Everlaw is proud to announce the completion of its annual SOC 2 certification for the fifth consecutive year. In 2015, we engaged independent auditors for a SOC 2 Type 1 certification in security and availability. In 2016, we completed a SOC 2 Type 2 audit in security and availability. In 2017, we added the confidentiality criteria to the scope and then privacy criteria in 2018.
The independent auditor, Marcum’s (formerly Skoda Minotti), testing of Everlaw’s controls included examination of policies and procedures regarding network connectivity, firewall configurations, systems development life cycle, computer operations, logical access, data transmission, backup and disaster recovery, and other critical operational areas of the business. Upon completion of the audit, we received a Service Auditor’s Report with an unqualified opinion demonstrating that our policies, procedures, and infrastructure meet or exceed the stringent SOC 2® criteria for our services in the United States, European Union, United Kingdom, Canada and Australia.
Ben Osbrach, CISSP, CISA, QSA, CICP, CCSFP, partner-in-charge of Skoda Minotti’s risk advisory group says, “We were excited to continue our audit relationship with Everlaw on the completion of their 2019 SOC 2 Type 2. Lisa and her team strive for improvement in their controls year over year; taking their responsibility for maintaining a well-controlled and secured environment seriously.”
What is SOC 2 Type 2 certification?
SOC 2® engagements are performed in accordance with the American Institute of Certified Public Accountants’ (AICPA) AT-C 205, Reporting on Controls at a Service Organization and based on the trust service principles outlined in the AICPA Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy.
The SOC 2® Type 2 report is intended to provide an understanding of the service organization’s suitability of the design and operating effectiveness of its internal controls. Everlaw reports on the trust service principles applicable to their business — security, availability, confidentiality, and privacy.
The successful completion of this audit illustrates our ongoing commitment to create and maintain a secure operating environment for our clients’ confidential data. Our Security and Compliance team is continuously improving our program and controls, and we choose not to solely rely on the security and privacy credentials of our service providers. You can reach out to us at firstname.lastname@example.org any time.