Click here to see the Terms & Conditions for a sole user.
Click here to see the Terms & Conditions for multiple users.
Click here to see the Terms & Conditions for all users.
Mobile Device Security Policy (Mobile Phones and Tablets)
Mobile devices may now be used to access to CJSM, however BEFORE using mobile devices can be used the organisation must do two things:
- Sign and return the relevant Mobile Device Security Policy to the CJSM Helpdesk
- EVERY user within their organisation must sign up to the Mobile Device Security Policy before being allowed to use the mobile device with CJSM. The organisation must hold these signed Mobile Device Security Policy and produce them to the Ministry of Justice or their representative upon request.
There are two versions of the Mobile Device Security Policy:
- Mobile Device with a Mobile Device Management (MDM) system installed
- Mobile Device without an MDM system
Please select the version appropriate to your organisation. Thank you.
Click here to see the Mobile Device without an MDM installed
Click here to see the Mobile Device with a Mobile Device Management (MDM) system installed
Is Windows 8 BitLocker approved for use with CJSM, even though it hasnít been accredited to FIPS140-2 yet?
As Windows BitLocker has previously received FIPS 140-2 accreditation and Windows 8 BitLocker has been entered into the accreditation process we will accept Windows 8 BitLocker as suitable encryption for use with CJSM.
CJSM may be accessed by secure WiFi but NOT by unsecured WiFi as the initial transmission to the website may be intercepted and subsequently the user log in details captured.
Are there prohibitions on storage of such e-mails "in the cloud" or on non-UK based servers?
Yes, information transmitted by CJSM may NOT be stored on unapproved 'cloud' services there are two main reasons for this:
- 1. It is unlikely the data will be stored in the UK and laws in the 'holding' country may give them access to UK Government data.
- 2. The DPA requires that data is protected and managed within the EEA (or Safe Harbour). By hosting it on standard cloud services we don't know where the endpoint we are connecting to is located (outside of EEA?) and whether it meets DPA requirements.
As a point to note, we are happy for 'cloud' service providers, whose servers reside within the UK, to apply for accreditation to connect to CJSM. Enquiries should be sent via the CJSM Helpdesk, email@example.com, or 0870 010 8535.
Can I use collaborations tools "in the cloud" to share information with expert witnesses?
No, as above, data transmitted by CJSM may not be stored on unapproved 'cloud' services.
Can I send data received by CJSM onto other organisations involved in the case, such as expert witnesses, across the open internet?
If the client agrees to the transfer of data to the expert witness across the internet then yes, this is acceptable. However, if the data includes data of any other individual then, no, it is against the terms and conditions of use of CJSM to send the information in the clear across the open internet. However, expert witnesses are eligible to join CJSM - we already have a number of such users including many DNA testing laboratories, etc. Alternatively, you may use another form of commercial encryption to protect the email, however the data will still need to handled in accordance with the CJSM Terms and Conditions.
Will I be able to turn up at Court with my standard laptop and access the repository using the Court supplied WiFi, download the file and later store this on my case management system hosted remotely in some place, I know not where?
CJSM should be only be accessed wirelessly via a secured WiFi connection - even within the court environment, or via a 3G connection, (security is inherent within 3G connections). Hotspots or unsecured Openzones should not be used.
The laptop must have hard disk encryption - this is available readily and freeware versions are also available, any removable media, e.g. USB flash drives must also be encrypted.
Data should only be stored on suitably protected servers, i.e. information and equipment can only be accessed by authorised individuals, and, as above, the servers should be within the UK.
Can I access my CJSM email on my home computer?
Yes, as long as your computer complies with the CJSM Terms and Conditions for Single Users. Please contact the helpdesk for a copy (Contact details are provided at the end of this document). Or you can find them at the top of this page
No, the terms of connection to CJSM does not prohibit the use of mobile devices e.g. smartphones, tablets, etc. Such devices also need to encrypt any information held on the device when at rest as well as in transmission. The configuration details of the device need to be submitted to the CJSM Helpdesk for approval.
Why is encryption necessary on all mobile devices?
The Government has a duty of care for all personal/commercial data it holds and works hard to ensure data held on government systems is secure. It also has a duty of care to ensure any personal/commercial information passed to third parties is adequately protected by the recipient organisation. Connection to CJSM requires organisations to implement the advice of the Information Commissioners Office: "The ICO recommends that portable and mobile devices including magnetic media, used to store and transmit personal information, the loss of which could cause damage or distress to individuals, should be protected using approved encryption software which is designed to guard against the compromise of information". More information is available at http://www.ico.gov.uk/news/current_topics/Our_approach_to_encryption.aspx
Can I send my client's information relating to their case over the open internet?
Yes, but only if your client has signed a disclaimer to say they understand the risks of sending information across the internet and are willing to receive the information by email. However, in line with the DPA and CJSM terms and conditions, you cannot send any information across which contains details of anyone else involved with the case without their consent e.g. victims and witnesses. (N.B. Individual citizens are not eligible to join CJSM).
Can I take my laptop into the prison when visiting with my client?
It is at the prison's discretion. Please contact the relevant prison in advance to request permission to bring your laptop into the prison.
The terms and conditions require my organisation to have a business focussed risk assessment ISO 27002. We are a small/medium organisation and we don't have the resources/funds to carry out this assessment?
Connection to CJSM requires organisations to adhere to industry good practice for data protection. ISO 27002 provides a framework for assessing IT security. It is not necessary to have a specialist consultant carry out the assessment. The government website, Business Link http://www.businesslink.gov.uk/bdotg/action/layer?topicId=1079818481, provides an IT security assessment tool, advice and links for further information. This is sufficient for a small to medium sized organisation.
Who can I email securely from CJSM?
You can email any other user of CJSM securely, i.e. those with cjsm.net within their email address. You can also securely email anyone with
- .nhs.net (NOT .nhs.uk)
by adding.cjsm.net. Please note - all criminal justice organisations. Police, CPS, Courts, Prisons, Probation and YOTs are fully aware of CJSM but staff in other government departments may not be.
Is there any training for CJSM users or Organisation Administrators?
Yes, an online training package is available at www.cjsm.justice.gov.uk/training. More information on the service itself is also available on this website.
Who can I contact if I need more help?
The CJSM Helpdesk are open from 8am on 7pm and can be contacted on 0870 010 8535 or by email at firstname.lastname@example.org