padlock-2

Your data is your concern.
Its security is ours.

Whether you are recording court proceedings, storing records of interview, or accessing digital transcripts—you need to be confident your data is safe and secure.

Our enterprise-grade security features protect your data from external threats. It’s a best-practice approach that provides privacy, compliance, and peace of mind.

Security

Why you can trust
For The Record.

We prioritize the security of our clients’ data.

We strive to always meet the FBI’s Criminal Justice Information Services policy, partnering with our clients to safeguard their criminal justice information.

Our solutions and services are designed to guard the sensitive and often protected information collected and stored with the legal justice system.

 

That’s why our services, software, and cloud-based solutions:

Encrypt data at rest and in transit

Protect with multiple layers of defense

Guard against fraud and tampering with checksums—digital “fingerprints”

Track user access and usage with in-built monitoring

Alert management to any unauthorized access

Use AWS S3 platform storage, which claims 99.99999% durability

Check constantly for software flaws emerging globally

Automate regular updates to shield against new flaws

Conduct regular penetration testing to identify vulnerabilities within our systems

Are monitored by independent experts to verify our security, privacy, and compliance controls

We also:

Assist clients with risk assessments and compliance efforts 

Do not store CJIS data on our own physical media  

Demand CJIS Level 4 standard security awareness training for our staff working in the Cloud Platform 

Follow principles of least privilege and least functionality 

Ensure all network surfaces are locked down to what is minimally required to function 

Complete thorough background checks on all staff  

Guarantee visibility over our staff’s access to accounts  

At For The Record, we take our security and compliance obligations seriously.

Security Compliance.

For The Record utilizes enterprise-grade best practices to protect our customers’ data, and works with independent experts to verify its security, privacy, and compliance controls. To that end, For The Record has achieved a clean SOC 2 Type 1 attestation report, measured against stringent standards. 

An image of a grey circle which reads "Monitored by Drata SOC 2"

We work with an independent auditor to maintain a SOC 2 report, which objectively certifies our controls to ensure the continuous security of our customers’ data. To review the report; our company policies; the control tests; and the independent verification of our security compliance against global standards, visit our Trust Center. 

Developed by the Assurance Services Executive Committee (ASEC) of the AICPA, the Trust Services Criteria is the set of control criteria to be used when evaluating the suitability of the design and operating effectiveness of controls relevant to the security, availability, or processing integrity of information and systems, or the confidentiality or privacy of the information processed by the systems at an entity, a division, or an operating unit of an entity. 

For The Record uses Drata’s automation platform to continuously monitor 100+ security controls across the organization. Automated alerts and evidence collection allows For The Record to confidently prove its security and compliance posture any day of the year, while fostering a security-first mindset and culture of compliance across the organization.

To review the current status of monitored tests for controls across Infrastructure Security, Network Security, Product Security, App Security, and Organization Security, please visit our Trust Center. 

Security is a continuous company-wide endeavor that extends far beyond a box ticking exercise. All employees complete an annual security training program and employ best practices when handling customer data and while managing our own day-to-day activities. 

For The Record works with industry leading security firms to perform annual network and application layer penetration tests.

For The Record utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.

Data is encrypted both in-transit using TLS and at rest.

If you believe you’ve discovered a bug in For The Record’s security, please get in touch at info@fortherecord.com. Our security team promptly investigates all reported issues. 

FAQs—security, privacy and compliance.

For The Record uses Amazon Web Services (AWS) and Microsoft Azure to host the data. For The Record clients in the United States of America are hosted in dozens of data centers within the US East/West regions. These regions are FedRAMP compliant. AWS states 99.9999% durability.

We encrypt data in transport and at rest. The system’s architecture is based on the NIST cybersecurity framework.  For The Record uses FIPS 197 compliant AES 256 encryption for data at rest on AWS, and FIPS 140-2 compliant TLS 1.2 for data in transit. Data accessed remotely is also encrypted to FIPS compliancy.  

Yes. We are PCI DSS and GDPR certified.  We also track the FBI’s Criminal Justice Information Service’s (CJIS) policy for updates, and commit to meeting its standards, as well as other industry standards. 

Yes, but we operate on the principle of least privilege, restricting access to only those few authorized staff with a specific role in supporting your solution’s ongoing efficiency or repair. All For The Record staff that have access to the Cloud Platform must complete security awareness training based upon the CJIS Level 4 standard.  All staff undergo thorough background checks.  

Our systems also track and identify For The Record users and that information is available to you.  

We have multiple layers of defence, and use a range of measures, including firewalls, anti-virus, encryption, rapid patch management, and intrusion detection systems. We perform daily vulnerability checks regularly and automate updates to shield against new and emerging software flaws.  

Yes, we have engaged professional “hackers”, an external company that attempts to identify weaknesses in our system and identify vulnerabilities. These tests are conducted annually. 

Threat detection is automated for Cloud Platform Solutions. For example, with Recording Vault, an AI-threat detection system runs automatically through the software to identify unusual activity.

The system instantly alerts For The Record support staff, who can immediately block unauthorized access. In the unlikely event an intruder reaches data, encryption renders it unreadable and unusable.

For The Record’s digital files are given a “fingerprint” that is corrupted if a video or audio recording is altered in any way. It is impenetrable technology that alerts the court to “deep fakes.”  If a file was altered, our monitoring and tracking measures can identify the user responsible. 

No, For The Record invests heavily to ensure courts’ records are excluded from the standard, anonymous data pool that fuels most AI platforms.  

Our astute approach to recording and file sharing gives us a distinct advantage for tracking and monitoring users. For example, our Recording Vault’s features give clients total control over who can access the record, or portions of it.  Passages of proceedings can be sealed and unsealed simply.

Users can be identified, as well as the location they logged in from, and the precise seconds they listened to or watched. 

For The Record does not store any CJIS data on its own physical media. Where CJIS data is stored in our cloud platform it is stored in Amazon Web Services. AWS decommissions media using techniques detailed in NIST 800-88 and stores data compliant to the FedRAMP moderate impact level. 

  FTR Recording Vault.

Discover FTR Recording Vault—our most secure court record storage, access, and management solution.