JusticeONE Security Policy: Authorization Requirements for User Access Changes
Roles and permissions are the "keys" to the virtual environment that houses an agency's data. Just as a locksmith wouldn't cut a key to a building without the owner's permission, we too cannot issue roles/permissions without the same.
The government entity (municipality, county, state agency, etc.) owns the data, not any one person. This is necessary in order to avoid issues should any one person become incapacitated, unavailable, or unsuitable to fulfill the responsibilities of the office they hold.
At JusticeONE, safeguarding the security and integrity of customer data is our highest priority. While the JusticeONE system itself is designed with robust security measures, certain administrative actions—particularly those executed by individuals with Super-Administrator privileges—have the potential to compromise data integrity.
To mitigate these risks, the following actions require an exigent circumstance, as well as a formally signed, written request from a manager with administrative authority (usually an agency head) over the affected user(s). The request should be on official agency letterhead whenever possible.
Actions Requiring Written Authorization
A hand-signed memo is required for the following:
- User Credential Creation – Establishing new user accounts in JusticeONE, VCMS, or NRMS, regardless of access level.
- Modification of User Roles & Permissions – Adjusting user roles, permissions, or any other access controls in JusticeONE, VCMS, or NRMS.
- NCIC/Shield of Justice Account Creation – Establishing a new JusticeONE NCIC/Shield of Justice account.
- TAC-Level Promotion – Promoting an existing JusticeONE NCIC/Shield of Justice account to Terminal Agency Coordinator (TAC) level.
Memo Requirements
To process any of the above requests under JusticeONE employee credentials, the memo must include the following:
- The name and email address of the user whose account is being created or modified.
- The name and position or title of the individual with administrative authority issuing the request.
- A clear directive instructing JusticeONE to act on behalf of the agency to create or modify the specified records.
- The handwritten signature of the requesting authority.
- A sample letter in is attached to this Article, in a format that should be compatible with most letterheads.
Alternative Authorization:
For the creation or promotion of a JusticeONE NCIC/Shield of Justice account, a copy of the individual's appointment letter to the state's CJIS authority, designating them as a Terminal Agency Coordinator, may be accepted in place of a memo.
Actions That Do Not Require a Memo
A written authorization memo is not required for the following:
- Self-Service Administrative Actions – Assisting an existing administrative user in performing any of the above actions under their own account.
- User Role & Permission Inquiries – Helping users determine their current roles or privileges.
- Password Resets (Self-Service Available) – Resetting any password for which a self-service option exists.
- Password Changes (No Self-Service Available) – If a self-service reset option is not available, a memo is required to change a password. (This applies only to VCMS or NRMS.)
- Courtware Hosting Active Directory Credentials – Creating Active Directory credentials for access to hosting servers does not require a memo, as security enforcement for hosted applications is handled at the application level.
- JusticeONE Default Directory Re-Invitations – Re-inviting a user to the JusticeONE Default Directory does not require written authorization.
- Account Deactivations - since deactivations pose no risk to data integrity, deactivations may be processed based solely on the request. However, a clear requester for the deactivation needs to be noted in the ticket in case the deactivation request is later deemed inappropriate by the submitting agency.
For further assistance, please contact our support team.