Lakewood Police Department
Policy and Procedure
                    		 Effective Date: 12/15/2023
Policy Number: PP-3740 - Criminal Justice Information System Access and Security


A. Policy

It is the policy of the Lakewood Police Department that all criminal justice information (CJI) obtained will be used for law enforcement purposes only and only by members who have a need and right to know the specific information.  

B. Procedure 

1. Authorized criminal justice information consists of CCIC, NCIC and Department of Revenue files, the Records Management System (RMS) and other programs or files that are law enforcement restricted or confidential.  Access to these files is limited to those employees trained and/or certified in their use.
 
2. Employees are required to read and accept the CCIC/NCIC Document of Understanding, when completing the user test and prior to receiving an operator security number (OSN).
 
3. Operator security numbers (OSN) and associated access are the responsibility of the authorized user. OSN's shall not be provided to any other person.
 
4. Passwords and password security are the responsibility of the authorized user.
 
a. Passwords shall not be badge or employee numbers, dictionary words or proper names, not identical to last ten passwords, not displayed when entered, or transmitted in the clear outside the secure location.   
 
b. Individual passwords shall not be provided to any other person.                                    
 
5. Sworn personnel and agents assigned to the Internal Affairs Unit shall have, or be provided, access to any CCIC record for investigative or other authorized purposes.

C. Rule 

1. Restricted or confidential computer programs and files shall be used for official criminal justice purposes only.  LPD will control access to CJI including remote access and visitor escort of unauthorized personnel.
 
2. Information obtained through CCIC/NCIC and other restricted or confidential computer programs and files shall not be shared with any individual not having authorization or a need to know or receive that information.  
 
3. When leaving a computer workstation with access to restricted or confidential computer programs and files, personnel shall ensure they log off or lock the computer. 
 
4. Employees will not query any criminal justice information system for personal reasons, including but not limited to curiosity or non-criminal investigations.
 
5. The Colorado Bureau of Investigation will be notified of security events such as identified system weaknesses or when an employee violates any of the rules and procedures involving the use of CCIC, NCIC, or the Department of Revenue files.
 
6. All CJIS access authorized users will complete documented basic Security Awareness and specific information system security Training, with records kept current and maintained as required by CJIS Security Policy. Training is based on various roles in CJIS related assignments.
 
7. CBI is authorized to conduct triennial or random audits to ensure compliance with applicable statutes, regulations and policies. 
 




NEXT: PP-3000 - Technology & Computer Software Assessment