Security

Putting a Finger on Compliance Control

Finance director of a Florida city signs off on the solution to a police-department dilemma: increasing security of workstations with a new device.

By Sandra Gittlen

Last year, administrators in the City of Winter Park, Fla., realized they had a serious compliance risk in their police department. The FBI’s Criminal Justice Information Services Division has regulations that call for tight access controls for records. However, many officers share workstations and, therefore, also share passwords. The solution, they realized, was to deploy fingerprint scanners that would enable individual authentication.

“CJIS calls for two-factor authentication and we concluded the best – and least expensive – way to deal with that was the use of biometrics,” says George Maldonado, the city’s systems administrator.

Heading in a new direction like this required the sign-off of city finance director Wes Hamil and other Winter Park executives. “We considered it a pretty important matter, and fit it into the 2010 budget,” Hamil says.

With biometrics scanning, police officers place their finger on a digital reader during sign-on, and are immediately verified. This way, the city can prove federal compliance and, if need be, investigate data loss at a granular level.

Executives were so impressed with the protection and risk mitigation fingerprint scanning provides that they decided to roll out the technology, in this case Digital Persona’s 4500 USB Fingerprint Reader, to all the city’s 520 employees. “We had password-sharing throughout other departments, including fire, public works and city hall. Using fingerprint scanning at all city workstations eliminates this and deters password theft,” Maldonado says. (Among others making fingerprint scanners are Fujitsu, IdentiMetrics, Identix, and SecuGen.)

Although Hamil was not involved in the selection process for the fingerprint scanning devices – managing only the budget approval -- he says that compliance and other issues that have repercussions for finance are forcing a change in this approach. “IT and finance have been working closely together on a lot of projects,” he says.

For instance, allowing the city’s more than 28,000 residents to pay their bills with credit cards requires Hamil to ensure transactions are being carried out in accordance with the federal government’s Fair Credit Billing Act and Red Flag Rules. Hamil, IT and other city executives must keep a written plan that examines the potential for customer/citizen identity theft and how to stop it.

Auditing is another impetus for a stronger relationship between IT and finance in Winter Park, even though finance doesn’t report to IT in the city’s organizational structure. As Hamil notes, “IT has a big impact on our financial statements and the safeguarding of data – that’s creating a necessary bond between us.”