At Appriss, security and integrity are not only important, but fundamental to the success of our business and essential in maintaining our clients’ trust. We are committed to excellence and believe that we owe our clients the assurance, from qualified, independent auditors, that our security controls are reviewed and tested annually, and that they meet or exceed industry best practices.
Appriss Safety operates the nation’s largest arrest data network. The only real-time network of state and local offender management systems in existence, it covers over 2,900 law enforcement and criminal justice agencies and over 100 million booking records in the United States. Given the sensitivity and breadth of its data, Appriss fully recognizes the importance of data security and utilizes the Criminal Justice Information Security (CJIS) Policy, as well as the Service Organization Controls (SOC) Trust Service Principles to guide its overall information security program.
In July 2017, Appriss successfully completed the second and final SOC 2 examination—the SOC 2 Type 2. The SOC 2 Type 2 relates to the availability, integrity, and confidentiality principles defined by the American Institute of Public Accountants (AICPA). The SOC 2 Type 2 audit report is an internal controls report that captures how Appriss Safety safeguards customer data, how well those controls are designed, and how efficiently they are operating. The certification included independent testing of security controls related to Appriss-owned data centers, policies, people, and systems.
Additionally, the report includes a mapping to the CJIS Policy to ensure compliance with state and local government requirements.
“The security and integrity of customer data has always been a critical consideration for Appriss,” said Appriss’ Chief Security Officer, Shellie Nall. “Successful completion of our SOC 2 audit provides assurance of our ongoing commitment to deliver secure and compliant safety services to our customers.”
The SOC 2 examinations were performed by Coalfire, Inc., an independent cyber risk management and compliance consulting group.
Secure data… laying the foundation for #knowledgeforgood!