The audit researched the security level of the Police Records Information Management Environment (PRIME-BC) between January and June 2016. It was the second time in three years that Bellringer has looked into this system, which holds sensitive information and is accessible to all Canadian officers.
“It includes everything from somebody calling in on a 911 call or any other contact with the police, all the way through to the completion of the police investigation into the reports that they generate,” says Bellringer, “There would be information in there around criminal records, victims, it would have the link to other police systems so if any information was downloaded from that that would be included in the report as well.”
The 11-page report‘s sole recommendation was that PRIMECorp’s (PRIME-BC’s operational and technical support organization) board of directors ensures its management team continues to implement all recommendations from its 2013 report. While that initial document was never publicized, Bellringer claims there have been significant improvements to system security over the past four years. She doesn’t believe there are any outside threats and now wants PRIMECorp zero-in on hazards within.
“The only weaknesses that we did find are internal to the system and they are working to correct all of those. They do have an action plan in place to do that before the end of the year but the exposures are already being remedied as we speak.”
Bellringer chose not to share details or examples of an “internal weakness” for fear of getting “to close to exposing something.” The Auditor General won’t publish information that could leak IP addresses or sensitive personal information.