Minister of Justice and Attorney General Shirley Bond has issued the following statement:

"We received the auditor general's access and security audit on the JUSTIN system and thank him for his recommendations and the additional time he provided us to improve the system that integrates, manages and stores criminal case information from provincial justice agencies.

"Implementing the recommendations is a priority, and I directed Ministry of Justice staff to take immediate action. Already significant security risks in the JUSTIN system have been addressed.

"As a result of the recommendations in Mr. Doyle's report, information security for B.C.'s justice case-tracking system has been reinforced with stronger defence mechanisms to prevent unauthorized and inappropriate access.

"These changes have been made as a result of the ministry accepting all of the auditor general's findings in a recent access and security audit on the JUSTIN system.

"Specifically, the ministry has tightened access to sensitive information, enhanced security controls, and put in place new monitoring capabilities. In addition, an action plan and project team are in place to oversee an ongoing project that will address any remaining gaps and will ensure continuous improvement of the security of the JUSTIN system. This will be done in co-operation with the auditor general's office and we welcome the continued role that the auditor general will have in monitoring our progress.

"Information security is of vital importance in the 21st century. The ministry has every confidence in the JUSTIN system's security and how it guards against inappropriate access and protects sensitive data from unauthorized eyes."

Media Contact:

James Beresford
Government Communications and Public Engagement
Ministry of Justice
250 387-8119

Enhanced JUSTIN security

• System access is now regularly monitored to immediately detect compromised accounts or inappropriate access.

• System administrators must now use a secure access gateway to connect to any high-security justice database. Direct connections from non-government computers are no longer possible. Security has also been heightened with more complex password policies for authorized users.

• Access to JUSTIN for government employees outside of the Ministry of Justice won't be granted unless a valid business need can be proven and appropriate approvals received.

• Training materials and guidelines are being updated to ensure data in the system is properly classified and secured.

• All contractors with access to JUSTIN must undergo a criminal record check. Information technology support contractors also face more enhanced security screening.

• Criminal record checks for employees are under evaluation and changes are underway.

• Permissions have been removed for employees who no longer need to use JUSTIN, or only require limited access, due to a job change or a shift in their responsibilities.

• With the creation of a single Ministry of Justice, the responsibility of the full set of justice applications, including CORNET and JUSTIN, is now under a single chief information officer. Lessons learned from one system will now be applied throughout the rest of the applications. These changes should prevent the gap that resulted in the auditor general's assessment.

• In order to address the issue of user access to Reports to Crown Counsel (RCCs), the following changes have been made:

• The number of users has been reduced by 800 and monitoring has been put in place for those who have access.

• Active, sensitive RCCs have been reviewed to ensure access has been applied properly. Work continues with Crown counsel on implementing changes to JUSTIN that refine access privileges on a "need to know" basis.

Media Contact:

James Beresford
Government Communications and Public Engagement
Ministry of Justice
250 387-8119