Security at Filevine

Filevine performs regular audits and adheres to the CJIS Security Policy 5.9.4 and we are in the process of transitioning to CJIS 5.9.5. We have trained and certified CJIS TACs to ensure our security program meets our customers CJIS requirements. To receive a copy of our CJIS compliance package, please send a request to the Filevine CJIS Security Team.

Visit our Terms and Conditions

Filevine is a cloud-based SaaS platform. Individuals are able to access the software in its entirety on any computer or smart device at almost any location, provided they have an internet connection using Chromium based browsers such as Edge and Google Chrome.

Cloud-Based: Filevine contracts its own instances within SSAE 18 certified, private AWS, Microsoft Azure, and Google cloud platform. We do not operate or manage our own data centers.

Yes and no. Filevine does not offer a separate Mobile App at this time. However, Filevine is mobile-friendly; users are able to access the software in its entirety on any computer or smart device at almost any location using Chromium-based browsers such as Edge and Google Chrome. Mobile application development is underway, and a release candidate announcement should be forthcoming.

Yes, Filevine utilizes an industry-recognized web application Firewall (WAF) to block common attacks identified in the OWASP Top Ten. These may include actions such as injection attacks, broken authentication, sensitive data exposure, insecure deserialization, cross-site scripting (XSS), and others. If these attacks rise to the level of a security incident, the Incident Response team follows our standard process to quickly respond and thoroughly investigate the event, through resolution.

Incident Response (IR) Team
Filevine has a trained and experienced team of IR handlers with multiple security certifications and years of experience managing incidents. This team is very familiar with industry-recognized tactics, techniques, and procedures (TTPs) to ensure security incidents are resolved in a timely and efficient manner. The team reviews countless security alerts, events of interest (EoI)s, significant events, and other incident types as it prioritizes, escalates, and resolves malicious attacks.

Enterprise Logging & Security Incident & Event Management (SIEM)
Filevine utilizes multiple, best-in-class solutions to support enterprise logging and IR efforts. Filevine has deployed enterprise logging and SIEM technologies to increase visibility, aggregate, organize, and time-synchronize network and system events to allow our teams to respond to alerts and potential threats in a timely manner. We maintain in-house security operation center (SOC) staff to triage security alerts and we have aligned our security program with the MITRE ATT&CK framework best practices for detection and response.

Filevine maintains a Business Continuity plan and a Data Security Incident Response Plan, among other policies and procedures. Our Business Continuity plan is designed to address the most common business disruptions and to reduce the risks of a significant outage or regional event interrupting Filevine services. This plan is reviewed annually and addresses risks with employees, offices, product support and other relevant business considerations.

Filevine leverages highly available services that are redundant across multiple data centers and multiple cloud service providers to ensure very high availability for the platform.

Filevine strives for 99.9% uptime during standard business hours (M-F 8am-5pm MST). Filevine availability terms are located in the Terms and Conditions.

Filevine shall use reasonable efforts consistent with prevailing industry standards to maintain the Products and Services in a manner that minimizes errors and interruptions in the Products and Services and shall perform the Services in a professional and workmanlike manner. Services may be temporarily unavailable for scheduled maintenance windows or for unscheduled emergency maintenance by Filevine, or because of other causes beyond Filevine’s reasonable control, but Filevine will use reasonable efforts to provide advance notice of any scheduled service disruption. However, Filevine does not warrant that the Products or Services will be uninterrupted or error-free, will meet Subscriber’s requirements, will be compatible or work with any software, system, or other services, will be secure, accurate, complete, or free of harmful code, nor does it make any warranty as to the results that may be obtained or achieved from the use of the Products or Services.

Minimum computer requirements are needed to support Filevine including a Pentium 4 or greater processor, 16 GB of RAM and 100 MBs of hard disk space as well as a modern web browser. For the best results, a Chromium based browser such as Edge or Google Chrome is recommended with support for TLS 1.2 and preferably TLS 1.3. Meeting these requirements, users should be able to access Filevine on almost any modern computer or smart device.

Filevine's team of data security and compliance experts work with Third-Party, AICPA certified auditing firms and have completed our SOC 2 Type I & II reports for Filevine. In addition to SOC 2, Filevine is also complying with Criminal Justice Information System (CJIS) v5.9 security requirements meeting FBI security obligations. Furthermore, Filevine has adopted the CIS 18 Critical controls and has successfully completed internal and external HIPAA Security Rule audits. Filevine is also working on ADA/WCAG Compliance efforts, GDPR, and CCPA privacy efforts. Additional focus on FedRAMP, StateRAMP, ISO 27001, ISO 9001, and other security goals are in process.

When you create a Filevine user account or update your account’s passwords, Filevine requires a complex password of at least eight (8) characters and at least one (1) non-alpha character. All passwords are salted and one-way hashed in storage. Filevine administrative accounts used to administer the platform have even stronger password requirements to ensure access to the platform is secure. Filevine also supports and encourages the use of strong passphrases for clients utilizing the platform.

Yes, Filevine supports the use of SSO services such as Microsoft Azure Active Directory, Google Authentication, etc. Filevine also supports the use of Okta, Ping, and other Identity and Access Management (IAM) tools to enable SSO.

Yes, Filevine supports the use of two-factor authentication (2FA) services such as Microsoft Azure Active Directory, Google Authentication, etc. Filevine also supports the use of Okta, Ping, and other Identity and Access Management (IAM) tools to enable 2FA.

Filevine uses FIPS 140-2, FIPS 197 and FIPS 199. This includes AES 256 encryption for data at rest and support for TLS 1.2/1.3 encryption for data in transit.