We have law enforcement agencies that are interested in Laserfiche Cloud however I need to ensure that Laserfiche Cloud is (or can be configured) to be compliant with CJIS Standards for CJI. Are there any considerations for an organization considering a move to Laserfiche Cloud?
Question
Question
Answer
Hi Nathan,
While Laserfiche Cloud meets many compliance standards, including undergoing an annual SOC 2 Type 2 audit, CJIS is not currently one of them. The current U.S.-based Laserfiche Cloud offering is based in AWS's commercial regions, not AWS GovCloud. As I understand it, there are technical, policy, and personnel controls required for CJIS compliance that are only present in AWS GovCloud at this time.
Law Enforcement agencies looking for a cloud-based option to store CJI in Laserfiche can self-host Laserfiche in AWS GovCloud or Microsoft Azure Government. Both offer CJIS compliance resources, some of which you can find below:
Building CJIS Compliant Solutions in AWS GovCloud
Criminal Justice Information Service Compliance on AWS
CJIS Security Policy on AWS - Quick Start
Microsoft 365/Azure Government CJIS Overview
Azure CJIS Implementation Guidelines
This is excellent, thanks for the clarification!
Welcome!
Sam, do you know if there are any plans to offer it in the AWS GovCloud in the future?
Bryan, while on our radar, it's not something we're actively working toward at the moment. Offering Laserfiche Cloud on AWS GovCloud in and of itself doesn't accomplish much. What organizations are really after is CJIS and FedRAMP compliance for the solution as a whole. While the SOC 2 controls Laserfiche Cloud currently addresses mostly overlap with CJIS/FedRAMP by merit of their shared basis in NIST SP 800-53, there are numerous areas that would require small changes for full alignment, not to mention the audit work itself.
We're currently focusing our Laserfiche Cloud development efforts in two main areas:
- Achieving functional parity with self-hosted systems
- Enabling ways for self-hosted systems to leverage Cloud features
Once we're satisfied with the progress on those fronts, we'll likely turn to addressing more specific use cases like CJIS.
Any updates on CJIS compliance with Laserfiche Cloud?
No updates for CJIS on Laserfiche Cloud at this time. It's something we remain aware of. If you have specific customers with CJIS workloads that are interested in migrating to Laserfiche Cloud, it would be helpful if you reached out to your Laserfiche sales contact with the list. This can help us gauge demand and prioritize accordingly during long-term roadmap planning.
CJIS compliance for a SaaS offering is both a huge amount of upfront and ongoing work to check all the boxes and has significant associated expenses, especially if we have to use higher cost AWS Gov Cloud services on the backend.