Compliance and Security
Guardify, a division of Vidanyx, Inc. (“Guardify”) is a cloud-based digital evidence management solution serving child advocacy, child protective services, prosecuting attorneys, and law enforcement organizations. Guardify is designed and operated to ensure compliance with security standards and protection against current and emerging threats.
Guardify is hosted in a FedRamp authorized high-level infrastructure on AWS GovCloud, ensuring all data is maintained in U.S. data centers by U.S. citizens.
Guardify is architected with security to offer prosecutors, law enforcement officers, social workers, and child advocacy centers peace of mind to manage evidence like never before based on the highest standards associated with HIPAA, CJIS and other data security frameworks.
Guardify CJIS Overview
Guardify is committed to compliance with the requirements set forth in the FBI’s CJIS Security Policy and its responsibilities to the criminal justice community. Guardify has earned the nationally recognized CJIS Ready Seal from Diverse Computing Inc. The CJIS ACE Division of Diverse Computing offers the first and only industry-standard process for evaluating CJIS-related products and services to ensure alignment with the FBI’s CJIS Security Policy. Seals are only awarded to entities after completing a meticulous assessment and evaluation process that reviews systems, policies, and procedures in relation to the CJIS Security Policy.
This in-depth analysis of the Guardify for Prosecution determined Guardify has demonstrated a commitment to and has real-world working knowledge of FBI CJIS Security Policy compliance and understands its criticality to the law enforcement and justice fields.
Guardify personnel have completed a) Security and Privacy Literacy Training and Role-Based Training through CJIS Online and are committed to annual recertification and b) a signed Security Addendum countersigned by the appropriate Guardify employee. Guardify also provides a signed Security Addendum from the company and will supply any and all supplemental documentation required by each state where necessary.
Guardify Security Overview
As a company that offers a solution in support of the administration of criminal justice, Guardify understands its CJIS and HIPAA obligations including, but not limited to, the following:
- Compliance with all applicable regulations, statutes, policies, and rules governing access to criminal justice information (CJI).
- Ensuring all Guardify personnel who support a criminal justice contract:
- Complete a state and national fingerprint-based background check prior to receiving CJI access.
- Complete other client-specific training in addition to Security Awareness Training.
- Provide additional identification when requested.
- Conducting periodic reviews of Guardify employee access, modifying the access when applicable, and notifying the client of any changes.
- Informing clients of security incidents per HIPAA and CJIS regulations.
- Completing any state/agency specific CJIS-related requirements.
- Special attention is taken in ensuring that all data is private. Only authorized, licensed users who have been verified through multi-factor authentication can access the content.
- Access can be granted or removed in real-time. Users with the appropriate authority level can grant or remove access to video files, audio files and associated files and annotations.
- All data is encrypted in both transit and rest, with access going through multiple levels of authentication.
- Unique encryption keys are managed by Guardify to ensure technology providers are unable to access any Guardify data. Guardify team members are also unable to access customer data, with the exception of approved and audited engineers regulated by the HIPAA Minimum Necessary Standard to maintain Guardify infrastructure.
- Guardify has also undergone HIPAA assessments and third party penetration testing to confirm top security and privacy measures are validated by independent sources.
- There is complete interview and case history tracking. At any time, users with the appropriate authority level can see the historic access to the evidence, who currently has access, and who has downloaded or viewed the evidence.