SECURITY

Superior Security. Trusted Protection.

Learn why the world’s leading corporations, law firms, and government agencies trust Casepoint to keep their data protected and secure.

Request Demo

Product Brochure

Security Brief

Compliance Overview

Casepoint’s number one priority is to keep your data safe and secure. Casepoint and all of its data centers have obtained and maintained the highest levels of industry security certifications and attestations, undergoing all applicable reviews. 

Below are Casepoint’s certifications and third-party audits, to help your compliance and legal teams understand and validate the compliance requirements for your organization.

Secuirity-Logo-Design

Certifications and Third-Party Audits

FedRAMP Moderate

Section Image

FedRAMP moderate impact level is the standard for cloud computing security for controlled unclassified information across federal government agencies. The Casepoint platform was the first cloud-based eDiscovery software to achieve FedRAMP Moderate Authorization.

StateRAMP

Section Image

StateRAMP standardizes and verifies the security requirements of providers’ cloud offerings utilized by government through audits and continuous monitoring. Casepoint’s platform was the first cloud-based eDiscovery software solution to achieve StateRAMP authorization.

DoD Impact Level 5

Section Image

IL5 is a security authorization that is required for hosting, storing, and accessing sensitive information. Casepoint’s legal discovery platform is the first cloud-based Legal Hold and eDiscovery software to achieve Impact Level 5 (IL5) Authority to Operate (ATO) from the Defense Information Systems Agency (DISA) and the U.S. Department of Defense (DoD). Casepoint is the only cloud eDiscovery platform to date to provide a DISA IL5-compliant cloud environment for the DoD with controlled unclassified information (CUI).

DoD Impact Level 6

Section Image

IL6 is a security authorization that is required for hosting, storing, and accessing secret information. Casepoint’s platform is the first and only cloud-based Legal Hold and eDiscovery software solution to achieve Impact Level 6 (IL6) Authority to Operate (ATO) for the Defense Information Systems Agency (DISA) and the U.S. Department of Defense (DoD).

SOC 1

Section Image

Service Organization Controls (SOC 1) reports provide information about a service organization’s control environment that may be relevant to the customer’s internal controls over financial reporting.

Our SOC 1 Type II report is issued in accordance with Statements on Standards of Attestation Engagements (SSAE) No. 18 (Reporting on Controls at a Service Organization).

SOC 2

Section Image

The Casepoint SOC 2 Type II report is an independent assessment of our control environment performed by a third party.

 The SOC 2 report is based on the AICPA’s Trust Services Criteria and is issued annually in accordance with the AICPA’s AT Section 101 (Attest Engagements). The report covers a 12-month period, and on description of a Service Organization‘s System Relevant to Security, Confidentiality, Availability, Processing Integrity & Privacy and the suitability of Design and Operating Effectiveness of Controls.

SOC 3

Section Image

The American Institute of Certified Public Accountants (AICPA) has developed the Service Organization Control (SOC 3) framework for safeguarding the confidentiality and privacy of information that is stored and processed in the cloud.

ISO 9001:2015  

Section Image

ISO 9001:2015 specifies the needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.

ISO 27001:2013

Section Image

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

NIST 800-53

Section Image

NIST SP 800-53 database represents the security controls and associated assessment procedures defined in NIST SP 800-53 Revision 4 Recommended Security Controls for Federal Information Systems and Organizations.

NIST 800-171

Section Image

NIST 800-171 refers to the National Institute of Standards and Technology Special Publication 800-171, which governs Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations.

SIG Questionnaire  

Section Image

The Standardized Information Gathering (SIG) Questionnaire is a compilation of information technology and data security questions across a broad spectrum of control areas into one industry standard questionnaire.

The SIG is issued by Shared Assessments, a global organization dedicated to third party risk assurance. Casepoint self-assesses against the SIG annually, providing our customers with an in-depth view of our control environment against a standardized set of inquiries.

Data Privacy Framework Program

Section Image

The Data Privacy Framework was developed to facilitate transatlantic commerce by providing U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union / European Economic Area, the United Kingdom (and Gibraltar), and Switzerland that are consistent with EU, UK, and Swiss law. Complying with a Data Privacy Framework program is crucial for safeguarding individuals’ personal information and maintaining their trust. It ensures that organizations handle data responsibly, reducing the risk of data breaches and unauthorized access. Moreover, adherence to such programs helps organizations avoid legal and financial penalties while fostering a culture of respect for privacy, which can lead to enhanced customer loyalty and a positive reputation.

Other Certifications

Section Image

Looking for a certification that isn’t listed here? It’s possible we’ve received it recently, and haven’t yet updated our website. Please reach out to us at sales@casepoint.com or use our in-page chat support, and we’ll let you know if we have (or soon expect to have) the additional certifications needed for your organization’s needs.

Security Datasheet

A list of the above certifications are also available and summarized on this one-page Security Datasheet.

Security Overview

Casepoint has established comprehensive security measures at all levels—organizational, architectural, and operational­—to ensure that all data, applications, and infrastructure remain protected and secure.

Casepoint has designed, developed, documented, approved, and implemented an Information Security Management Program (ISMP) that addresses industry-best practices around security and privacy. Our ISMP includes administrative, technical, and physical safeguards to protect data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Our ISMP is also comprehensively documented with corresponding manuals for our security procedures and other policies.

Organizational Security

At Casepoint, security is the responsibility of each and every employee. All new Casepoint employees undergo a security awareness training within the first three days of employment.  

Casepoint’s Security Team is comprised a group of executives from across our enterprise. This team designs and drives our security programs, across our organization and ensures that our security awareness and policies are maintained across our organization.

Architectural Security

Data Encryption

Casepoint has defined policies for granular controls for access. Casepoint uses FIPS 140-2 compliant algorithms such as AES256. Storage system uses AES256 encryption, and data in transit is encrypted using TLS1.2 with AES256. All media drives are encrypted with military grade encryptions.

Logical Security

Casepoint security access is role-based, supporting LDAP Delegated Authentication, SAML for single sign-on and Multifactor Authentication.  Casepoint can also restrict access to customer managed devices for your users in two ways: restricting IP addresses through multi-factor authentication (MFA), including integration with certain identity management systems.

Single-Sign-On Support

Casepoint supports single-sign-on capability for organizations that utilize Microsoft Active Directory Federation Services.

Multifactor Authentication

Casepoint’s security authentication method uses multi-factor authentication. Users need a username, password, and a 6-digit token received via an approved software token generator mobile application or six-digit code received via email. If required by a client, Casepoint can work to set-up hardware authentication with their internal systems.

Operational Security

Physical Security

There are several levels of physical security controls in place to protect information assets in our offices and facilities where information assets are stored and/or processed. 

All physical access to the data centers is highly restricted and stringently regulated. Casepoint physical security includes:

  • Physical security personnel
  • Key card entry
  • Biometric scanners
  • Double mantrap entries
  • Controlled site access
  • Cameras with perimeter and interior IP-DVR

Network Security

Next Generation Firewalls are implemented for protection of all networks. All the information passing through the network is encrypted using AES with TLS 1.2.

Casepoint has implemented WEB Windows aplication Firewall along with IDS and IPS solution for entire environment.

SIEM solution is implemented for correlation and analysis of all the events occurring in the environment with automated triggered alerts.

Application Security

Casepoint follows NIST guidance regarding security considerations in software development in that information security must be integrated into the software development lifecycle (SDLC Prince2 agile-based) from system inception. 

Casepoint has established software development and release management processes to control implementation of major changes including:

  • The identification and documentation of the planned change
  • Identification of business goals, priorities and scenarios during product planning
  • Specification of feature/component design
  • Operational readiness review based on a pre-defined criteria/check-list to assess overall risk/impact
  • Testing, authorization and change management based on entry/exit criteria for DEV (development), Testing (QA/QC), UAT (Pre-production) and PROD (production) environments as appropriate.

Vulnerability Assessments

On a quarterly basis, Casepoint’s internal security team performs internal penetration tests to mitigate the new vulnerability and to keep the environment safe.

On an annual basis, Casepoint conducts a third-party annual penetration test [VAPT] to make the environment robust. 

In addition, on a monthly basis, Casepoint performs vulnerability scanning using the Nessus tool, of all servers and is engaged in the Continuous Monitoring process.

Ready to See Casepoint in Action?

Learn how to deliver more value and maximize your competitive advantage with our powerful technology and secure end-to-end platform.