The regulations governing data, privacy, security, and overall best practices for legal service providers are constantly advancing and becoming stricter in terms of compliance and adherence. Compliance has a dedicated team monitoring such laws and regulations nationally and internationally to ensure we meet the strictest standards. Our certifications and compliance initiatives include: 

ISO 27001:2013/17:

The “gold standard” for data hosting and service providers in the eDiscovery space. Compliance has been certified since 2019 and passed all subsequent audits.

GDPR:

Individual data privacy continues to be at the forefront of how companies collect, store, process, and transmit data, and Compliance ensures adherence to all GDPR guidelines, particularly when redaction or anonymization is required. 

EU Privacy Shield:

While GDPR may be at the forefront of consideration for data coming out of the EU, Privacy Shield certification is still required, and Compliance has been certified in this area since 2014. 

CCPA:

California may have been the first state to enact a US-based individual data privacy regulation, but it won’t be the last. Compliance continues to comply with the CCPA and monitors the movement of other states and federal discussions in this area.

PHI/HIPAA & HITECH:

Protection of personal health information is critical to our clients and those we seek to protect. Compliance complies with all provisions of HITECH data security and HIPAA as a Business Associate.

PCI:

The threat of data breach relating to credit card information and processing is a primary concern for all, and as data breaches become more prevalent, protection of such data has never been more important.

GLBA:

Protection of financial clients’ private information is a key to our security protocols and strict adherence to this law is required for all clients in our banking and finance vertical. 

SOC 2:

Our primary and DR data centers are both SOC 2 audited to ensure we are managing and protecting all client data. Audit reports are available.

ITAR:

A defense industry standard, Compliance is ITAR compliant and ensures that all defense and related military technology data falls under strict access controls. 

NIST 800-171/DFARS:

Another defense industry control restriction, Compliance’s clients can rest assured we are in adherence with these security standards.

Discover more