Security & Privacy

Our mission is to increase access to justice by allowing courts, government agencies, and the public to resolve tickets and disputes online. The confidentiality and integrity of court, agency, and personal data is paramount to us all.

We run our applications on cloud infrastructure that meets and exceeds industry and government standards.

Data Center Security

Matterhorn runs on the AWS cloud infrastructure. The AWS environment meets the following standards:

  • SOC 1, SOC 2, SOC 3,
  • FedRamp,
  • PCI DSS Level 1,
  • DoD CSM,
  • HIPAA,
  • ISO 9001, ISO 27001, ISO 27017,
  • and others.

In-Country Data Centers

To meet the in-country data requirements of our international customers, Matterhorn can use the appropriate in-country AWS data centers or other local data centers that meet our requirements.

Hardened Operating Systems

Matterhorn runs on hardened Linux servers that are automatically patched for critical security updates.

Data Backup

Matterhorn customer data is backed up twice daily and protected by at-rest and in-transit strong encryption.
Backups are stored redundantly in multiple geographically-separated data centers.

Secure Connections

  • All connections to Matterhorn are HTTPS (SSL/TLS). Any attempt to connect over HTTP is redirected to HTTPS.
  • All communications and data are encrypted, at-rest and in-transition.

High Availability

All applications and systems are designed in a highly available, fault-tolerant manner, with automatic failover and auto-scaling.

Separation of Application and Data

Matterhorn’s web application servers are physically and logically separated from servers that store customer data.

Customer Data Protection

  • All data is treated as confidential.
  • Inbound and outbound logical firewalls ensure that data cannot be leaked.
  • Sensitive production data is never migrated nor used outside of the production network.

Security Audits

  • Court Innovations routinely runs internal and external vulnerability scans and penetration tests.
  • Third-party firms perform security reviews.
    • These audits have confirmed our compliance with IRS p 1075 safeguards and the CJIS Security Policy, the FBI's security standards for organizations that access criminal justice information.
  • All activity and access is logged and monitored, including application logs, database logs, and API logs.

Application Security

Court Innovations utilizes secure development best practices with security reviews throughout design, prototype and deployment.

Password Policies

  • Matterhorn uses a strong password policy.
  • Passwords are one-way encrypted and cannot be decrypted.
  • Users must follow a one-time link sent to their email address to replace a forgotten password.

Access Control

All users are assigned a security role that dictates their access to all resources within Matterhorn.
Only administrative users can change the access privileges of other users.

Questions or Recommendations?

The Matterhorn team prides ourselves on the security and privacy of our software-as-a-service.
We continuously review and improve our security mechanisms and processes. Please be in touch with any questions or comments regarding our security standards and practices.