Discover Confidence

Compliance understands that security policies and software, in and of themselves, are not the only aspect of security that requires implementation. The ability to monitor, manage, ensure compliance with stated policies and procedures, and continuously observe behaviors, both internal and external to the organization, make for cohesive and comprehensive security program that is more likely to achieve its desired outcome. 

Compliance has implemented tremendous Internal Controls and Monitoring to ensure data security and integrity, and to reduce threats by implementing a matrix of platforms, programs, procedures, and processes that, combined, are far-encompassing and ensure our clients data remains safe. The following controls are audited regularly through our Information Security Management System (ISMS), governed by our ISO 27001:2013/17 certification.

Complete Authentication and Administrative Control

Our innovation CI Login provides clients access to our array of eDiscovery applications. CI Login uses Okta identity managementfor authentication, authorization, and monitoring. We also leverage Single Sign-On into our platform via SAML or OPENID. All Client Administrators have full access to user lifecycle operations, logging, and configuration options so they can secure and configure their environment as they see fit. Okta brings next generation security options that are constantly improving, including: 

  • Adaptive 2 Factor;
  • GeoIP Filtering;
  • Impossible Travel Detection;
  • User & Device Behavioral Analysis;
  • Unauthorized VPN Detection;
  • Automated Threat Blacklisting;
  • Authentication Attempt Analysis & Hunting;
  • Exhaustive Logging.
Partner: Okta

Intrusion Detection, Incident Response, and Vulnerability Management

Our policy is to employ the highest level of security software and we are constantly deploying new tools to protect client data. Our technology partners provide advanced solutions for today’s most challenging security requirements: 

  • Intrusion Detection;
  • Incident Response and Insurance;
  • Threat Hunting;
  • OWASP Top 10 Scanning & Mitigation;
  • DDoS Mitigation;
  • Penetration Testing;
  • Network & Application Firewall;
  • Vulnerability Mitigation and Scanning, Detection, and Remediation.
Partners:
  • Crowdstrike
  • Trend Micro
  • Palo Alto Networks
  • HAProxy
  • Qualys

Log Aggregation, Monitoring, and Alerting

We maintain a variety of redundant logging, monitoring, and alerting systems that aggregate events and metrics across all of our systems. We apply custom thresholds and algorithms to drill into and bubble up important performance and security alerts to our immediate attentionWe can even allow clients access to events directly associated with their users and data.

Partners:
  • Zoho Site 24/7
  • Elasticsearch

Personnel Training, Security Awareness, and Compliance

All staff receives rigorous onboarding and annual training through our security awareness and training program supported by KnowBe4. This allows us to continually update and test our Employee Conduct Policies and ensure compliance. 

Partner: Knowbe4

Business Continuity, Performance, and Capacity Planning

We maintain an environment capable of hosting multiple petabytes of data at any given time. Our primary data center is supported by a hot failover system as a disaster recovery backup which constantly replicates every bit of data, so loss in the event of a disruption is minimal - if any. Our redundant and efficient drive arrays run SAS, pure SSD, and Extreme IO, and data is automatically migrated through the system depending on demand.

Partners:
  • VMWare
  • Zerto
  • EMC Storage
  • Microsoft
  • Cisco

Physical Security Control

Compliance’s data centers are among the most secure in the industry and access management is maintained at the global level. Our primary Tier IV data center, located in Tierpoint at the Philadelphia Naval Yard, is SSAE-16 and SOC 2, Type 2 audited, and PCI-DSS, GLBA, and HIPAA compliant, as well as ITAR and US-EU Privacy Shield registered. Our Tier V Gold hot failover DR facility, Switch, in Las Vegas, is one of the most secure data centers in the world and hosts data for many of the world’s most notable companies.  

Discover more