Evidence.com Security outlines the measures that Axon has taken to secure Evidence.com. Customers inherit these advanced security capabilities, controls and programs. This security inheritance enables customers to achieve high levels of data security. However, it is also critically important for customers to understand and implement the security practices that are within their responsibility and control.

Below are recommendations that should be considered by customers to secure their usage of Evidence.com:

User Account Management Practices

• Create individual Evidence.com user accounts for each of your users
• Grant users the most restrictive set of permissions as required to perform their job tasks (i.e. adhere to the principle of least privilege)
• Appropriately limit the number of users with Admin Access and privileged Evidence Management permissions
• Review and revoke or modify Evidence.com user access as part of user transfer, promotion and termination processes
• Integrate Evidence.com with your Active Directory to simplify user management processes and authentication mechanisms for your users

Security Settings Configuration

• Enable 2-factor, advanced authentication capabilities within Evidence.com
• Consider using the IP restrictions feature of Evidence.com to ensure your users can only access Evidence.com from trusted IP addresses and networks, such as your offices
• Ensure your password configurations meet your agency's standards and policies including: Password History, Password Aging, Password Length, Failed Login Limit, and Lockout Duration
• See the Axon Help Center for instructions on how to configure these settings

Security Training and Awareness

• Ensure your users know that Axon will never call or contact them to ask for their password
• Train your users on social engineering and phishing tactics including instructions on how to identify and report phishing attempts
• Educate your users to notify appropriate agency authorities of potential Evidence.com password disclosures, malicious Evidence.com account usage, or other malicious computing activity and incidents

Assurance Practices

• Periodically review and validate users with access to Evidence.com and their assigned roles
• Periodically review and validate configured roles and permissions to ensure they adhere to your agency's objectives
• Periodically review and validate the configuration of your retention categories to ensure they support your agency's data retention policies

SECURE USER SYSTEMS

• Apply available vendor security updates in a timely manner
• Enforce users to use the latest browser versions
• Implement malware protections on user systems
• Implement spam and spyware protection mechanisms