FOIA Software with Top-Grade Security

We understand at times your need to innovate in real-time to respond to citizen demand, and  adjust settings on the fly as the regulatory environment evolves. Our team is committed to maintaining a secure platform for every client by rigorous threat monitoring, next-gen firewall protection and industry-leading certifications like CJIS Compliance Readiness and SOC2.

Best-in-Class Software Security

Protecting your solution and information is our highest priority. Our team works around the clock to ensure hackers and cybersecurity offenders with malicious intent aren’t a part of the equation, ever. We aim to surpass industry standards for security measures we take to protect you. Here’s how we do it:

24/7 Threat Defense Monitoring

You Can Rest Assured Vaulting Your Sensitive Data Is Secure

JustFOIA is built on the same cloud platform that the Department of Defense and other government agencies trust – Microsoft Azure Government Cloud. Microsoft Azure Government Cloud is FedRAMP Authorized at Level High and can handle data that is subject to specific government regulations and requirements, such as NIST800.171 (DIB), ITAR, IRS 1075, DoD L4, and CJIS. Our IT director on staff is a CISSP too.

Microsoft Azure Government Cloud icon
CJIS ready ACE certification
soc 2 type 2 certified seal
CISSP certified logo (light font)
TX-RAMP certified logo

Our SOC 2 Type 2 Benefits You

We are a certified SOC 2 Type 2 service organization, as defined by the American Institute of Certified Public Accountants (AICPA). What does that mean for you? JustFOIA underwent a System and Organization Control (SOC) 2 Type 2 audit by an external auditing firm. The official SOC audit report provides a thorough review of processes related to risk management, including:

Analytics, System Updates, and Disaster Recovery

Imagine if you had to hire internal IT staff to support your solution. The good news is that you don’t have to! Below are a few actions we take on your behalf:

Monitoring & Performance Analysis
Our monitoring and alerting systems instantly notify our team of any issues regarding availability and performance. Our IT engineers can handle any cloud infrastructure issues 24 hours a day, seven days a week.

Update Management
We manage all infrastructure updates for client sites, including monthly deployments of critical and security updates and quarterly deployments of additional classifications.

Disaster Recovery
JustFOIA’s Disaster Recovery is built upon Microsoft’s Azure Site Recovery (ASR), a native disaster recovery as a service. In case of emergency, your fully replicated site will be up and running in a geographically disparate region within 5 minutes.

Encryption and Internal Security

JustFOIA data is encrypted in transit (TLS/ HTTPS) and at rest transparently using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant.

Single Sign-On (SSO) – JustFOIA authentication allows SSO connections with numerous identity services (Active Directory, SAML, and more) for improved identity management security and control.

Role-Based Access – Your solution provides multiple levels of permissions for user profiles to ensure those with appropriate credentials can only see sensitive or certain data.

Advanced Redaction – Human error in the redaction process can accidentally expose sensitive data to the world. With JustFOIA’s automated and bulk redaction tools, your team can minimize security risks caused by errors.

Innovation Is Our Culture

We take several measures to ensure that your data is protected. Although we are confident in our technology, we recognize that no system can guarantee data security with complete certainty.

For that reason, we continue to innovate to ensure that our security measures are state of the art. We investigate all reported security issues concerning our services and software. We offer a direct line of communication to our support team for our clients to report security issues or concerns.

Let's Get Technical and Dig a Little Deeper

You've got questions. We've got answers.

Being SOC 2 certified requires that we follow strict information security policies and procedures, encompassing the security, availability, processing, integrity, and confidentiality of client data. All of our employees go through CJIS training, security awareness training and have passed background checks. No contractors or part-time employees have access to client data.

Additionally, the underlying infrastructure of JustFOIA is in the Microsoft Azure Government Cloud, which is fully CJIS compliant. Our dedicated internal team that handles security opportunities and disruption identification is led by our director of cloud technology and security is CISSP certified (#118986), the industry’s de facto security credential.

JustFOIA utilizes an advanced web traffic load balancer to distributes traffic among multiple servers to increase availability and performance for each client. o web applications. While traditional load balancers operate at the transport layer (OSI layer 4), JustFOIA’s advanced routing capability is known as application layer (OSI layer 7) load balancing and gives our development team greater control in managing infrastructure and providing a lightning-fast software product that’s ready to work when you need it.

JustFOIA’s powerful Web Application Firewall (WAF) provides centralized protection from common exploitations and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities. SQL injection and cross-site scripting are among the most common attacks seen. Our WAF is based on Core Rule Set (CRS) 3.1, 3.0, or 2.2.9 from the Open Web Application Security Project (OWASP). Our always-vigilant WAF automatically updates to include protection against new vulnerabilities, with no additional configuration needed from clients.

We guarantee JustFOIA uptime of at least 99.5% outside of scheduled maintenance and upgrades. JustFOIA is hosted in the Microsoft Azure Government Cloud. With third-party monitoring software, we monitor and make reasonable efforts to ensure that its uptime meets this level of service.