Security & Privacy
      Back to home
      1. Help Center
      2. How TRULEO Works
      3. Security & Privacy

      Security FAQs

      Frequently Asked Questions about TRULEO's security policies

      General Security

      Q: Do you have a formal information security management system?
      A: Yes, Truleo uses a SIEM solution to monitor and detect threats in real-time.

      Q: What security frameworks do you follow?
      A: Truleo complies with CJIS Security Policy and FedRAMP standards, leveraging AWS GovCloud infrastructure.

      Access Control

      Q: Does Truleo support role-based access control (RBAC)?
      A: Yes, Truleo provides RBAC capabilities, restricting access based on user roles.

      Q: What authentication mechanisms are in place?
      A: Truleo supports Single Sign-On (SSO) with customer identity providers and requires Multi-Factor Authentication (MFA).

      Data Protection

      Q: How is sensitive information like PII and CJIS data handled?
      A: Sensitive data is encrypted using FIPS 140-2 standards at rest and in transit. Automated redaction models are used to remove sensitive details from body-worn camera transcripts.

      Q: Where is customer data stored?
      A: Data is stored in AWS GovCloud, segmented within encrypted AWS Aurora RDS instances.

      Incident Management

      Q: How do you ensure service availability during outages?
      A: Truleo employs redundant infrastructure in AWS GovCloud, automated daily backups, and disaster recovery testing to meet RPO of 24 hours and RTO of 120 minutes.

      Q: What is your process for notifying customers in the event of a security breach?
      A: Customers are notified within 24 hours, as outlined in the Incident Response Policy.

      Third-Party Vendors

      Q: Do you use third-party vendors?
      A: Yes, AWS GovCloud is used for hosting infrastructure, ensuring compliance with CJIS and FedRAMP standards.

      Q: Do you perform security assessments of vendors?
      A: Yes, Truleo reviews vendor compliance certifications like CJIS and conducts regular audits.

      Vulnerability Management

      Q: How do you manage and patch vulnerabilities?
      A: Monthly scans and annual penetration tests are conducted, with medium or higher severity issues resolved within 30 days.

      Q: How are customers notified of vulnerabilities?
      A: Weekly release notes provide updates on vulnerability mitigations and patches.