Queensland's offender IT system used to extort prisoners

By

Corrections staff exploit control weaknesses.

Queensland’s corruption watchdog has told the state’s corrective services agency to replace its offender management system after uncovering occasions where it was used by staff to extort prisoners.

Queensland's offender IT system used to extort prisoners

In a damning review into corruption in the state’s corrective services facilities released last week, the Crime and Corruption Commission (CCC) identified major information management and security failings with the core line-of-business system.

It found the integrated offender management system (IOMS) used to perform case management for Queensland Corrective Services’ (QCS) lacked “appropriate access and use controls, and audit functionality”.

This means custodial correctional officers (CCO) are able to “view personal information about any prisoner”, with audit functionality unable to “systematically or accurately determine whether access to particular information is necessary or appropriate to the staff member role”.

“Approximately 13 percent of allegations involving QCS staff received by the CCC are about misuse of information and these allegations have significantly increased over the last three years,” the report from Taskforce Flaxton states.

The corruption watchdog said this had led to instances where CCOs were accessing IOMS “for purposes unrelated to their functions” and, in some case, “using this information to extort prisoners, or providing information about prisoners to other prisoners or third parties”.

As a direct result of this poor information security, prisoners – who were said to “understand these vulnerabilities” – felt uncomfortable providing information to corrections officers.

“Prisoners understand these vulnerabilities and do not feel comfortable providing information, which reduces the amount of intelligence being extracted from the prisons,” CCC said.

“Lack of information security can also expose intelligence to parties who should not see it or compromise investigations.”

The CCC has recommended that QCS implement “remediation strategies” to address issues, before replacing the IOMS with a system that “meets recognised information and security standards”..

QCS said it had begun to redevelop IOMS to improve records management and is planning to replace the system with a digital offender management environment (DOME).

The agency has, however, “issued a statement of works” for an independent ‘health check’ of the system for the time being to identity any underpinning issues and develop remediation strategies.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Victoria Police renews decade-long IT support deal for another three years

Victoria Police renews decade-long IT support deal for another three years

Qld tables $1 billion for major whole-of-government tech overhaul

Qld tables $1 billion for major whole-of-government tech overhaul

Google offers new proposal to stave off EU antitrust fine

Google offers new proposal to stave off EU antitrust fine

WA Police Force to spend $30.8m on IT 'optimisation'

WA Police Force to spend $30.8m on IT 'optimisation'

Log In

  |  Forgot your password?