RMS Data Migration & Integration
- This role is really two jobs: (1) migrating legacy agency data into Axon Records/Evidence, and (2) architecting durable cloud-to-on-prem integrations where the agency keeps its legacy RMS.
- Master three domains: migration methodology (ETL/ELT, phased vs. big-bang vs. parallel run, hash-based reconciliation), the law-enforcement data-standards stack (
NIEM/LEXS,NIBRS,CJIS v6.0,N-DEx), and hybrid integration patterns (REST/OAuth2 APIs, iPaaS vs. ESB, queues/webhooks, private connectivity). - Know cold: Axon Records is cloud-native, CAD-agnostic, and NIBRS-compliant, built on Axon Evidence; hosted on a mix of Azure + AWS; CJIS-compliant and
FedRAMP High; integrations run through a REST Partner API (OAuth2/OIDC + JWT) with HMAC-signed webhooks. - Every behavioral answer: STAR method, mapping your Oracle/enterprise migration experience onto CJIS-regulated, 24/7, mission-critical constraints.
- Have a tight, numbered answer ready for "how do you reverse-engineer an undocumented legacy database" — see Section 03 for the full 8-step workflow.
Legacy RMS Landscape
Every legacy vendor story is a consolidation story — and most are actively sunsetting on-prem products, which is exactly what's forcing agencies to Axon right now.
| Vendor | Key Products | Notes |
|---|---|---|
| CentralSquare | TriTech, Superion, Zuercher, OSSI, Tiburon, IMC | Dominant in large-city/county CAD; actively sunsetting legacy lines |
| Tyler Technologies | New World (RMS/CAD), Brazos | Common mid/large agency footprint |
| Motorola Solutions | PremierOne, Spillman Flex, CommandCentral | Spillman ran both Windows & Unix historically |
| Hexagon | HxGN OnCall | Large CAD deployments |
| Mark43 | Cloud-native RMS/CAD | Axon competitor; also an Axon Fusus integration partner; runs on AWS GovCloud |
Backends are almost always Oracle or SQL Server. Expect free-text narrative fields, scanned-document blobs, proprietary schemas, and little to no documentation.
Data domains & their migration pain points
- Incident/offense reports — free-text narratives, officer/participant links, NIBRS coding differs by legacy system.
- Arrests & bookings — charge codes must crosswalk to state + NIBRS codes; mugshots are binary attachments needing metadata linkage.
- Evidence/property — chain-of-custody integrity is paramount.
- Warrants — active vs. served/cleared status, often tied to NCIC.
- Case management — investigative files linking multiple incidents/people/evidence.
- Master Name Index (MNI) — the hardest artifact: one person repository referenced by every module, riddled with duplicates ("John Doe" vs "John A. Doe").
- NIBRS/UCR crime data — must stay reportable across the SRS→NIBRS boundary.
Migration Methodology
ETL vs. ELT vs. CDC
ETL (transform before loading) fits RMS migration best — the target has a rigid schema and needs heavy business-rule transformation. ELT suits analytics/data-lake modernization more than a structured RMS target. Change Data Capture (CDC) streams source changes to keep old and new systems synced for near-zero-downtime cutover.
Choosing a cutover strategy
| Strategy | Best for | Risk | Downtime |
|---|---|---|---|
| Big bang | Small agencies, clean data | High | Short window |
| Phased / incremental | Large agencies, by module or date range | Lower | Longer, spread out |
| Parallel run | Mission-critical 24/7 operations | Lowest | None until validated (60–90 day overlap) |
Best practice: a hybrid — big bang for low-risk data, phased/parallel for the mission-critical core. Always pilot with a low-complexity workload first.
Mapping, cleansing, and validation
- Field-level crosswalks: agency/state offense codes ↔ NIBRS Group A/B codes; charge codes ↔ state DOJ/CJIS codes.
- Dedup: profile data quality first, then run entity resolution (name + DOB + address + phone) to collapse duplicates into golden records — records staff should adjudicate ambiguous merges.
- Unstructured data: carry free text and scans across as attachments with preserved metadata even when they can't be parsed into fields.
- Reconciliation: row counts and control totals at every checkpoint, plus cryptographic hash comparison (
SHA-256) to prove files transferred intact.
Expect: "An agency on a 20-year-old Oracle RMS can't tolerate downtime — walk me through your approach." Answer arc: profile → map/crosswalk → build a conversion test environment → phased/parallel run with CDC → reconcile via counts + hashes → UAT sign-off → weekend cutover with go/no-go and rollback → post-migration hypercare.
Rollback planning
Define go/no-go criteria and rollback triggers before cutover. Keep the legacy system as the system of record until reconciliation passes fully.
Mapping Undocumented Legacy Databases
Every RMS migration starts here: a database nobody currently at the agency fully understands. This is a repeatable, provable workflow rather than guesswork — treat it as an investigation, not a reading exercise.
This maps directly onto: "Walk me through how you'd analyze an undocumented client RMS to determine where all the data lives before making changes." Walk the interviewer through the numbered workflow below in order — it reads as a methodology, not a war story.
The workflow, in order
-
Pull the metadata first. Every RDBMS exposes its own schema via system catalogs before you touch a single row of data:
INFORMATION_SCHEMA,sys.tables,sys.columns,sys.foreign_keyson SQL Server;ALL_TABLES,ALL_TAB_COLUMNS,ALL_CONSTRAINTS,DBA_DEPENDENCIESon Oracle;information_schema,pg_constraint,pg_dependon Postgres. Extract full DDL for every table, view, procedure, and trigger. Even where foreign keys were never enforced — extremely common in old systems, where devs skipped FK constraints for performance — naming conventions (cust_id,CustomerID,fk_customer) give a first-pass relationship map. - Generate a visual ER diagram automatically. Don't hand-draw this. SchemaSpy, DBeaver's built-in ER view, or ER/Studio crawl catalog metadata and produce a diagram in minutes, including inferred relationships from naming patterns even where constraints don't exist. This gives a skeleton to correct rather than a blank page.
-
Profile the data to infer relationships that aren't declared. Run cardinality and value-containment checks — does
orders.customer_idactually contain a subset of values fromcustomers.id? That's a strong FK signal even without a constraint. Null rates and distinct counts reveal whether a column is a real foreign key, a denormalized cache, or dead legacy cruft. This turns "I think these tables are related" into "I can prove these tables are related." - Instrument live traffic, not just structure. Static schema shows what could relate; it doesn't show what actually happens. Turn on SQL Server Extended Events/Profiler, Oracle SQL Trace/AWR/ASH, or general query logging for a day or two of normal operation. Watching real SELECT/JOIN/UPDATE statements fire is often the fastest way to find true data flow.
-
Grep the application layer, not just the database. Business logic usually lives half in the database (stored procs, triggers, views) and half in application code (ORM models, embedded SQL, config files). Search the codebase for table names once you have them.
DBA_DEPENDENCIES/sys.sql_expression_dependenciesshows which procs/views touch which tables — a fast dependency graph without reading every line of code. - Work backward from known outputs. Rather than mapping the whole database forward, pick a report, dashboard, or screen the business actually relies on and trace it backward — what view feeds it, what tables that view joins, what those tables' upstream sources are. This is usually faster than mapping everything, and it naturally prioritizes the tables that matter for the migration instead of the dead weight most legacy systems accumulate.
- Talk to the humans who touch the data. The person with the most institutional knowledge on an old system is rarely IT — it's the records clerk or power user who's run the same report for 15 years and knows exactly which field is unreliable and why. A 20-minute conversation can save days of forensic SQL work.
- Document incrementally, as a living artifact. Build a data dictionary/lineage doc as you go — table → purpose → key relationships → known quirks — even if it's rough. The documentation becomes a deliverable in its own right and keeps you from re-discovering the same table three times.
At scale, automated data-lineage tools (Manta, Collibra, or open-source OpenLineage/Marquez) can perform steps 3–5 continuously across an enterprise. For a single legacy RMS, the manual workflow above is usually faster and gives you a methodology you can speak to concretely in an interview.
Standards & Compliance
This is the part most likely to get quizzed directly — get these facts precisely right.
| Standard | Full name | What it governs | Key fact |
|---|---|---|---|
NIEM | National Information Exchange Model | Enterprise data-exchange grammar (DOJ/DHS/HHS) | Superseded the legacy GJXDM standard |
LEXS | Logical Entity eXchange Specs | NIEM-based family of IEPDs for sharing LE data | LEXS 3.1 is based on NIEM 2.0; used by N-DEx |
LEITSC | LE Info Technology Standards Council | Functional spec baseline for RMS/CAD | Built with IACP, NSA, NOBLE, PERF, IJIS |
NIBRS | National Incident-Based Reporting System | FBI crime-reporting model | Eliminated the hierarchy rule; up to 10 offenses/incident |
CJIS v6.0 | CJIS Security Policy | Cloud/vendor handling of Criminal Justice Info | Released Dec 27 2024; mapped to NIST 800-53 Rev. 5 |
N-DEx | National Data Exchange | FBI/CJIS cross-agency data sharing | Uses NIEM, LEXS, and its own IEPD (v2.1.1) |
- NIBRS replaced the old Summary Reporting System (SRS), which only counted the single most serious offense per incident. The FBI went NIBRS-only in 2021, then reversed and now accepts both SRS and NIBRS.
- Each state has its own NIBRS flavor — local systems must extract and format the NIBRS-required subset for state UCR submission.
- CJIS v6.0 introduces
P1–P4priority tiers across 20 policy areas; MFA is a P1 control, auditable since October 1, 2024. - Encryption must use FIPS 140-validated modules, in transit and at rest — plain TLS alone doesn't satisfy CJIS.
- Audit logs must be retained for 365 days minimum. Cloud vendors must sign the CJIS Security Addendum.
Integration Architecture
For objective (2) — the agency keeps its on-prem RMS, and you connect it to Axon's cloud.
iPaaS vs. ESB — a likely whiteboard question
- ESB — on-prem hub-and-spoke (IBM MQ, TIBCO, Oracle Service Bus). Strong for legacy SOAP/JMS, high-throughput on-prem messaging. Heavy, slow to change.
- iPaaS — cloud-native, API-first, elastic, webhook-ready (MuleSoft Anypoint, Boomi, Workato). The right default for connecting cloud SaaS to on-prem via secure tunneling agents.
Senior framing: recommend iPaaS/API-led for new work; retain/wrap the ESB only for legacy SOAP/MQ constraints, and run it in parallel during a 60–90 day decommission window.
Messaging, connectivity, and data strategy
- Queues for reliable async sync with dead-letter handling; webhooks for event-driven push; batch/SFTP still valid for bulk historical loads.
- Private connectivity: site-to-site VPN, or Direct Connect/ExpressRoute-style private circuits — all must satisfy CJIS FIPS-validated encryption.
- Replication vs. federation: replication copies data to the cloud (supports analytics, raises duplication concerns); federation queries in place (less duplication, latency depends on source). For "connect without migrating," federation plus selective replication of what Axon needs is often the sweet spot.
- CAD-to-RMS: must be low-latency — Axon's own CFS feed lands in Records within 3–5 minutes.
Axon Ecosystem
Axon Records is cloud-native, CAD-agnostic, and fully NIBRS-compliant, built on top of Axon Evidence (Evidence.com). First deployed at Fresno PD (2019); Oklahoma City PD is a flagship modernization story.
| Component | What to know |
|---|---|
| Hosting | Mix of Microsoft Azure and AWS, both CJIS-compliant; historically Azure-primary; government workloads on Azure Government (FedRAMP High, DoD IL4/IL5) |
| Compliance | FedRAMP High via the Joint Authorization Board (Dec 20, 2022) across Evidence, Respond, and Records; CJIS-compliant for over a decade |
| Partner API | REST over TLS 1.2+, OAuth2/OIDC + JWT; credentials = Client ID, Client Secret, Partner ID; default-deny per-resource permissions |
| Migration tooling | XTMT (CLI migration tool), Axon Channel Services (AFE-assisted SOW migration with hash-verified transfers) |
| Webhooks | HMAC-signed, async, sample consumer published on GitHub |
| CAD / CFS | Third-party CAD data lands in Records within 3–5 minutes; queryable in the Axon Records DataStore |
| NIBRS submission | Real-time validation engine; state-specific Master Charge Table maps offenses to NIBRS/UCR/CJIS codes |
Note: a competitor blog claims Evidence is "exclusively AWS" — Axon's own current statement describes a mixed Azure + AWS model. Describe it as multi-cloud if asked, rather than committing to one.
Interview Prep
Likely question themes
- How do you decide big-bang vs. phased vs. parallel? (→ function of agency size, downtime tolerance, data risk)
- Design a connection where the agency keeps its on-prem RMS. (→ API-led/iPaaS + event-driven sync over private connectivity; replication vs. federation per data domain)
- How do you guarantee data integrity and chain of custody? (→ SHA-256 hashing end to end, reconciliation checkpoints, immutable audit logs)
- How do you handle CJIS during migration? (→ FIPS-validated encryption, MFA, audit logging, signed Security Addendum, least privilege)
- How do you handle resistance from records staff and officers? (→ involve them early as SMEs, especially for dedup adjudication; train heavily; pilot; create champions)
STAR framing with your background
Translate "enterprise Oracle migration" into "mission-critical, 24/7, regulated data" — the constraints map directly. Prepare 3–4 reusable stories: a downtime-minimizing cutover, a data-integrity save, a difficult stakeholder you converted, and a build-vs-integrate architecture decision. Quantify results wherever you can: records migrated, reconciliation accuracy, downtime achieved, adoption rate.
Study Plan
Memorize the NIBRS story, the CJIS pillars, and the migration strategy trade-offs. Most likely to be tested, easiest to get precisely right.
Be able to sketch Records on Evidence, hosted on Azure/AWS, CJIS + FedRAMP High, integrated via REST/OAuth2 with hash-verified migration tooling.
Rehearse the "keep the on-prem RMS, connect to Axon" scenario out loud — choose iPaaS over ESB, replication vs. federation, name CJIS controls at each hop.
Prepare quantified STAR stories. Ask about their Channel Services delivery model and state-by-state NIBRS certification process.
Caveats
- Cloud-hosting sources conflict — treat Axon's own "mix of Azure and AWS" statement as authoritative.
- Exact Partner API endpoint schemas are behind login; don't overclaim specific paths.
- Market-size and vendor-share figures vary by research firm — use directionally.
- This is a no-coding interview — prioritize architecture, methodology, and standards over syntax.