On-line Electronic Records Access Application

Version 3.0

January 2015

Process to Submit an On-line Electronic Records Access Request 3

Florida Courts On-line Records Access Application - 2013 4

OVERVIEW 4

TECHNICAL 4

Application 4

Access 5

Vendor 6

Security and Continuity of Operations 6

ATTACHEMENT A - Certification Statement 7

ATTACHMENT B – DOCUMENTATION OF ON-LINE ELECTRONIC ACCESS SYSTEM ACTIVITIES……………….…………….8

ATTACHEMENT C - Monthly Status Report TEMPLATE 9

Process to Submit an On-line Electronic Records Access Request

Step One.

The Supreme Court and the Office of the State Courts Administrator (OSCA) continue to monitor and coordinate all initiatives related to on-line electronic records access to court files. The FCTC has developed a template to be used to show how each Clerk of Court/Court meets a series of requirements, or to submit when they are in the process of developing an electronic records access System. Each system will be required to go through a 90-day pilot period that will include monthly reports and an audit after the 90 days.

Step Two.

The application for approval must be emailed to the OSCA’s Information Systems Services at
to be forwarded to the Access Governance Board for their review and recommendation to the Supreme Court.

Step Three.

If an application for on-line electronic records access is approved by the Supreme Court, the Chair of the Florida Courts Technology Commission, via OSCA will issue a Letter of Authorization to the Clerk of Court/Court to begin implementation of the pilot that must be in place for a minimum of 90 days, or as long as needed to address any system issues. Reporting criteria has been established to ensure the on-line electronic records access is working in a secure manner in accordance with the Access Security Matrix and the Standards for Access to Electronic Court Records. The Access Governance Board may request logins for all user types to ensure the on-line records access system is working appropriately; may request that the pilot last for more than 90 days; and may conduct an additional review or site visit. See Attachment C for reporting requirements. Associated test reports, and other required information shall be sent to OSCA. To ensure the system is working appropriately, access accounts for all roles in the security matrix shall be provided to OSCA for the audit, which will be conducted when the applicant feels that they are at the conclusion of the pilot.

Step Four.

When the pilot and audit are completed and the on-line electronic records access system has demonstrated compliance with the Standards for Access to Electronic Court Records for 90 days, a Letter of Approval will be issued by the chair of the Florida Courts Technology Commission. The applicant may then proceed with implementation of their system including removing the need for subscriber for the general public and access can be done anonymously.

Florida Courts On-line Records Access Application - 2013

OVERVIEW

Circuit & County OR District Court:

Application Name:

Application Developer Name (Provide vendor name or designate In House):

Date:

Contact Person:

Anticipated Start Date for the Development or Implementation of the System:

Anticipated System Implementation Date after approval (estimated date can be given in days, weeks, months, or a specific date after approval):

TECHNICAL

Application

  1. Describe the vendor or in-house application system that will be handling the on-line access from the public and other authenticated users.
  1. Describe the level of information that will be accessed on-line (case types) at this time, and any plans for expansion in the future.
  1. Describe replication methods for data that is accessed outside the judicial group.
  1. Judicial Access Group: This group may have direct access to non-replicated files, so please describe how users are setup to limit direct access to those that have a work purpose?
  1. Describe how sensitive data is secured at the data exchange level by showing what security features you have in place including trusted paths, encryption, and authentication.
  1. Does your case management or web interface have the ability to identify and designate confidential information at the case, party, docket and image levels independently?
  1. Describe how confidential information that is identified through a Motion to Determine Confidentiality of Court records is handled to ensure any data deemed confidential by the court is included in the redaction process.
  1. Describe the search parameters that are available for the general public and for authenticated users.
  1. Describe how data transfers are monitored to identify and mitigate abuse issues.
  1. Describe quality control procedures used to ensure the accuracy of information, completeness, quality of images, and proper redaction of images.
  1. Describe the methods by which redaction of confidential information is performed, the redaction audit process to ensure quality assurance, and how updates on confidentiality requirements resulting from legislation or court rules are incorporated.
  1. Provide written overview and diagrams of the hardware and software components of the system.

Access

  1. Describe how users and the public will access the system (web services portal, published web site etc).
  1. What authentication process do you use to verify the role and credentials of users who are not members of the general public?
  1. What process is used for non-general public users to register for access to records?
  1. Who makes the determination as to appropriate level of access for non-general public users, and how is that determination made?
  1. By what means do you ensure that agencies have a gatekeeper responsible for controlling agency employee access to records? What responsibilities are imposed on agency gatekeepers to ensure authorized access to records?
  1. What process is used to ensure that disbarred or suspended attorneys do not have attorney level access to records?
  1. Describe how the levels of access provided to the roles are aligned with the Access Security Matrix.
  1. How is confidential information protected from access? (please describe automated system and manual processes)
  1. Will you have a category of files viewable upon request or will you redact and make all files viewable regardless of request status? What is the process used for to request access to records by View on Request?
  1. If files are redacted and made available upon user request (View on Request), describe how the user is informed the file is available for viewing.
  1. If notification of a file available for viewing includes a URL link to the file, please describe how you prevent links from being cut and pasted by using encryption or other security methods.
  1. How do you notify a user that a request for access has been granted or denied?
  1. Are fees charged for viewing the court files remotely (including account creation, access management or document viewing, printing or downloading)? If yes, please include details including the applicable fee schedule.
  1. Are fees charged to view the court files from a public access terminal or kiosk at the courthouse?

If yes, please include details including the applicable fee schedule.

  1. Do you have any fee waiver provisions not otherwise provided in the statute?

Vendor

  1. If contracting with a private vendor:
  2. Provide confirmation that ALL unauthorized data mining activities will be prohibited.
  3. Provide confirmation that the release and/or distribution of court data will be limited to what is defined by law and further described in the Standards for Access to Electronic Court Records and Access Security Matrix.

Security and Continuity of Operations

  1. Besides authentication levels based on roles, describe other security processes in place to protect the confidentiality, accessibility, and integrity of the records. Include information about antivirus, firewalls, and other security methods, appliances, and software, and how the system and access accounts are backed up.
  1. Describe the frequency of replication to the electronic files that will be accessed outside the judicial group.
  1. Provide documentation of methods and processes for granting, removing, or denying access for a user.
  1. Provide documentation of the human processes for: (1) reviewing court records for confidential information; and (2) proper identification and processes for handling public access requests.

ATTACHMENT A

Certification Statement

I hereby certify that once the attached on-line electronic records access application is implemented it will comply with the Americans with Disabilities Act of 1990 and the Section 508 accessibility standards, as incorporated into Florida law by section 282.603(1), Florida Statutes, and Florida Rule of Judicial Administration 2.526. I further certify that if this on-line electronic records access system is amended, updated, or improved in the future, such revisions will continue to assure that the system complies with the Americans with Disabilities Act and Section 508 standards, as incorporated into Florida law, and is accessible to users with disabilities.

The Certification Statement must be signed by either the Clerk of Court or his/her appointed designee for a Clerk submission, or the Circuit Court Administrator or his/her appointed designee for a Court submission.

Signature /
Name /
Title /
Organization /
Street /
City, State, Zip /
Date /

ATTACHMENT BDOCUMENTATION OF ON-LINE ELECTRONIC RECORDS ACCESS SYSTEM ACTIVITIESMONTHLY STATUS REPORT TEMPLATE

Any court or clerk who wishes to implement an on-line electronic records access system must institute the testing criteria described in this section. This test will be subject to review by the courts. This test is to ensure electronic access to confidential records and information is in accordance with rule and statutory requirements.

Per the Administrative Order, copies of the monthly progress reports should be provided to (1) the Chief Judge; (2) the OSCA; and (3) the Clerk of the Supreme Court of Florida.

Testing Criteria for On-line Electronic Records Access System

In order to ensure that electronic court records access is provided at the appropriate level of authorization, the court record is secure, and the system has the proper safeguards and processes in place to provide authorized levels of access to various parties in accordance with the Access Security Matrix, there will be a pilot and reporting period of 90 days.

On-line Electronic Records Access Application Page 8

Attachment C Documentation of On-line Electronic Records Access Activities

/

Monthly Status Report

/
County: /
Date: /
During the 90-day pilot period, statistical information and other reports are to be collected and provided to the courts by the last workday of each month. The report will be broken into 30-day increments with a 90-day report summary.
At the discretion of the FCTC, the frequency of the reporting process may be amended to contain a progress report that is beyond the initial 90-day pilot period. Thus, the report must be distributed every thirty days, and must include any operational or technical modifications made to the initial description of the project’s scope, current progress, and approval by the FCTC.
Reporting Categories
Scope of Pilot.
Define the areas that are included in the on-line electronic records access system, such as the case types that will be available for access and the size of the pilot group involved in the testing.
Reporting Details shall be for the month unless it is the final summary for the conclusion of the pilot.
Provide the following details:
1. / Number of images accessed by all users.
2. / Number of images provided by Viewable on Request (VOR).
3. / Number of registered users.
4. / Provide the number of registered users by access level.
5. / Provide the number of documents viewed by user access level.
6. / Report all known incidents of inadvertent release of confidential information.
7. / Report all known incidents of unauthorized access to confidential information.
8. / Provide information regarding changes made to internal procedures to improve security or quality controls.

10 | Page