Implementing IP can be a scary proposition. Here’s how to make it less so.
There was a time when you knew the exact location of a caller, because it was the same as their telephone billing address. Today, with the advent of next-generation 911, we are dependent on GPS coordinates to locate a growing majority of callers. What do we need to do today to keep pace with these changes requiring IP connections? Buy new equipment and software, and hope for the best? The first is true; as for the latter, we can do more than hope — we can plan.
Let’s examine the essential elements of the planning stage, which is Step 1.
Security. Decide the best means to address security in your environment. What are your requirements and mandates? Who is responsible for the overall security? You must articulate a security plan that establishes the vision and tone for securing your network. This is a formal document announcing your security framework, and further instructions exist (or will exist) in the form of policies and procedures.
Assess. Know your environment, including all call-taker workstations, servers, printers (check — yours might have an IP address), wireless access, radios, service providers, ANI/ALI databases and GIS databases. You need an inventory of everything and everybody who touches your network, whether directly or through another system. List your current policies and procedures. Determine what you already have in place.
Compliance roadmap. Now that you know what you have, compare this to the requirements of your chosen security standard. Note the requirements that you do not have. The differences represent the gaps. Each of the missing requirements on your gap analysis needs a remediation plan. This may take the form of a compliance roadmap, which is a list of activities that will bring your network into compliance with your chosen standard. Activities addressed in a compliance roadmap often include:
A compliance plan should include a rough order-of-magnitude estimate of the costs associated with activities, as well as a timeline for completion. The timeline demonstrates the opportunity to distribute costs and the workload over five years (more or less as time and funds permit). If your IP network connectivity will be established soon, consider compressing your timeline and choosing the activities that you are able to accomplish quickly, or those that offer the most security. Mitigation strategies should be put in place to provide a viable plan to correct your remaining gaps and achieve complete security compliance.
Lori J. Kleckner, PMP, CISSP is a cybersecurity consultant for L.R. Kimball with extensive experience in collaborating with agencies at the local, state and national levels. This article appears courtesy of Urgent Communications.