By: Joe Robbins, equivant Corrections’ Product Implementation Specialist
Determining access levels for your Jail Management System (JMS) is not as complicated as it might first seem. With a few methodical steps, you can ensure the right staff members have the right permissions according to their roles and responsibilities.
Here is a step-by-step guide to help you determine access levels:
Conduct a Needs Assessment
- Define your agency’s workflows and map out the processes that the JMS will support.
- Determine needs by identifying what each user or group needs to do within the application.
Identify User Roles
- Administrators: Typically have full access to all system features and data.
- Supervisors: Need access to inmate records, booking information, and daily logs, etc. and some administrative functions as decided by the agency.
- Line Officers: Need basic access to inmate records, bookings, daily logs, etc.
- Medical Staff: Require access to inmate health records and medical histories.
- Case Managers: Need access to inmate case files and rehabilitation plans.
- External Auditors: May need read-only access for compliance and review purposes.
- IT Staff: Require access for maintenance, troubleshooting, and system updates.
Define Access Levels
Once it is determined which staffing groups need access to what data, the level of access/control over that data must be established. It is best practice to apply the principle of “least privilege” and grant users the minimum access needed to perform their jobs. Those access levels might look like this:
- Full Access: For administrators who manage the system. This includes the ability to delete information from the system and should be highly guarded.
- Mix of Full and Read/Write Access: For those supervisory or special assignment staff members a mix of Full Control and Read/Write Access may be appropriate, keeping in mind the principle of least privilege.
- Read and Write Access: For staff who need to update records, such as line officers, supervisors, and medical/support staff.
- Read-Only Access: For roles that only need to view information, like external auditors, vendors, etc.
- Restricted Access: For sensitive information, which may only be accessible to certain roles (e.g., medical records for medical staff only).
Create Access Control Policies
Unfortunately, we live in an age of ever-present security threats to our data. It is vital that the data in our control, especially personally identifiable information (PII)and Criminal Justice Information Service (CJIS) data be adequately protected. Policy enacted to protect this data might include:
- Authentication: Implement strong authentication mechanisms (e.g., multi-factor authentication).
- Data Segregation: Ensure data is partitioned appropriately to prevent unauthorized access.
- Logging and Monitoring: Keep logs of access and changes to detect and respond to unauthorized activities.
- Regular Audits: Conduct regular audits to ensure compliance with access policies and to detect unauthorized access.
- Segregation of Duties: Ensure no single individual has control over all aspects of a critical process.
- Training and Awareness: Ensure all users are trained in the importance of data security and access controls.
By following these guidelines, you can ensure that your Jail Management System is secure, access to sensitive information is properly controlled, and that each user has the appropriate access level. This will enhance security and efficiency within your agency, streamline workflows, and improve processes. If you’d like to discuss your JMS or access to mission-critical software, please contact us.