How to buy records management systems (RMS)
By Tim Dees
Every law enforcement agency has a records management system (RMS), even it amounts to a cardboard box full of old reports in no particular order. Fortunately, there are better and more sophisticated methods of keeping track of the documents and other information your outfit accumulates. Here's some points to consider when purchasing a records management system:
Computer-based RMS is usually paired with a computer-assisted dispatch (CAD) system. The two software packages are interrelated, as most law enforcement investigations begin with a call for service or a patrol officer taking self-initiated action in the field. Ideally, the RMS information flows into a similarly linked system for the courts and any corrections/jail operations handling your cases and prisoners. Whether that happens is more dependent on the level of cooperation and funding of all the participating agencies than on technology.
Unless you're starting a brand new agency, your first consideration in choosing an RMS is how your legacy records will integrate into the new system. If they're paper-based, you should consider having the records scanned into computer-readable form and indexed by as many descriptors as you can manage: case number, names, locations, incident types, etc. Using optical character recognition software, some records will translate into text documents from which your new RMS can (or should) extract these details automatically.
If your old records are already computer-readable files, then your new system should have the capability of indexing and integrating the old records. This is easier said than done. There are no standards for RMS, and a great many vendors, each with their own ways of doing things. You need to quiz potential vendors very specifically about how they will get the content of your existing RMS into the one they will create for you.
Security and ease of use are major considerations. Many vendors use a database standard called SQL (pronounced like "sequel"), and tout that any information contained in the database is available "through a simple SQL query." That's great if your users know how to structure a SQL query. The rest of the world uses form fields with labels like "case number," "name" and "offense." Systems using "fuzzy logic" will locate records with elements that don't quite match the search terms, so that a search for "Smith" will also find records containing "Smythe" and "Smitty," or restrict the search to exact matches if that's what you want.
Good security isn't limited to providing passwords for all authorized users. It also sets access levels, so that users are limited in what they can see and change, and an iron-clad tracking system showing who looked at or changed what, when, and why. Forcing users to change passwords every 30-90 days limits the time a stolen password remains useful. People complain about being forced to change and not re-use passwords, but the lack of convenience pays off in keeping your proprietary information secure.
Tim Dees is a retired police officer and the former editor of two major law enforcement websites who writes and consults on technology applications in criminal justice. He can be reached at firstname.lastname@example.org.