Recidiviz has implemented best-in-class security practices to keep customer data safe. We take great care to protect all data that we work with, as well as to protect the privacy of those who provide the data and whose information may be included in the data.
Recidiviz is compliant with CJIS requirements that all staff with access to CJI undergo Level 4 CJIS security training and necessary background checks. Additionally, Recidiviz's product, corporate, and cloud environment are built to comply with CJIS requirements.
Recidiviz has successfully completed a Service Organization Control 2 (SOC 2) Type 2 audit for its hosted services.
Recidiviz's security program conforms to HIPAA security requirements for its hosted services and corporate environment. All Recidiviz employees are trained in maintaining the confidentiality, integrity, and availability of protected health information (PHI).
Secure Cloud Infrastructure
Recidiviz heavily leverages GCP's Platform-as-a-Service (PaaS) offerings, meaning that GCP manages the underlying infrastructure of Recidiviz's entire product suite. Google has attested that all infrastructure in Recidiviz's product infrastructure is compliant with ISO 27001, FedRAMP, HIPAA, and NIST 800-53, to name a few. Details about GCP's compliant and secure infrastructure can be found here: https://cloud.google.com/security/compliance/offering