Everlaw’s security and compliance program is holistic and part of our core philosophy. It demonstrates our commitment to ethics and our company values, as well as compliance with our security, privacy and confidentiality commitments to customers and applicable laws and regulations.
Everlaw sets the bar for cloud security. Our program is built on top of federal guidance on effective compliance programs, because we believe that security, privacy and compliance go hand-in-hand. Everlaw prioritizes keeping important data safe with enterprise-class security protocols and privacy standards.
How We Do It
Since 2016, Everlaw has completed an annual SOC 2 Type 2 certification, which includes intrusion detection, vulnerability scanning, penetration testing, change management, and disaster recovery and backup plans. In 2018, Everlaw added the Privacy criteria to its SOC 2 audit scope, which already included the Security, Availability and Confidentiality criteria.
2016 – Annual SOC 2 Type 2 Certification begins
2017 – Third-party HIPAA Compliance Assessment
2018 – Independent GDPR Compliance Readiness Assessment / Privacy Criteria Added to SOC 2 Audit Scope
2019 – FedRAMP In Process Status Achieved
2020 – FedRAMP Authority to Operate from U.S. Department of Justice
At Everlaw, we choose to undergo rigorous security and privacy testing by independent third party auditors. In 2017, Everlaw completed a third-party HIPAA Compliance Assessment that evaluated compliance with the HIPAA Administrative, Physical and Technical Safeguards. In 2018, Everlaw completed an independent GDPR Compliance Readiness Assessment.
For a company to receive SOC 2 Type 2 certification, it must have sufficient policies and controls operating to protect customers’ data, and it must provide detailed evidence and pass independent testing of operational effectiveness through the audit testing procedures. This examination of our entire security and compliance infrastructure, rather than solely relying on the credentials of our cloud service provider, illustrates Everlaw’s ongoing commitment to create and maintain stringent security controls.
As further evidence of our commitment to security and compliance, in 2020, Everlaw became the only cloud-native discovery platform to have FedRAMP Authority to Operate authorization, approved by the Department of Justice. FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and monitoring for cloud-based services.