Security at Filevine

Yes, Filevine has a robust information security program designed to protect your sensitive data. We adhere to strict security standards and regularly conduct audits to ensure compliance with industry best practices. We are also CJIS v5.9.3 compliant and are actively working towards achieving CJIS v5.9.4 and v5.9.5 compliance. Our team includes trained and certified CJIS TACs to ensure our security program meets our customers' CJIS requirements. To receive a copy of our CJIS compliance package, please send a request to the Filevine CJIS Security Team.

Visit our Subscription Agreement. 

Filevine is a cloud-based SaaS platform. Individuals can access the software in its entirety on any computer or smart device at almost any location, provided they have an internet connection using Chromium-based browsers such as Edge and Google Chrome.

We are also excited to announce that we're launching a desktop app in 2025 to further enhance performance and provide an enhanced experience for users working with large files.

Cloud-Based: Filevine contracts its own instances within SSAE 18 certified, private AWS, Microsoft Azure, and Google cloud platform. We do not operate or manage our own data centers.

Yes and no. Filevine does not offer a separate Mobile App at this time. However, Filevine is mobile-friendly; users are able to access the software in its entirety on any computer or smart device at almost any location using Chromium-based browsers such as Edge and Google Chrome. Mobile application development is underway, and a release candidate announcement should be forthcoming.

Yes, Filevine utilizes an industry-recognized web application Firewall (WAF) to block common attacks identified in the OWASP Top Ten. These may include actions such as injection attacks, broken authentication, sensitive data exposure, insecure deserialization, cross-site scripting (XSS), and others.

In addition to our WAF, we also employ DDoS protection to defend against distributed denial-of-service attacks. We leverage both AWS and Cloudflare to provide a multi-layered defense against these threats.

If these attacks rise to the level of a security incident, the Incident Response team follows our standard process to quickly respond and thoroughly investigate the event, through resolution.

Incident Response (IR) Team
Filevine has a trained and experienced team of IR handlers with multiple security certifications and years of experience managing incidents. This team is very familiar with industry-recognized tactics, techniques, and procedures (TTPs) to ensure security incidents are resolved in a timely and efficient manner. The team reviews countless security alerts, events of interest (EoI)s, significant events, and other incident types as it prioritizes, escalates, and resolves malicious attacks.

Enterprise Logging & Security Incident & Event Management (SIEM)
Filevine utilizes multiple, best-in-class solutions to support enterprise logging and IR efforts. Filevine has deployed enterprise logging and SIEM technologies to increase visibility, aggregate, organize, and time-synchronize network and system events to allow our teams to respond to alerts and potential threats in a timely manner. We maintain in-house security operation center (SOC) staff to triage security alerts and we have aligned our security program with the MITRE ATT&CK framework best practices for detection and response.

Filevine maintains a Business Continuity plan and a Data Security Incident Response Plan, among other policies and procedures. Our Business Continuity plan is designed to address the most common business disruptions and to reduce the risks of a significant outage or regional event interrupting Filevine services. This plan is reviewed annually and addresses risks with employees, offices, product support and other relevant business considerations.

Filevine leverages highly available services that are redundant across multiple data centers and multiple cloud service providers to ensure very high availability for the platform.

Filevine strives for 99.0% uptime during standard business hours (M-F 8am-5pm MST). Filevine availability terms are located in the Subscription Agreement.

Filevine shall use reasonable efforts consistent with prevailing industry standards to maintain the Products and Services in a manner that minimizes errors and interruptions in the Products and Services and shall perform the Services in a professional and workmanlike manner. Services may be temporarily unavailable for scheduled maintenance windows or for unscheduled emergency maintenance by Filevine, or because of other causes beyond Filevine’s reasonable control, but Filevine will use reasonable efforts to provide advance notice of any scheduled service disruption. However, Filevine does not warrant that the Products or Services will be uninterrupted or error-free, will meet Subscriber’s requirements, will be compatible or work with any software, system, or other services, will be secure, accurate, complete, or free of harmful code, nor does it make any warranty as to the results that may be obtained or achieved from the use of the Products or Services.

Minimum computer requirements are needed to support Filevine including a Pentium 4 or greater processor, 16 GB of RAM and 100 MBs of hard disk space as well as a modern web browser. For the best results, a Chromium based browser such as Edge or Google Chrome is recommended with support for TLS 1.2 and preferably TLS 1.3. Meeting these requirements, users should be able to access Filevine on almost any modern computer or smart device.

Filevine's team of data security and compliance experts work with third-party, AICPA-certified auditing firms and have completed our SOC 2 Type I & II reports for Filevine. In addition to SOC 2, Filevine is also compliant with Criminal Justice Information System (CJIS) v5.9.3 security requirements, meeting FBI security obligations. Furthermore, Filevine has adopted the CIS 18 Critical controls and has successfully completed internal and external HIPAA Security Rule audits.

We are also pursuing the ISO certifications for ISO 27001, ISO 27701, ISO 27017, and ISO 27018—recognized gold standards for international data protection. Furthermore, the company is on track to achieve FedRAMP Moderate "Ready" status by the end of 2025.

When you create a Filevine user account or update your account’s passwords, Filevine requires a complex password of at least eight (8) characters and at least one (1) non-alpha character. All passwords are salted and one-way hashed in storage. Filevine administrative accounts used to administer the platform have even stronger password requirements to ensure access to the platform is secure. Filevine also supports and encourages the use of strong passphrases for clients utilizing the platform.

Yes, Filevine supports the use of SSO services such as Microsoft Azure Active Directory, Google Authentication, etc. Filevine also supports the use of Okta, Ping, and other Identity and Access Management (IAM) tools to enable SSO.

Yes, Filevine supports the use of two-factor authentication (2FA) services such as Microsoft Azure Active Directory, Google Authentication, etc. Filevine also supports the use of Okta, Ping, and other Identity and Access Management (IAM) tools to enable 2FA.

Filevine uses FIPS 140-2, FIPS 197 and FIPS 199. ¹ This includes AES 256 encryption for data at rest and support for TLS 1.2/1.3 encryption for data in transit. ¹ Filevine is also pursuing the FIPS 140-3 standard to further enhance the security of our encryption and key management processes

Yes, Filevine uses a layered approach of disparate enterprise grade security tools to both detect and prevent potentially malicious files and activities from impacting our systems.