Software as a Service (SaaS)
We offer our solutions via the cloud using a Software as a Service (SaaS) model which provides major advantages over the traditional methods of purchasing and deploying on-site solutions. Including:
-
- Zero server infrastructure to purchase
- Accessible from any location
- Continual upgrades & features added a no additional cost
- No yearly maintenance costs
- Real-time communication
- & Flexible licensing
FBI CJIS Security Policy Compliant
All of our solutions, at minimum, meet or exceed the requirements mandated by the FBI CJIS Security Policy.
The CJIS Security Policy provides Criminal Justice Agencies (CJA) and Noncriminal Justice Agencies (NCJA) with a minimum set of security requirements for access to Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Division systems and information and to protect and safeguard Criminal Justice Information (CJI). This minimum standard of security requirements ensures continuity of information protection. The essential premise of the CJIS Security Policy is to provide the appropriate controls to protect CJI, from creation through dissemination; whether at rest or in transit.
FIPS 140-2 Compliant
All data managed within our solutions, both in-transit & at rest, is encrypted by cryptographic modules and ciphers that meet or exceed the Federal Information Processing Standards (FIPS) 140-2 & 3 standards.
The FIPS 140-2 & 3 standard specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting sensitive but unclassified information (hereafter referred to as sensitive information). The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3, and Level 4. These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be employed. The security requirements cover areas related to the secure design and implementation of a cryptographic module.
This standard is applicable to all Federal agencies that use cryptography-based security systems to protect sensitive information in computer and telecommunication systems as defined in Section 5131 of the Information Technology Management Reform Act of 1996, Public Law 104-106.
Infrastructure Security
Infrastructure refers to the physical equipment and virtual services within a provider’s data center(s) that we operates our services on.
To accomplish this we carefully vets our underlying partners and providers to ensure that they can meet the following minimum standards:
-
- Infrastructure and service availability of 99.99% or higher.
- Government qualified data centers that meet FedRAMP, DoD, SOC, CJIS and other industry standards.
- Are aligned with our mission of providing the highest quality of services to U.S. Public Safety entities.
- Have multiple data centers that are regionally diverse (300+ miles of separation).
Resiliency
Service access refers to the ability for end clients to connect to our solutions through its website interface. In order to ensure a minimum service availability level of 99.95% we implement and maintain the following:
-
- Architects its solutions to avoid having a single point of failure.
- Regionally distributes its computing resources.
- Physical and logical separation of services within a single data center.
- 24x7x365 continuous monitoring both using automated systems and physical methods.
- Continuity of operations testing.
- Maintains a regionally replicated fail over “Hot-Site” in the event a primary data center experiences a service interruption.
Personnel Security
Employees must pass a series background checks and security training prior to and during employment. At minimum employees must:
- Have U.S. Citizenship
- Undergo Criminal Background Check & Screening
- Pre-Employment
- Employment periodic re-screening
- Federal, State & Client independent screening
- Maintain a CJIS security awareness training, Level 4 certification
- Pass U.S. E-Verify check