CJIS Compliance

What is CJIS Compliance?

CJIS compliance for LEO, agencies and public safety entities refers to adherence to the Criminal Justice Information Services (CJIS) Security Policy, which governs the handling, access, and protection of sensitive law enforcement data such as undercover, arrest records, investigation files, and biometric information. Developed by the FBI, this policy establishes security standards for both criminal justice agencies and their private contractors.

What is CJIS Compliance for Scanning Law Enforcement Records ?

TierFive provides secure CJIS-compliant document scanning services for law enforcement agencies and public safety entities, maintaining CJIS compliance is critical to safeguarding data, avoiding breaches, and preserving access to national law enforcement databases. It also ensures that criminal justice operations are conducted in accordance with federal privacy and security guidelines. Any third-party handling Criminal Justice Information (CJI) such as a document scanning provider must implement comparable controls to those used by the agency itself.

How TierFive Meets CJIS Compliance for Document Scanning

TierFive delivers CJIS-compliant document scanning services by following carefully controlled procedures that meet the security expectations outlined in the CJIS Security Policy. While CJIS does not offer formal certification to vendors, TierFive’s PBSA background verification secure document scanning for law enforcement service structures every aspect of its ISO 27001 certified document handling process to uphold CJIS requirements. We utilize FIPS 140-2 validated encryption to protect CJI during both storage and transmission. All access to sensitive data is controlled through multi-factor authentication and role-based permissions, ensuring that only authorized personnel are able to handle criminal justice records. Our scanning operations take place within physically secure facilities equipped with 24/7 surveillance, restricted entry systems, and intrusion detection mechanisms. We maintain detailed audit trails that track all activity and data interactions, supporting transparency, oversight, and accountability. All TierFive personnel with access to CJI are subject to background checks and sign the CJIS Security Addendum, confirming their obligation to follow the same standards required of law enforcement employees. From chain-of-custody documentation to secure digital output, every phase of our workflow is designed to maintain compliance, protect data, and support the unique needs of justice sector clients.

The Role of the CJIS Security Addendum in TierFive’s Services

The CJIS Security Addendum plays a critical role in ensuring that private vendors like TierFive uphold the same level of responsibility and security as public agencies. This addendum is a mandatory agreement required by the FBI, binding all contractor personnel who have access to Criminal Justice Information to comply with CJIS standards. TierFive incorporates this requirement into our internal protocols by performing federal background checks requiring all applicable employees to undergo fingerprint-based background checks and sign the CJIS Security Addendum before gaining any access to sensitive data. Staff also receive regular training to stay current on CJIS expectations and responsibilities. TierFive does not utilize subcontractors and assigned staff are identified under NDA to our client. By enforcing this contractual framework, TierFive demonstrates its commitment to lawful data handling, regulatory transparency, and partnership accountability with criminal justice clients.

• Key CJIS Compliance Requirements for Secure Document Scanning

  A document scanning service provider handling CJI must align with the following CJIS Security Policy requirements:

  • Data Security and Encryption
    Encrypt data in transit and at rest using FIPS 140-2 validated methods.

  • Access Control and Authentication
    Restrict access to authorized personnel using multi-factor authentication and role-based controls.

  • Audit Trails and Monitoring
    Maintain detailed logs of system access, user activity, and data handling.

  • Physical Security
    Operate in secure facilities with surveillance, restricted entry, and access logs.

  • Data Integrity and Retention
    Preserve the accuracy and authenticity of scanned records with proper chain-of-custody and storage protocols.

  • Compliance with CJIS Security Addendum
    Ensure all personnel handling CJI have signed the Security Addendum and meet background screening standards.

  • Training and Policies
    Provide recurring training on data security and CJIS-specific requirements for all staff with access to sensitive information.

Contact TierFive today to learn more about how we can help your agency reduce overhead costs securely digitize your law enforcement records within the compliance requirements of CJIS. *Note if your agency has additional requirements such as DOJ or CLETS just let us know.