Clerus provided the Iowa Office of Driver Services (OSD) a comprehensive analyses of the State’s security compliance plans to ensure their driver license processes would meet or exceed the security and privacy practices needed to achieve REAL ID compliance. Iowa wanted an automated tool that would not only help them find any privacy or security compliance issues but also would track their resolution. Clerus was uniquely qualified to assist Iowa with this effort. Having drafted the REAL ID Security Plan Guidance Handbook for DHS, Clerus has a clear understanding of what is important to a State’s security plan. In addition, the Clerus staff’s familiarity with configuring SharePoint sites allowed us to quickly respond to Iowa’s needs for an automated tool.
Planning & Evaluation
Develop and/or Analyze the Security Plan – The Clerus effort began with a thorough analysis of the Iowa’s current security plan, comparing their existing plan to the guidance provided in the DHS Real ID Security Plan Guidance Handbook. The goal of this analysis was to determine if the existing security plan covered each of the compliance areas described in the Handbook. Clerus presented its findings from the analysis of the existing security plan to Iowa for discussion and consideration. Once consensus on the findings was reached, Clerus provided Iowa with a report outlining the findings of this review and suggesting changes to the Iowa security plan. This report was provided to Iowa in both electronic and hard copy form. Develop Specific Security Inspection Checklist – After Iowa approved the recommended changes to the security plan, Clerus developed a security checklist specific to the Iowa DL/ID issuance process. The checklist was developed to ensure collection and recording of all data relative to the security inspection. This checklist was developed in electronic form using SharePoint to provide an efficient and user friendly tool for recording specific results of each site inspection. Further, this electronic form provided a means of organizing, monitoring, and compiling inspection results.
Security Inspector Training – Once Iowa the approved checklist and survey tool, Clerus staff and key Iowa personnel made several initial inspections to validate the tool and familiarize Iowa staff with the inspection process. Clerus then developed and provided training for Iowa staff in using the checklist to conduct the inspections and gather information. Clerus also assisted the staff doing the inspections with technical support on inspection requirements and on the uses of the survey tool.
Develop Security Gap Analysis - As inspections were conducted and data was being entered into the survey site, Clerus Solutions monitored data for any missing information and for any indeterminate information and supported state inspectors as needed. When all surveys were entered completely and clearly, Clerus Solutions performed a gap analysis and prepared a report that compiled, organized, and described the problems areas that needed to be addressed to ensure desired privacy and security.