Criminal Justice Information Services Compliance

Criminal Justice Information Services Compliance

The Criminal Justice Information Services (CJIS) refers to a division of the Federal Bureau of Investigation (FBI) in the United States that provides criminal justice information, systems, and services to law enforcement, national security, and criminal justice agencies at the federal, state, local, and tribal levels. CJIS compliance requirements are necessary to protect national security while safeguarding the civil liberties of individuals and businesses.

The CJIS Security Policy laid out by the division defines 13 areas that must be evaluated by all handling, storing, or having access to CJI. CJI includes data but is not limited to, biographic, biometric, identity history, property, and case or incident history data.

The essential premise of the CJIS Security Policy is to provide appropriate controls to protect the full lifecycle of CJI, whether at rest or in transit. The Policy provides guidelines for the creation, viewing, modification, transmission, dissemination, storage, and destruction of CJI.

This Policy applies to every individual—contractor, private entity, noncriminal justice agency representative, or member of a criminal justice entity—with access to, or who operates in support of, criminal justice services and information.

The determination of compliance with CJIS for a specific solution lacks a universally standardized approach. Consequently, each state is tasked with individual responsibility for ensuring compliance within its jurisdiction, being individually accountable to the FBI. IDrive Inc. provides critical data security protection without compromising privacy and can help customers achieve CJIS compliance.

IDrive assists organizations with CJIS compliance

As a cloud backup and storage company with SOC2 Type 2 compliance, IDrive is well-positioned to support the fulfillment of the Criminal Justice Information Services (CJIS) security policy requirements. Here's a point-by-point breakdown of how IDrive can assist in meeting the CJIS requirements:

  • Encrypted storage
    The data is encrypted using industry-standard 256-bit AES encryption and transmitted securely to a vault that resides at a world-class data center that provides SOC-approved data protection service.
  • Physical security
    The data centers are equipped with various physical security measures, custom-designed raised floors, HVAC temperature control systems with separate cooling zones, and seismically braced racks.
  • Access control
    Access to the vaults and the data center is strictly controlled through administrative procedures, physical safeguards, and technical security measures to prevent unauthorized use or disclosure of customer data.
  • Regular monitoring
    The network infrastructure is periodically checked for vulnerabilities with third-party audits.
  • Identification and authentication
    IDrive services use strong authentication systems and logins can be additionally verified with a one-time code sent to a registered email address, along with the use of an account password.
  • Data durability and protection
    IDrive Online Backup provides true archiving, which means your data is never deleted from your account until you delete it.

Hear from our customers

One aspect of IDrive that we particularly appreciate is the nightly emails. These updates provide valuable reassurance that our data is being backed up regularly and securely. It's a small detail, but it contributes significantly to our peace of mind.
Overall, our experience with IDrive has been positive, and we're grateful for the reliability and convenience it brings to our data storage needs.

- Finnigan Law Firm

I first heard about IDrive through word of mouth from friends and colleagues, which speaks to its reputation in the industry. Overall, our experience with IDrive has been nothing short of positive, and we're pleased to share our satisfaction. IDrive has truly streamlined our backup process and provided us with the secure storage solution we needed.

- Spirit Lake Law


  • IDrive cloud backup offers the choice of employing private encryption which is known only to the user and not stored on IDrive servers, in addition to default encryption. Explore the distinction between private and default encryption here.
  • Google Workspace Backup and Microsoft Office 365 Backup employ industry-standard default encryption protocols to ensure secure data storage.