Everlaw sets the bar for cloud security


Everlaw’s security and compliance program is holistic and part of our core philosophy. It demonstrates our commitment to ethics and our company values, as well as compliance with our security, privacy and confidentiality commitments to customers and applicable laws and regulations.

Our program is built on top of federal guidance on effective compliance programs, because we believe that security, privacy and compliance go hand-in-hand. Everlaw prioritizes keeping important data safe with enterprise-class security protocols and privacy standards. 

Access: Log in with multi-factor authentication + single sign-on 

Encryption: All data is encrypted in transit and at rest 

System availability: Average annual uptime exceeds 99.9%

Proactive security programs: We regularly perform intrusion detection, vulnerability scanning, penetration testing, and continuous monitoring on our codebase

At Everlaw, we choose to undergo rigorous security and privacy testing by independent third party auditors. In 2017, Everlaw completed a third-party HIPAA Compliance Assessment that evaluated compliance with the HIPAA Administrative, Physical and Technical Safeguards. In 2018, Everlaw completed an independent GDPR Compliance Readiness Assessment.

2016Annual SOC 2 Type 2 Certification begins

2017Third-party HIPAA Compliance Assessment

2018 – Independent GDPR Compliance Readiness Assessment / Privacy Criteria Added to SOC 2 Audit Scope

2019 – FedRAMP In Process Status Achieved

2020 – FedRAMP Authority to Operate from U.S. Department of Justice

In addition, since 2016, Everlaw has completed an annual SOC 2 Type 2 certification, which includes intrusion detection, vulnerability scanning, penetration testing, change management, and disaster recovery and backup plans. In 2018, Everlaw added the Privacy criteria to its SOC 2 audit scope, which already included the Security, Availability and Confidentiality criteria.


For a company to receive SOC 2 Type 2 certification, it must have sufficient policies and controls operating to protect customers’ data, and it must provide detailed evidence and pass independent testing of operational effectiveness through the audit testing procedures. This examination of our entire security and compliance infrastructure, rather than solely relying on the credentials of our cloud service provider, illustrates Everlaw’s ongoing commitment to create and maintain stringent security controls.

As further evidence of our commitment to security and compliance, in 2020, Everlaw became the only cloud-native discovery platform to have FedRAMP Authority to Operate authorization, approved by the  Department of Justice. FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and monitoring for cloud-based services.

  • Read more about security and compliance at Everlaw here.
  • View Everlaw’s SOC 2 Type 2 Certificate in Security, Availability, Confidentiality and Privacy here.
  • Check Everlaw’s FedRAMP status here.



Questions? Contact us at security@everlaw.com.