Data Security and Compliance at Everlaw

Enterprise-grade security that spans people, processes, and technology to safeguard the most critical data.

Setting the Bar for Cloud Security

Everlaw’s security and compliance program is holistic and part of our core philosophy. It demonstrates our commitment to ethics and our company values, as well as compliance with our security, privacy and confidentiality commitments to customers and applicable laws and regulations. Access our whitepaper here.

Security and Data Protection Compliance

At Everlaw, we undergo rigorous security and privacy testing by independent third-party auditors on a regular basis. Since 2020, Everlaw has been part of an exclusive group of cloud service providers in the U.S. who achieved the Federal Risk and Authorization Management Program (FedRAMP) Moderate Authorization for our federal cloud hosted on Amazon Web Services (AWS) GovCloud (US).

SOC 2 Type 2 Certified in Security, Availability, Confidentiality and Privacy

The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) reports give assurance over control environments as they relate to the retrieval, storage, processing, and transfer of data. The SOC 2 reports cover controls around security, availability, and confidentiality of customer data.

FedRAMP Moderate Authorization for Everlaw’s Federal Cloud

Request Everlaw’s FedRAMP package here. The Federal Risk and Authorization Management Program (FedRAMP) is a US Federal government program that delivers a standard approach to the security assessment, authorization, and continuous monitoring for cloud products and services.

Supports HIPAA Compliance

Everlaw’s SOC 2 Type 2 certification includes an assessment of the applicable HIPAA and HITECH safeguards.

The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.

Supports GDPR and CCPA Compliance

Everlaw is committed to support the General Data Protection Regulation (GDPR) data protection law that regulates the use of personal data of EU residents and the California Consumer Privacy Act (CCPA) that protects California consumer privacy rights.
See our Privacy Policy for more information about your privacy rights and how Everlaw supports data protection compliance.

Cyber Essentials Plus Certified

Cyber Essentials is the UK government assurance scheme that is operated by the National Cyber Security Centre (NCSC) to help organizations demonstrate operational security and protect information against common threats.

ISO/IEC 27001:2013 Certified

The International Organization for Standardization 27001 Standard (ISO 27001) is an information security management system that ensures office sites, development centers, support centers and data centers are securely managed.

How We Do It

Related Content

Questions? Contact us at security@everlaw.com.