FEATURE | Security

FOIA Software with Top-Grade Security

You deal with sensitive information every day, from bank account numbers to criminal justice records. We’re committed to protecting your data, your community, and your organization’s reputation with industry-leading security features.

Sleep Well Knowing Your Data is Protected

Our team works around the clock to ensure that no one with malicious intent can access your data or harm your community. We aim to surpass industry standards for security measures, with rigorous threat monitoring, next-gen firewall protection, and certifications including CJIS Compliance Readiness and SOC 2.

JustFOIA's Security Features

Microsoft Azure Government Cloud

We’re hosted in the same cloud platform used by the Department of Defense. Microsoft Azure Government Cloud is FedRAMP Authorized at Level High and can handle data that is subject to specific government regulations and requirements, such as NIST800.171 (DIB), ITAR, IRS 1075, DoD L4, and CJIS.

24/7 Threat Defense Monitoring

Our monitoring and alerting systems instantly notify our team of any issues regarding availability and performance. Our IT engineers can handle any cloud infrastructure issues 24 hours a day, seven days a week.

Performance Analytics Reviews

Regular reviews help detect anomalies that could indicate security breaches and highlight unauthorized access through abnormal resource usage patterns.

Update Management

We manage all infrastructure updates for client sites, including monthly deployments of critical and security updates and quarterly deployments of additional classifications.

Disaster Recovery

JustFOIA’s Disaster Recovery is built upon Microsoft’s Azure Site Recovery (ASR), a native disaster recovery as a service. In case of emergency, your fully replicated site will be up and running in a geographically disparate region within 5 minutes.

Data Encryption

JustFOIA data is encrypted in transit (TLS/ HTTPS) and at rest transparently using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant.

Single Sign-On (SSO)

JustFOIA authentication allows SSO connections with numerous identity services (Microsoft Entra ID, SAML, and more) for improved identity management security and control.

Role-Based Access

Your solution provides multiple levels of permissions for user profiles to ensure only those with appropriate credentials can see sensitive data.

Advanced Redaction

Human error in the redaction process can accidentally expose sensitive data. With our AI-enhanced redaction tools, your team can minimize security risks caused by errors.

Uptime Guarantee

We guarantee uptime of at least 99.5% outside of scheduled maintenance and upgrades. We use third-party monitoring software to ensure that we meet this level of service.

Continuous Innovation

We recognize that no system can guarantee data security with complete certainty. That’s why we continue to innovate to ensure that our security measures are state of the art.

Issue Investigation

We offer a direct line of communication to our support team for our clients to report security issues or concerns and thoroughly investigate all reported security issues.

Certifications

CJIS ready ACE certification

CJIS Ready Seal

JustFOIA complies with the FBI CJIS (Criminal Justice Information Systems) Security Policy, meaning it can safely handle criminal records, crime victim information, and other sensitive data.

soc 2 type 2 certified seal

SOC 2 Type II

JustFOIA has undergone a System and Organization Control (SOC) 2 Type II audit by an external auditing firm showing that we follow strict information security policies and procedures.

TX-RAMP certified logo

TX-RAMP

JustFOIA meets the security standards required for cloud-based platforms used at Texas public sector agencies under TX-RAMP (Texas Risk and Authorization Management Program).

CISSP certified logo (light font)

CISSP

Our CIO is a Certified Information Systems Security Professional, a globally recognized cybersecurity certification that shows the ability to understand and apply IT security concepts.

Let's Get Technical and Dig a Little Deeper

Being SOC 2 certified requires that we follow strict information security policies and procedures, encompassing the security, availability, processing, integrity, and confidentiality of client data. All of our employees go through CJIS training, security awareness training and have passed background checks. No contractors or part-time employees have access to client data.

Additionally, the underlying infrastructure of JustFOIA is in the Microsoft Azure Government Cloud, which is fully CJIS compliant. Our dedicated internal team that handles security opportunities and disruption identification is led by our director of cloud technology and security is CISSP certified (#118986), the industry’s de facto security credential.

JustFOIA utilizes an advanced web traffic load balancer to distributes traffic among multiple servers to increase availability and performance for each client. o web applications. While traditional load balancers operate at the transport layer (OSI layer 4), JustFOIA's advanced routing capability is known as application layer (OSI layer 7) load balancing and gives our development team greater control in managing infrastructure and providing a lightning-fast software product that's ready to work when you need it.

JustFOIA's powerful Web Application Firewall (WAF) provides centralized protection from common exploitations and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities. SQL injection and cross-site scripting are among the most common attacks seen. Our WAF is based on Core Rule Set (CRS) 3.1, 3.0, or 2.2.9 from the Open Web Application Security Project (OWASP). Our always-vigilant WAF automatically updates to include protection against new vulnerabilities, with no additional configuration needed from clients.

We guarantee JustFOIA uptime of at least 99.5% outside of scheduled maintenance and upgrades. JustFOIA is hosted in the Microsoft Azure Government Cloud. With third-party monitoring software, we monitor and make reasonable efforts to ensure that its uptime meets this level of service.

What Our Clients Say...

Learn More

Your FOIA software will process documents containing sensitive information about your organization and individuals. It’s essential to investigate security features thoroughly. In this blog, we cover three areas of security that agencies need to consider when evaluating potential SaaS options.

Security in SaaS: What Every Agency Should Know When Choosing a Public Records Request Platform

Using a solution like JustFOIA that’s made specifically to manage FOIA requests from intake to delivery can bring a myriad of benefits to your organization, including tighter security protocols. In this blog, we compare manually filling requests with using a records request software, and examine the outcomes of each.

The Value of Dedicated Software for Public Records Requests