Security at eCourtDate
Secured communications platform for the justice system.
Firewall and DDoS protection
Hosted in the CJIS-compliant AWS GovCloud™
Single Sign On with Azure and Office365
HTTPS enforced everywhere and AES 256-bit encryption at rest.
User Audit Logs
Track all user changes with searchable and exportable audit logs.
Role-based Access Control
Define each role and user permission at a granular level.
MFA is automatically enforced for every user with FIDO2 support.
API Key Management
Create and manage secure and expirable API keys.
Automated rollover and hourly data backups ensure 99.9% uptime.
How We Secure Your Data
Securing your data is a critical responsibility, and ensuring its protection is at the core of everything we do. We combine expertise, vigilance, and automation to keep data protected. We are happy to answer any of your questions regarding our security practices.
We offer integration with third-party authentication services like Office 365, Google, LinkedIn, OAuth 2.0, and LDAP. You can enforce password policies for your internal users based on granular permission access policies.
Our support team continuously monitors the performance and integrity of our services, including intrusion attempts, via comprehensive monitoring tools. We can anticipate potential issues and deploy solutions to prevent them from happening. We are proactive rather than reactive.
eCourtDate operates a Zero-Trust Network architecture without any trusted network segments. Network communication is encrypted in transit and at rest.
Backups occur via continuous streaming replication and frequent snapshots. We maintain firewalls on our edge servers and origin load balancers.
We host eCourtDate on AWS GovCloud (US). GovCloud data centers host sensitive data and regulated workloads and address the most stringent US government security and compliance requirements.
We do not store credit card or payment information on our servers. Payment information is transmitted directly to a PCI-compliant payment processor of your choice via HTTPS for secure processing.
Cyber Resilience Review (CRR)
CISA's CRR assessment is designed to measure existing organizational resilience as well as provide a gap analysis for improvement based on recognized best practices.
CSA Star Level One
The Security Trust Assurance and Risk (STAR) registry encompasses key principles of transparency, rigorous auditing, and cloud security and privacy best practices.
Multi-Tenant Serverless Architecture
We use a distributed, serverless cloud-native architecture for maximum security, performance, and capability. Each agency is assigned an isolated tenant based on their optimal GovCloud region.See Tenant Schema
Read-Only User Audit Logs
We store user activity in read-only, encrypted audit logs. Authorized users can search and download real-time and historical records through the Console.
- Auto-scrub personally identifiable information (PII).
- Search recent logs across authorized agencies and users.
- Bulk export all-time logs to CSV and JSON.
Granular Roles and Permissions
Configure user access with customizable roles and permissions.
- Assign record-level Create, Read, Update, or Delete permissions.
- Auto-match existing Identity Provider groups to roles.
- Conditional rules based on user-to-client assignment.
- Simulate permissions to streamline access-control testing.
- Hide in-app navigations and features by role.
- Auto-filter personally identifiable information (PII).
Malicious File Scanning
We automatically scan user-uploaded files against multiple signature databases to detect trojans, viruses, and malware.
Software Bill of Materials
Third-party vendors that we use to operate the eCourtDate platform.
Amazon Web Services
We use Amazon Web Services as an IaaS (infrastructure-as-a-service) provider.
We use Azure as an IaaS (infrastructure-as-a-service) provider.
We use GitHub to manage our source version control.
We use CloudFlare for our content delivery network and DDoS protection.
We use Postman to design and test our APIs.
We use Auth0 to handle authentication for our users.
We use Intercom to power our chat for supporting users.
We use Datadog to monitor our infrastructure health.
We use Let's Encrypt to provision our SSL certificates.