Security Program Overview
CopEntry safeguards law-enforcement data with a layered security program that combines hardened infrastructure, zero-trust access controls, proactive monitoring, and disciplined incident response. Our controls are designed to align with CJIS-style expectations while staying nimble enough for rapidly evolving threat landscapes.
Infrastructure & Environment Hardening
- Isolated cloud workloads with environment-specific networks, bastion access, and firewall rules tuned to least-privilege connectivity.
- Global content delivery and application firewall protection with automated patching, DDoS mitigation, and TLS certificates managed through continuous renewal pipelines.
- Runtime security baselines enforced via infrastructure-as-code reviews, peer approvals, and immutable build artifacts.
Data Protection & Encryption
- TLS 1.2+ encryption for all traffic plus HSTS across primary domains.
- AES-256 encrypted databases with key management, automatic rotation, and separate encryption contexts for file storage.
- Secrets vaulted and scoped per environment; credentials are never hard-coded or checked into source control.
Identity & Access Management
- Multi-factor authentication for administrative consoles and privileged services.
- Role-based access control with row-level security on report data to enforce agency segregation.
- Automatic session expiration, device monitoring, and support for SSO where agencies require directory integration.
Application Security Lifecycle
- Secure development lifecycle with pull-request reviews, automated dependency scanning, and static analysis.
- Threat modeling and security checklists for new features, especially those handling sensitive evidence or AI-assisted outputs.
- Scheduled penetration testing and vulnerability scanning with remediation tracked to closure.
Monitoring, Logging & Incident Response
- Centralized logging for authentication events, administration actions, data exports, and system anomalies with tamper-evident retention.
- 24/7 alerting tied into runbooks for triage, containment, forensic review, and customer communication.
- Root-cause analysis for every major incident, with follow-up actions tracked through completion.
Business Continuity & Resilience
- Daily encrypted backups, point-in-time recovery for databases, and geographically redundant storage for attachments.
- Documented disaster recovery playbooks tested through tabletop exercises and scenario drills.
- Capacity planning and performance baselines to absorb surge usage during major events.
Governance, Training & Vendor Oversight
- Mandatory security awareness, phishing resistance, and CJIS-style data handling training for employees and contractors.
- Background checks for personnel with production access, subject to local law.
- Vendor due diligence and contractual requirements covering confidentiality, incident notification, and data handling.
Responsible Disclosure
If you discover a vulnerability, email support@copentry.com or reach out through the 24/7 support chat. Provide enough detail to reproduce the issue; we commit to prompt triage, remediation, and transparent communication with affected customers.