Your data is your concern.
Its security is ours.
Whether you are recording court proceedings, storing records of interview, or accessing digital transcripts—you need to be confident your data is safe and secure.
Our enterprise-grade security features protect your data from external threats. It’s a best-practice approach that provides privacy, compliance, and peace of mind.
Why you can trust
For The Record.
We prioritize the security of our clients’ data.
We strive to always meet the FBI’s Criminal Justice Information Services policy, partnering with our clients to safeguard their criminal justice information.
Our solutions and services are designed to guard the sensitive and often protected information collected and stored with the legal justice system.
That’s why our services, software, and cloud-based solutions:
At For The Record, we take our security and compliance obligations seriously.
FAQs about security, privacy and compliance.
For The Record uses Amazon Web Services (AWS) and Microsoft Azure to host the data. For The Record clients in the United States of America are hosted in dozens of data centers within the US East/West regions. These regions are FedRAMP compliant. AWS states 99.9999% durability.
We encrypt data in transport and at rest. The system’s architecture is based on the NIST cybersecurity framework. For The Record uses FIPS 197 compliant AES 256 encryption for data at rest on AWS, and FIPS 140-2 compliant TLS 1.2 for data in transit. Data accessed remotely is also encrypted to FIPS compliancy.
Yes. We are PCI DSS and GDPR certified. We also track the FBI’s Criminal Justice Information Service’s (CJIS) policy for updates, and commit to meeting its standards, as well as other industry standards.
Yes, but we operate on the principle of least privilege, restricting access to only those few authorized staff with a specific role in supporting your solution’s ongoing efficiency or repair. All For The Record staff that have access to the Cloud Platform must complete security awareness training based upon the CJIS Level 4 standard. All staff undergo thorough background checks.
Our systems also track and identify For The Record users and that information is available to you.
We have multiple layers of defence, and use a range of measures, including firewalls, anti-virus, encryption, rapid patch management, and intrusion detection systems. We perform daily vulnerability checks regularly and automate updates to shield against new and emerging software flaws.
Yes, we have engaged professional “hackers”, an external company that attempts to identify weaknesses in our system and identify vulnerabilities. These tests are conducted annually.
Threat detection is automated for Cloud Platform Solutions. For example, with Recording Vault, an AI-threat detection system runs automatically through the software to identify unusual activity.
The system instantly alerts For The Record support staff, who can immediately block unauthorized access. In the unlikely event an intruder reaches data, encryption renders it unreadable and unusable.
For The Record’s digital files are given a “fingerprint” that is corrupted if a video or audio recording is altered in any way. It is impenetrable technology that alerts the court to “deep fakes.” If a file was altered, our monitoring and tracking measures can identify the user responsible.
Do the AI platforms that power your Speech-to-Text and FTR RealTime technology have access to our records?
No, For The Record invests heavily to ensure courts’ records are excluded from the standard, anonymous data pool that fuels most AI platforms.
Our astute approach to recording and file sharing gives us a distinct advantage for tracking and monitoring users. For example, our Recording Vault’s features give clients total control over who can access the record, or portions of it. Passages of proceedings can be sealed and unsealed simply.
Users can be identified, as well as the location they logged in from, and the precise seconds they listened to or watched.
For The Record does not store any CJIS data on its own physical media. Where CJIS data is stored in our cloud platform it is stored in Amazon Web Services. AWS decommissions media using techniques detailed in NIST 800-88 and stores data compliant to the FedRAMP moderate impact level.