Superior Security. Trusted Protection.

FedRAMP Moderate Impact Level is the standard for cloud computing security for controlled unclassified information across federal government agencies. The Casepoint platform was the first cloud-based eDiscovery software to achieve FedRAMP Moderate authorization.

FedRAMP High Impact Level accounts for the government’s most sensitive, unclassified data in cloud computing environments. Casepoint is the first cloud-based eDiscovery software provider to achieve FedRAMP High “In Process” designation. With the “In Process” designation, Casepoint has completed third-party audits and received a recommendation for FedRAMP High. All required information has been submitted to FedRAMP, and final approval is imminent.

StateRAMP standardizes and verifies the security requirements of providers’ cloud offerings utilized by the government through audits and continuous monitoring. Casepoint’s platform was the first cloud-based eDiscovery software solution to achieve StateRAMP authorization.

IL5 is a security authorization that is required for hosting, storing, and accessing sensitive information. Casepoint’s legal discovery platform is the first cloud-based legal hold and eDiscovery software to achieve Impact Level 5 (IL5) Authority to Operate (ATO) from the Defense Information Systems Agency (DISA) and the U.S. Department of Defense (DOD). Casepoint is the only cloud eDiscovery platform to date to provide a DISA IL5-compliant cloud environment for the DOD with controlled unclassified information (CUI).

IL6 is a security authorization that is required for hosting, storing, and accessing secret information. Casepoint’s platform is the first and only cloud-based legal hold and eDiscovery software solution to achieve Impact Level 6 (IL6) Authority to Operate (ATO) for the Defense Information Systems Agency (DISA) and the U.S. Department of Defense (DOD).

An SOC 1 report is part of the System and Organization Controls (SOC) suite of services, and this report provides information about a service organization’s control environment that may be relevant to the customer’s internal controls over financial reporting.

Our SOC 1 Type II report is issued in accordance with Statements on Standards of Attestation Engagements (SSAE) No. 18 (Reporting on Controls at a Service Organization).

The Casepoint SOC 2 Type II report is an independent assessment of our control environment performed by a third party.

The SOC 2 report is based on the AICPA’s Trust Services Criteria and is issued annually in accordance with the AICPA’s AT Section 101 (Attest Engagements). The report covers a 12-month period, and on description of a Service Organization‘s System Relevant to Security, Confidentiality, Availability, Processing Integrity & Privacy and the suitability of Design and Operating Effectiveness of Controls.

The American Institute of Certified Public Accountants (AICPA) has developed the Service Organization Control (SOC 3) report for safeguarding the confidentiality and privacy of information that is stored and processed in the cloud.

ISO 9001:2015 specifies the need to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.

ISO/IEC 27001:2022 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

NIST SP 800-53 database represents the security controls and associated assessment procedures defined in NIST SP 800-53 Revision 4 Recommended Security Controls for Federal Information Systems and Organizations.

NIST 800-171 refers to the National Institute of Standards and Technology Special Publication 800-171, which governs Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations.

The Standardized Information Gathering (SIG) Questionnaire is a compilation of information technology and data security questions across a broad spectrum of control areas into one industry standard questionnaire.

The SIG is issued by Shared Assessments, a global organization dedicated to third party risk assurance. Casepoint self-assesses against the SIG annually, providing our customers with an in-depth view of our control environment against a standardized set of inquiries.

The Data Privacy Framework was developed to facilitate transatlantic commerce by providing U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union/European Economic Area, the United Kingdom (and Gibraltar), and Switzerland that are consistent with EU, UK, and Swiss law. Complying with a Data Privacy Framework program is crucial for safeguarding individuals’ personal information and maintaining their trust. It ensures that organizations handle data responsibly, reducing the risk of data breaches and unauthorized access. Moreover, adherence to such programs helps organizations avoid legal and financial penalties while fostering a culture of respect for privacy, which can lead to enhanced customer loyalty and a positive reputation.

Looking for a certification that isn’t listed here? It’s possible we’ve received it recently, and haven’t yet updated our website. Please reach out to us at sales@casepoint.com or use our in-page chat support, and we’ll let you know if we have (or soon expect to have) the additional certifications needed for your organization’s needs.