Data Security and Compliance at Everlaw
Enterprise-grade security that spans people, processes, and technology to safeguard the most critical data.
Setting the Bar for Cloud Security
Everlaw’s security and compliance program is holistic and part of our core philosophy. It demonstrates our commitment to ethics and our company values, as well as compliance with our security, privacy and confidentiality commitments to customers and applicable laws and regulations. Access our whitepaper here.
Security and Data Protection Compliance
Everlaw maintains a comprehensive set of compliance certifications and attestations to protect our customers’ data and our platform offering. In addition, since 2020, Everlaw has been part of an exclusive group of cloud service providers in the U.S. who achieved the Federal Risk and Authorization Management Program (FedRAMP) Moderate Authorization for our federal cloud hosted on Amazon Web Services (AWS) GovCloud (US).
If you have additional questions or if you would like to request a copy of our security reports, please reach out to your Everlaw account manager or sales representative for assistance.
SOC 2 Type 2 Certified in Security, Availability, Confidentiality and Privacy
The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) reports give assurance over control environments as they relate to the retrieval, storage, processing, and transfer of data. The SOC 2 reports cover controls around security, availability, and confidentiality of customer data.
SOC 3 Public Report of Security, Availability, Integrity, Confidentiality and Privacy Controls
The SOC 3 report is public and provides assurance about the controls at a service organization relevant to security, availability, confidentiality and privacy Trust Services Principles (TSPs). It includes a high level overview of the organization and the control environment, and offers a less detailed summary of the information that is generally included in a SOC 2 report.
Download Everlaw’s SOC 3 Report
FedRAMP Moderate Authorization for Everlaw’s Federal Cloud
Request Everlaw’s FedRAMP package here. The Federal Risk and Authorization Management Program (FedRAMP) is a US Federal government program that delivers a standard approach to the security assessment, authorization, and continuous monitoring for cloud products and services.
Supports HIPAA Compliance
Everlaw’s SOC 2 Type 2 certification includes an assessment of the applicable HIPAA and HITECH safeguards.
The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.
Supports GDPR and CCPA Compliance
Everlaw is committed to support the General Data Protection Regulation (GDPR) data protection law that regulates the use of personal data of EU residents and the California Consumer Privacy Act (CCPA) that protects California consumer privacy rights.
Cyber Essentials Plus Certified
Cyber Essentials is the UK government assurance scheme that is operated by the National Cyber Security Centre (NCSC) to help organizations demonstrate operational security and protect information against common threats.
You can view our certification details on the NCSC.gov.uk site, here.
ISO/IEC 27001:2013 Certified
The International Organization for Standardization 27001 Standard (ISO 27001) is an information security management system that ensures office sites, development centers, support centers and data centers are securely managed.
ISO/IEC 27017:2015 Certified
The International Organization for Standardization 27017 (ISO 27107) is the information security best-practice framework for cloud service providers and their customers.
Our prior review software was not cloud accessible so we would have to remote into our network to access it. Now our attorneys and support staff can log in from anywhere… If we still had our old review software we would have had major problems working from home for this long because we were only allowed to have a few people in it at once and it was not cloud accessible.“
– Tyne P, Mid-level Law Firm
How We Do It
Log in with multi-factor authentication and single sign-on support
All data is encrypted in transit and at rest
3. System Availability
Average annual uptime exceeds 99.9%, including scheduled maintenance windows
4. Proactive Security Programs
We regularly perform intrusion detection, vulnerability scanning, penetration testing, and continuous monitoring on our codebase
Cybersecurity in the World of Ediscovery
Over the years, the legal industry has slowly shifted to remote-based collaboration, making cloud-based tools a necessity. As a result, security is more of a pressing issue now than ever before, especially in the legal world where protecting client information is sacrosanct. Find out what you need to know to keep sensitive data secured while practicing law remotely.
Transitioning to the Cloud: Security Considerations
This webinar series will focus on the considerations of federal agencies as they make the transition to the cloud, with our first topic being security considerations.
Everlaw Achieves FedRAMP Security Authorization
We are proud to announce that Everlaw’s litigation and ediscovery platform has achieved FedRAMP Security Authorization. The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program managed by the…
by Lisa Hawke August 5, 2020
Report a Security issue. Partner with us by reporting any security issues.