Logo - BI Incorporated

BI Incorporated Achieves SOC 3 Compliance: Reinforcing Trust and Security for Community Corrections Partners

Hands typing on a laptop with an overlay of a SOC 3 compliance document, scales of justice, and a judge’s gavel, representing regulations and certification standards.

DOWNLOAD THE REPORT →

At BI Incorporated, safeguarding sensitive data and maintaining the trust of our agency partners is central to everything we do. Last year, we shared the news of our Service Organization Controls 2 (SOC 2) compliance, demonstrating our commitment to the rigorous standards of data security, confidentiality, and availability required in community corrections.

Today, we are pleased to announce the completion and publication of our SOC 3 independent audit, a milestone that further demonstrates our dedication to robust security practices.

BI undertook a thorough evaluation of its BI TotalAccess® Electronic Monitoring System, focusing on the design, implementation, and operation of controls to ensure the system met its commitments regarding security, availability, and confidentiality. The assessment, aligned with the 2017 Trust Services Criteria, aimed to provide reasonable assurance that BI service objectives and system requirements were consistently achieved. Details on the system’s boundaries and principal commitments are provided in the Independent Service Auditor’s Report .

What Is SOC 3 Compliance?

SOC 3 is a public, independent attestation report that provides validation of our operational controls and security measures, assessed by third‑party auditors and based on the Trust Services Criteria.

While our SOC 2 report provided a comprehensive and confidential review, our new SOC 3 report summarizes these results in a format that is accessible and transparent to all. This public report is designed to give agencies, government partners, and the broader community confidence that BI meets the highest standards for safeguarding sensitive information.

Inside Our Independent Auditor Report

Completed by Tevora, a specialized management consultancy focused on cybersecurity, risk, and compliance services, below are key highlights from the report.

  • Scope of Review: An independent examination was conducted on TotalAccess Electronic Monitoring System for the period July 1, 2025, to October 15, 2025, focusing on controls for security, availability, and confidentiality.
  • Management’s Assertion: BI asserted that its internal controls were effective in meeting service commitments and system requirements, as defined by the AICPA’s Trust Services Criteria.
  • Auditor’s Role: The service auditor’s responsibility was to express an opinion on BI management’s assertion, using evidence-based procedures and following AICPA attestation and ethical standards.
  • Audit Procedures: The audit involved understanding the system, assessing risks, and testing controls to determine if they achieved BI’s stated service commitments and system requirements.
  • Limitations: No system of internal controls is perfect. There are inherent limitations due to human error, potential circumvention, or future changes. Additionally, the report’s scope may not cover every detail that all users might consider important.
  • Conclusion/Opinion: The opinion stated that BI controls were effective in meeting service commitments and system requirements for security, availability, and confidentiality for the review period.

Secure Partnerships in Community Corrections

Community corrections agencies and government partners operate under a growing set of legal and regulatory mandates that demand rigorous data security and privacy protections. Safeguarding sensitive information is now a matter of compliance with federal, state, and local rules and courts are increasingly holding agencies and their vendors accountable for lapses.

SOC 3 compliance provides independently verified assurance that BI systems and processes meet these high expectations. By aligning with the Trust Services Criteria, we demonstrate our due diligence in protecting confidential data, meeting secure data mandates, and reducing risk exposure.

The Role of Real-World Incidents in Compliance Planning

Data security is an ongoing consideration for organizations working in corrections and law enforcement. For example, there have been instances where internal errors led to the loss of important case information, resulting in additional oversight and compliance steps for the organizations involved. Situations like this show the value of having clear and reliable controls for managing justice system data.

These experiences remind agencies and their partners to have sound processes in place to protect sensitive information, and to be able to demonstrate those measures if needed. Achieving SOC 3 compliance is one way that organizations can meet these expectations and show their commitment to strong security and operational standards.

Our investment in security and third-party auditing is part of our promise to be the stable, reliable partner you can trust. With BI, agencies can focus on their mission, confident that their technology meets both the spirit and letter of today’s legal requirements for data protection.

Access the SOC 3 Report

We invite you to review our SOC 3 report. This document provides independent assurance of our security practices.

DOWNLOAD THE REPORT →

Share this story, choose your platform:

Most Recent

Categories

Alcohol Detection

Apps & Software

BI Whitepapers

Biometrics

Community Corrections News

Electronic Monitoring News

GPS Tracking

Press Releases

Radio Frequency Monitoring