipated responses in? If one or more responses have not been received, the hub will repeat its request. This will continue until each of the message keys and their three data sources have given a valid response. The following fault conditions could exist: 1. One or more systems involved in this service is unavailable. 2. The service query request is unauthorized, fails to authenticate, or is invalid. 3. The data source returns an invalid response. 4. The service results request is unauthorized, fails to authenticate, or is invalid. Alternative Flows No alternative flows exist for this service. 11/24/ :20:24 PM Page 17
18 Technical Service Definition Accessing the Service Accessing the Query Person Information service is restricted to systems on the CJDN network that have access to the BCA s ESB. The Query Person Information Service interface is not discoverable. Once an agency is approved for access to this service, BCA will provide a document that includes access details. Pre-Conditions (Technical) MCJE compliant request Request is valid Request contains a valid instance of the BCA Header Access to this service is secured. The agency must have a valid MNJIS System user ID and password Post-Conditions (Technical) This is a read only service; therefore this service will not change the state or data All requests to and responses from this service will be archived Service Interface Provide Justice Partners the ability to submit Query Person requests. Responses from this service are retrieved using the BCA Asynchronous Messaging pattern as follows: 1. Upon submitting a Query Person request operation, the service returns a MessageReceipt that contains a unique correlation ID synchronously. 2. The service consumer will then make a RequestMessage request operation passing in the correlation ID obtained from the initial request. If the responses are available, an MCJE compliant ResponseMessage will be returned. If the responses are not available, an empty response will be returned by the service and the service consumer needs to make another RequestMessage request at a later time. Once an agency is approved for access to this service, BCA will provide a document that includes the WSDL. Message Format Communication to and from this service is handled using Simple Object Access protocol (SOAP). Request and Response messages are XML instances that are embedded in the header and body of the SOAP envelope. Both the Request and Response XML messages conform to the BCA s Schema standards. There are multiple Schema files that define the request and response formats. The sample exchanges 11/24/ :20:24 PM Page 18
19 are meant to demonstrate several but not all possible query/response scenarios and can be used as a basis for understanding how to use this service. Once an agency is approved for access to this service, BCA will provide a document that includes the schemas and sample messages. Submission Request/Response Messages The following is a list of the supported request operations (refer to the request message schemas): o QueryPersonRequest The response to the above requests is a MessageReceipt (refer to the MessageReceipt schema) that contains a unique correlation ID Retrieve Request/Response Messages The request for retrieving the responses is a RequestMessage (refer to the RequestMessage schema) The following is a list of the responses (refer to the response message schemas) that are wrapped in a ResponseMessage (refer to the ResponseMessage schema): o QueryPersonResponse Exception Conditions and Error Handling This service will return a SOAP Fault if there is an error with the Service Consumer initiated calls If the consumer s request contains improper data in the BCA Header or service request, the XML response will contain a FailureReason that describes the error During processing unhandled exceptions happen for unknown and unpredicted reasons. When an unhandled exception occurs, a Fault is returned to the consumer of this service. The Fault element will contain any known information about the unhandled exception. Security Profile Access to this service is limited to criminal justice agencies that are connected to the State of Minnesota Criminal Justice Data Network (CJDN). Workstations and servers that access the services must be granted access by IP address through the BCA s firewall in order to reach the servers where the service is running. The IP addresses of all computers directly accessing the services must be provided to the BCA so that firewall rules can be created. This service operates over HTTPS on TCP/IP port 443. An SSL certificate is required to be installed on any workstation or server consuming this service. SSL certificates can be obtained from the BCA. When configuring the endpoint in a consuming client or service, make sure that https is specified. 11/24/ :20:24 PM Page 19
20 Appendix A: Glossary DOB (Date of Birth) The subject s date of birth composed of year, month, and day. FORMAT: numeric, 0-9; two hyphens. BUSINESS RULES: Sequenced as YYYY-MM-DD, maximum 10 characters NAM (Name) - the name by which a person is known or designated. The NAM must include a minimum of last and first name. Middle name or initial and cadence are optional. FORMAT: alphabetic, A-Z, maximum of 138 characters, typed SURNAME, FIRST MIDDLE CADENCE. Special characters hyphen, comma, and space are accepted. BUSINESS RULES: The SURNAME is 50 characters maximum, the FIRST (name) is 30 character maximum, the MIDDLE (name) is 50 characters maximum, and the CADENCE is 4 characters maximum. First position must not be a blank, comma, or hyphen; must contain at least one, and only one, comma, which must not be preceded by a blank or hyphen. Two or more consecutive blanks or hyphens between characters are invalid. A hyphen must be preceded and followed by alpha characters. Hyphenated surnames are fully typed. First names may also be hyphenated. Compound surnames using a space are typed with the space. Hispanic names using the Spanish letter Y as a separator are typed with the Y. CADENCE has the following permissible values: JR, SR, II, III, IV, V, VI, VII, VIII, IX, and X; and must not exceed four characters. Complete names are to be used if available. No name or alias should be abbreviated unless the name exceeds the maximum field length. Should a name exceed the maximum field length, the initial(s) of the middle name(s) should be used rather than the full middle name(s). For first and last names, characters may be dropped from the end of the name to keep it within the maximum number of characters. Names must not be truncated (i.e. changing Jackson to Jack). All text after the space following a first name is recognized as a middle name. Accepted values for Cadence appearing after a space following a middle name are automatically recognized as a Cadence. When entering records for persons with only one name, the surname and an alphabetic X for other name(s) should be used; or the single name may be entered as both the first and last name. Abbreviations such as FNU, IO, LNU, MNU, NMI, and NMN should not be used. Periods (.) are not permitted within this data field. Use of periods will cause an error. Periods may be substituted with additional spaces or an alternate punctuation mark. See NCIC Code Manual for further details. 11/24/ :20:24 PM Page 20
21 NAM Examples SMITH, X SMITH, X X X SMITH, JACK JR II SMITH, JOHN HENRY SMITH, JOHN HENRY JR SMITH, JOHN H Q SMITH, JOHN HENRY LEWIS SR SMITH-JONES, JANE ELLE VON WRIGHT, JOHANNES HENRY CRUZ Y ROMERO, JUAN HENRIQUE NAM as Recognized by BCA Systems Last: SMITH, First: X (unknown) Last: SMITH, First: X, Middle: X, Cadence: X Last: SMITH, First: JACK, Middle: JR, Cadence: II Last: SMITH, First: JOHN, Middle: HENRY Last: SMITH, First: JOHN, Middle: HENRY, Cadence: JR Last: SMITH, First: JOHN, Middle: H Q Last: SMITH, First: JOHN, Middle: HENRY LEWIS, Cadence: SR Last: SMITH-JONES, First: JANE, Middle: ELLE Last: VON WRIGHT, First: JOHANNES, Middle: HENRY Last: CRUZ Y ROMERO, First: JUAN, Middle: HENRIQUE Private Service - A service that is only available internal to the BCA. That is, can only be consumed by other BCA services. Public Service - A service that it is available for anyone to consume. This includes anyone with access to a computer and the World Wide Web. Restricted Service - A service that can only be consumed after authorization and configuration by the BCA. 11/24/ :20:24 PM Page 21
STATE OF MINNESOTA DEPARTMENT OF PUBLIC SAFETY
STATE OF MINNESOTA DEPARTMENT OF PUBLIC SAFETY BUREAU OF CRIMINAL APPREHENSION Query Minnesota Motor Registration Information Service (QMV) Published On: Feb 09, 2012 Service Release Version#: 1.0 Prepared
More informationSTATE OF MINNESOTA DEPARTMENT OF PUBLIC SAFETY
STATE OF MINNESOTA DEPARTMENT OF PUBLIC SAFETY BUREAU OF CRIMINAL APPREHENSION Out-of-State Query Criminal History Record (QRN) Published On: September 21, 2010 Service Release Version#: 1.1 Prepared By:
More informationSTATE OF MINNESOTA DEPARTMENT OF PUBLIC SAFETY
STATE OF MINNESOTA DEPARTMENT OF PUBLIC SAFETY BUREAU OF CRIMINAL APPREHENSION POR Level 3 Offender Information Search Service (PORLevel3) Published On: 10/20/2009 Service Release Version#: 0.7 Prepared
More informationSTATE OF MINNESOTA DEPARTMENT OF PUBLIC SAFETY
STATE OF MINNESOTA DEPARTMENT OF PUBLIC SAFETY BUREAU OF CRIMINAL APPREHENSION Query Person Gun Check (QPGC) Published On: August 26, 2010 Service Release Version#: 1.4 Prepared By: Bureau of Criminal
More informationSTATE OF MINNESOTA DEPARTMENT OF PUBLIC SAFETY
STATE OF MINNESOTA DEPARTMENT OF PUBLIC SAFETY BUREAU OF CRIMINAL APPREHENSION Query Motor Registration Information Service (QMR) Published On: September, 2010 Service Release Version#: 1.0 Prepared By:
More informationSTATE OF MINNESOTA DEPARTMENT OF PUBLIC SAFETY
STATE OF MINNESOTA DEPARTMENT OF PUBLIC SAFETY BUREAU OF CRIMINAL APPREHENSION Out-of-State Driver s License, Driver s History, and Vehicle Registration Information Service Driver s License Query (DQ)
More informationState of Minnesota Department of Public Safety Bureau of Criminal Apprehension
State of Minnesota Department of Public Safety Bureau of Criminal Apprehension Sharing Bandwidth SERVICE SUMMARY Service Name Sharing Bandwidth Service Visibility Public Restricted Service Description
More informationRed Flags/Identity Theft Prevention Policy: Purpose
Red Flags/Identity Theft Prevention Policy: 200.3 Purpose Employees and students depend on Morehouse College ( Morehouse ) to properly protect their personal non-public information, which is gathered and
More informationUNIFORM GUIDELINES RED LIGHT CAMERA ENFORCEMENT
UNIFORM GUIDELINES RED LIGHT CAMERA ENFORCEMENT CULVER CITY POLICE DEPARTMENT AUTOMATED ENFORCEMENT DIVISION CITY OF CULVER CITY, CALIFORNIA Table of Contents SECTION 1- Purpose of Uniform Guidelines SECTION
More informationTIME SYSTEM SECURITY AWARENESS HANDOUT
WISCONSIN TIME SYSTEM Training Materials TIME SYSTEM SECURITY AWARENESS HANDOUT Revised 11/16/2017 2018 Security Awareness Handout All System Security The TIME/NCIC Systems are criminal justice computer
More informationGUIDE FOR INDIVIDUALS WHO ARE THE SUBJECT OF DATA
GUIDE FOR INDIVIDUALS WHO ARE THE SUBJECT OF DATA This document explains the rights of individuals (meaning natural persons) who are the subject of MnDOT data and how those individuals can obtain public
More information[Utility Name] Identity Theft Prevention Program
[Utility Name] Identity Theft Prevention Program Effective beginning, 2008 Minnesota Municipal Utilities Association Sample Red Flag policy I. PROGRAM ADOPTION The [Utility Name] ("Utility") developed
More informationSubject: University Information Technology Resource Security Policy: OUTDATED
Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from
More informationBCN Telecom, Inc. Customer Proprietary Network Information Certification Accompanying Statement
BCN Telecom, Inc. Customer Proprietary Network Information Certification Accompanying Statement BCN TELECOM, INC. ( BCN" or "Company") has established practices and procedures adequate to ensure compliance
More informationPrevention of Identity Theft in Student Financial Transactions AP 5800
Reference: Fair and Accurate Credit Transactions Act (Pub. L. 108-159) The Board recognizes that some activities of the Shasta-Tehama-Trinity Joint Community College District, "District," are subject to
More informationFLORIDA S PREHOSPITAL EMERGENCY MEDICAL SERVICES TRACKING & REPORTING SYSTEM
FLORIDA S PREHOSPITAL EMERGENCY MEDICAL SERVICES TRACKING & REPORTING SYSTEM END USER SECURITY POLICY MANUAL 1 INTRODUCTION... 3 2 INFORMATION USAGE AND PROTECTION... 3 2.2 PROTECTED HEALTH INFORMATION...
More informationSPRING-FORD AREA SCHOOL DISTRICT
No. 801.1 SPRING-FORD AREA SCHOOL DISTRICT SECTION: TITLE: OPERATIONS ELECTRONIC RECORDS RETENTION ADOPTED: January 25, 2010 REVISED: October 24, 2011 801.1. ELECTRONIC RECORDS RETENTION 1. Purpose In
More informationTechnology Control Plan
Technology Control Plan I. Statement of policy and assignment of responsibility The University of Illinois at Urbana-Champaign (UIUC) is committed to complying with the export laws and regulations of the
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Personnel Security Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationTable of Contents. PCI Information Security Policy
PCI Information Security Policy Policy Number: ECOMM-P-002 Effective Date: December, 14, 2016 Version Number: 1.0 Date Last Reviewed: December, 14, 2016 Classification: Business, Finance, and Technology
More informationOffice of Inspector General Office of Professional Practice Services
Office of Inspector General Office of Professional Practice Services Executive Summary In accordance with the Department of Education s fiscal year 2017-18 audit plan, the Office of Inspector General (OIG)
More informationProtecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors
Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors Presented by the Office of Housing Counseling and The Office of the Chief Information Officer Privacy Program
More informationSTOCKTON UNIVERSITY PROCEDURE DEFINITIONS
STOCKTON UNIVERSITY PROCEDURE Identity Theft Prevention Program Procedure Administrator: Director of Risk Management and Environmental/Health/Safety Authority: Fair and Accurate Credit Transactions Act
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationUnion Bank s NMLS REGISTRATION GUIDE. PREVIOUSLY REGISTERED Mortgage Loan Originator (MLO)
Union Bank s NMLS REGISTRATION GUIDE PREVIOUSLY REGISTERED Mortgage Loan Originator (MLO) Revised 4/17/2012 Table of Contents 1.0 S.A.F.E. ACT... 3 1.1 Background... 3 1.2 Registration Overview for s...
More information2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY
2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY Purpose: The purpose of this policy is to provide instruction and information to staff, auditors, consultants, contractors and tenants on
More informationAccess to University Data Policy
UNIVERSITY OF OKLAHOMA Health Sciences Center Information Technology Security Policy Access to University Data Policy 1. Purpose This policy defines roles and responsibilities for protecting OUHSC s non-public
More informationTraining Guide for Arkansas Law Enforcement Officers and Licensing Board Representatives
Training Guide for Arkansas Law Enforcement Officers and Licensing Board Representatives Arkansas Department of Health Prescription Monitoring Program March 2016 Contents Contents 1 Document Overview...
More informationEmployee Security Awareness Training Program
Employee Security Awareness Training Program Date: September 15, 2015 Version: 2015 1. Scope This Employee Security Awareness Training Program is designed to educate any InComm employee, independent contractor,
More informationColorado Sex Offender Management Board (SOMB) INTENT TO APPLY. as a POLYGRAPH EXAMINER. for the Adult and Juvenile Provider List
Colorado Sex Offender Management Board (SOMB) INTENT TO APPLY as a POLYGRAPH EXAMINER for the Adult and Juvenile Provider List Colorado Department of Public Safety Division of Criminal Justice Office of
More informationCellular Site Simulator Usage and Privacy
Policy 609 Cellular Site Simulator Usage and Privacy 609.1 PURPOSE AND SCOPE The purpose of this policy is to set guidelines and requirements pertaining to cellular site simulator technology usage and
More informationSecure Messaging Mobile App Privacy Policy. Privacy Policy Highlights
Secure Messaging Mobile App Privacy Policy Privacy Policy Highlights For ease of review, Everbridge provides these Privacy Policy highlights, which cover certain aspects of our Privacy Policy. Please review
More informationUniversity of North Texas System Administration Identity Theft Prevention Program
University of North Texas System Administration Identity Theft Prevention Program I. Purpose of the Identity Theft Prevention Program The Federal Trade Commission ( FTC ) requires certain entities, including
More informationEnterprise Income Verification (EIV) System User Access Authorization Form
Enterprise Income Verification (EIV) System User Access Authorization Form Date of Request: (Please Print or Type) PART I. ACCESS AUTHORIZATION * All required information must be provided in order to be
More informationBSA Youth Protection.
BSA Youth Protection BSA Youth Protection The Boy Scouts of America places great importance on creating the most secure environment possible for our youth members. To maintain such an environment, the
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationMINNESOTA GOVERNMENT DATA PRACTICES ACT
BELTRAMI COUNTY GUIDELINES AND PROCEDURES FOR THE MINNESOTA GOVERNMENT DATA PRACTICES ACT Right to Access Public Data The Data Practices Act (Minnesota Statutes, Chapter 13) presumes that all government
More informationGM Information Security Controls
: Table of Contents 2... 2-1 2.1 Responsibility to Maintain... 2-2 2.2 GM s Right to Monitor... 2-2 2.3 Personal Privacy... 2-3 2.4 Comply with Applicable Laws and Site Specific Restrictions... 2-3 2.5
More informationDISADVANTAGED BUSINESS ENTERPRISE PROGRAM. Unified Certification Program OKLAHOMA
DISADVANTAGED BUSINESS ENTERPRISE PROGRAM Unified Certification Program OKLAHOMA TABLE OF CONTENTS General... 1 Ratification Process... 1 Implementation Schedule... 2 Regulatory Requirements... 2 DBE Directory...
More informationSTATE OF NEW JERSEY. ASSEMBLY, No th LEGISLATURE. Sponsored by: Assemblywoman ANNETTE QUIJANO District 20 (Union)
ASSEMBLY, No. 0 STATE OF NEW JERSEY th LEGISLATURE INTRODUCED NOVEMBER 0, 0 Sponsored by: Assemblywoman ANNETTE QUIJANO District 0 (Union) SYNOPSIS Requires certain persons and business entities to maintain
More informationJudicial Inquiry System (JIS)
Judicial Inquiry System (JIS) Jessica Lunsford Act (JLA) First Appearance Calendar User Manual Office of the State Courts Administrator Updated March 5, 2018 Table of Contents ABOUT THIS DOCUMENT... 3
More informationData Processing Agreement
In accordance with the European Parliament- and Council s Directive (EU) 2016/679 of 27th April 2016 (hereinafter GDPR) on the protection of physical persons in connection with the processing of personal
More informationSLED Certification of 3 rd Party NCIC/SCIC Applications Overview February 2, 2004
SLED Certification of 3 rd Party NCIC/SCIC Applications Overview February 2, 2004 This document provides an overview of the program put into place by the South Carolina Law Enforcement Division (SLED)
More informationGeneral Information System Controls Review
General Information System Controls Review ECHO Application Software used by the Human Services Department, Broward Addiction Recovery Division (BARC) March 11, 2010 Report No. 10-08 Office of the County
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationDEPARTMENT OF JUSTICE. [CPCLO Order No ] Privacy Act of 1974; System of Records
This document is scheduled to be published in the Federal Register on 12/04/2017 and available online at https://federalregister.gov/d/2017-25994, and on FDsys.gov Billing Code: 4410-02-P DEPARTMENT OF
More informationStandard CIP 005 2a Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-2a 3. Purpose: Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s)
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationCustomer Proprietary Network Information
Customer proprietary network information (CPNI) means information that relates to the quantity, technical configuration, type, destination, location, and amount of use of our service by you and information
More informationUnion Bank s NMLS REGISTRATION GUIDE. UNREGISTERED Mortgage Loan Originator (MLO)
Union Bank s NMLS REGISTRATION GUIDE UNREGISTERED Mortgage Loan Originator (MLO) Revised 4/17/2012 Table of Contents 1.0 S.A.F.E. ACT... 3 1.1 Background... 3 1.2 Registration Overview... 3 1.3 Expenses...
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationIdentity Theft Prevention Program. Effective beginning August 1, 2009
Identity Theft Prevention Program Effective beginning August 1, 2009 I. PROGRAM ADOPTION Christian Brothers University developed this Identity Theft Prevention Program pursuant to the Federal Trade Commission's
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationBaseline Information Security and Privacy Requirements for Suppliers
Baseline Information Security and Privacy Requirements for Suppliers INSTRUCTION 1/00021-2849 Uen Rev H Ericsson AB 2017 All rights reserved. The information in this document is the property of Ericsson.
More informationEV^CLMH} MEMORANDUM OF UNDERSTANDING BETWEEN THE FEDERAL BUREAU OF INVESTIGATION AND
EV^CLMH} MEMORANDUM OF UNDERSTANDING BETWEEN THE FEDERAL BUREAU OF INVESTIGATION AND MARYLAND DEPARTMENT OF PUBLIC SAFETY AND CORRECTIONAL SERVICES INFORMATION TECHNOLOGY AND COMMUNICATIONS DIVISION FOR
More informationORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers
All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision
More informationTexas Department of Family and Protective Services
Texas Department of Family and Protective Services Automated Background Check System User Guide Fiscal Year 2009 (Revised on 10/1/08) Table of Contents Overview...3 Automated Background Check System...4
More informationShaw Privacy Policy. 1- Our commitment to you
Privacy Policy last revised on: Sept 16, 2016 Shaw Privacy Policy If you have any questions regarding Shaw s Privacy Policy please contact: privacy@shaw.ca or use the contact information shown on any of
More informationDonor Credit Card Security Policy
Donor Credit Card Security Policy INTRODUCTION This document explains the Community Foundation of Northeast Alabama s credit card security requirements for donors as required by the Payment Card Industry
More informationISSUE N 1 MAJOR MODIFICATIONS. Version Changes Related Release No. PREVIOUS VERSIONS HISTORY. Version Date History Related Release No.
ISSUE N 1 MAJOR MODIFICATIONS Version Changes Related Release No. 01 First issue. 2.8.0 PREVIOUS VERSIONS HISTORY Version Date History Related Release No. N/A N/A N/A N/A APPROVAL TABLE Signatures below
More informationeprost System Policies & Procedures
eprost System Policies & Procedures Initial Approval Date: 12/07/2010 Revision Date: 02/25/2011 Introduction eprost [ Electronic Protocol Submission and Tracking ] is the Human Subject Research Office's
More informationSeattle University Identity Theft Prevention Program. Purpose. Definitions
Seattle University Identity Theft Prevention Program Purpose The purpose of the program is to establish an Identity Theft Prevention Program designed to detect, prevent and mitigate identity theft in connection
More informationDigital Signatures Act 1
Issuer: Riigikogu Type: act In force from: 01.07.2014 In force until: 25.10.2016 Translation published: 08.07.2014 Digital Signatures Act 1 Amended by the following acts Passed 08.03.2000 RT I 2000, 26,
More informationVCheck Data-Entry User s Guide
VCheck Data-Entry User s Guide VIRGINIA S INSTANT CRIMINAL BACKGROUND CHECK SYSTEM FOR FIREARMS DEALERS Introduction to VCheck VCheck is Virginia s instant criminal background check program available via
More informationPostal Inspection Service Mail Covers Program
Postal Inspection Service Mail Covers Program May 28, 2014 AUDIT REPORT Report Number HIGHLIGHTS BACKGROUND: In fiscal year 2013, the U.S. Postal Inspection Service processed about 49,000 mail covers.
More informationGDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10
GDPR AMC SAAS AND HOSTED MODULES UK version AMC Consult A/S June 26, 2018 Version 1.10 INDEX 1 Signatures...3 2 General...4 3 Definitions...5 4 Scoping...6 4.1 In scope...6 5 Responsibilities of the data
More informationPolicy and Procedure: SDM Guidance for HIPAA Business Associates
Policy and Procedure: SDM Guidance for HIPAA Business (Adapted from UPMC s Guidance for Business at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/guidanceforbusinessassociates.pdf) Effective:
More informationPrivacy Policy on the Responsibilities of Third Party Service Providers
Privacy Policy on the Responsibilities of Third Party Service Providers Privacy Office Document ID: 2489 Version: 3.2 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2016,
More informationAcceptable Use Policy
IT and Operations Section 100 Policy # Organizational Functional Area: Policy For: Date Originated: Date Revised: Date Board Approved: Department/Individual Responsible for Maintaining Policy: IT and Operations
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationCognizant Careers Portal Terms of Use and Privacy Policy ( Policy )
Cognizant Careers Portal Terms of Use and Privacy Policy ( Policy ) Introduction This Policy applies to the Careers portal on the Cognizant website accessed via www.cognizant.com/careers ("Site"), which
More information1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010
Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes
More informationCOLORADO DEPARTMENT OF LABOR AND EMPLOYMENT Arapahoe Street Denver, CO
STANDARD PROCEDURE COLORADO DEPARTMENT OF LABOR AND EMPLOYMENT 1515 Arapahoe Street Denver, CO 80202-2117 Number... Effective Date...12/13/90 Supersedes... Revision Date... Executive Director's SP-71 Approval...
More informationJudicial Inquiry System (JIS)
Judicial Inquiry System (JIS) Active Warrant Alert Calendaring System (AWACS) User Manual Office of the State Courts Administrator Created March 5, 2018 Table of Contents ABOUT THIS DOCUMENT... 3 SCOPE...
More informationMissouri State Highway Patrol. OCN Query Application. Detailed Requirements Specification Version 1.3
Missouri State Highway Patrol OCN Query Application Detailed Requirements Specification Version 1.3 Table of Contents 1 Document Description... 6 1.1 Intent... 6 1.2 Executive Summary... 6 1.3 Overview...
More informationCell Phone Policy. 1. Purpose: Establish a policy for cell phone use and compensation allowance.
Cell Phone Policy 1. Purpose: Establish a policy for cell phone use and compensation allowance. 2. Authority: The Clinton County Board of Commissioners. 3. Application: This Cell Phone Policy (the Policy)
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationRed Flag Policy and Identity Theft Prevention Program
Unified Government of Wyandotte County and Kansas City, Kansas Adopted: 5/11/2011 Red Flag Policy and Identity Theft Prevention Program Authority: The Mayor and the Board of Commissioners are responsible
More informationOuachita Baptist University. Identity Theft Policy and Program
Ouachita Baptist University Identity Theft Policy and Program Under the Federal Trade Commission s Red Flags Rule, Ouachita Baptist University is required to establish an Identity Theft Prevention Program
More informationSecurity Control Mapping of CJIS Security Policy Version 5.3 Requirements to NIST Special Publication Revision 4 4/1/2015
U. S. Department of Justice Federal Bureau of Investigation Criminal Justice Information Services Division Security Control Mapping of CJIS Security Policy Version 5.3 s to NIST Special Publication 800-53
More informationSecurity policy 8/24/2012
SLED Overview of the FBI Criminal Justice Information Services (CJIS) Security Policy Version 5.1 8/09/2012 CJISD-ITS-DOC-08140-5.0 SLEDISO@SLED.SC.GOV ForOfficialUse Only 1 This session will be an overview
More informationIAFIS Overview. NGI Development. NGI Capabilities. NGI Implementation. NGI User Support UNCLASSIFIED 2
IAFIS Overview NGI Development NGI Capabilities NGI Implementation NGI User Support UNCLASSIFIED 2 UNCLASSIFIED 3 No national criminal repository prior to 1924 Fingerprints processed manually Integrated
More informationRed Flags Program. Purpose
Red Flags Program Purpose The purpose of this Red Flags Rules Program is to document the protocol adopted by the University of Memphis in compliance with the Red Flags Rules. Many offices at the University
More informationComputerized Central Records System
POLICY 111.2 Computerized Central Records System REVISED: 02/07, 09/11, 07/17 RELATED POLICIES: CFA STANDARDS: 34.13 REVIEWED: AS NEEDED A. PURPOSE The purpose of this policy is to establish procedures
More informationOhio Supercomputer Center
Ohio Supercomputer Center Security Notifications No: Effective: OSC-10 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original Publication
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationI. PURPOSE III. PROCEDURE
A.R. Number: 2.11 Effective Date: 2/1/2009 Page: 1 of 5 I. PURPOSE This policy outlines the procedures that third party organizations must follow when connecting to the City of Richmond (COR) networks
More information2. What is Personal Information and Non-Personally Identifiable Information?
Privacy Notice Snipp Interactive, Inc. Last Updated: February 11, 2016 Contents: 1. Introduction 2. What is Personal Information? 3. Information we collect about you 4. Use of Your Information 5. Location
More informationOffer Description : Cisco Webex
: Cisco Webex This (the ) describes Cisco Webex (the Cloud Service ). Your subscription is governed by this and the Cisco Universal Cloud Agreement located at www.cisco.com/go/uca (or similar terms existing
More informationAdobe Sign and 21 CFR Part 11
Adobe Sign and 21 CFR Part 11 Today, organizations of all sizes are transforming manual paper-based processes into end-to-end digital experiences speeding signature processes by 500% with legal, trusted
More informationSample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.
Sample BYOD Policy Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited. SAMPLE BRING YOUR OWN DEVICE POLICY TERMS OF USE This Sample Bring
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationAdvisory Circular. Subject: INTERNET COMMUNICATIONS OF Date: 11/1/02 AC No.: AVIATION WEATHER AND NOTAMS Initiated by: ARS-100
U.S. Department of Transportation Federal Aviation Administration Advisory Circular Subject: INTERNET COMMUNICATIONS OF Date: 11/1/02 AC No.: 00-62 AVIATION WEATHER AND NOTAMS Initiated by: ARS-100 1.
More informationINFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES
INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES 1. INTRODUCTION If you are responsible for maintaining or using
More informationVictim Assistance & Restorative Justice Program s Registrant/Victim Input at Offender Intake Form
Victim Assistance & Restorative Justice Program s Registrant/Victim Input at Offender Intake Form The Minnesota Department of Corrections goal is to promote safety in the lives of victims and others who
More information3 rd Party Certification of Compliance with MA: 201 CMR 17.00
3 rd Party Certification of Compliance with MA: 201 CMR 17.00 The purpose of this document is to certify the compliance of Strategic Information Resources with 201 CMR 17.00. This law protects the sensitive
More informationHIPAA Federal Security Rule H I P A A
H I P A A HIPAA Federal Security Rule nsurance ortability ccountability ct of 1996 HIPAA Introduction - What is HIPAA? HIPAA = The Health Insurance Portability and Accountability Act A Federal Law Created
More informationRequest for Qualifications for Audit Services March 25, 2015
Request for Qualifications for Audit Services March 25, 2015 I. GENERAL INFORMATION A. Purpose This Request for Qualifications (RFQ) is to solicit a CPA firm with which to contract for a financial and
More information