Everlaw has Achieved FedRAMP In Process Status

Today, we at Everlaw are pleased to announce that our litigation and ediscovery platform has achieved In Process designation with the Federal Risk and Authorization Management Program (FedRAMP) by partnering with the U.S. Department of Justice. Reflected on the FedRAMP Marketplace, In Process signals to the federal government that Everlaw is actively working to achieve FedRAMP Authorization.

Achieving this milestone is yet another proof point of our organizational commitment to a culture of security and compliance and our early implementation of a holistic security, privacy, and compliance program.

What is FedRAMP?

A government-wide program, FedRAMP provides a standardized approach for the assessment, authorization, and continuous monitoring of cloud service offerings. FedRAMP’s framework uses a “do once, use many times” approach that empowers government agencies to adopt cloud products and services which meet their needs.

At a Glance: FedRAMP Designations (see FedRAMP FAQs)

1. FedRAMP Ready:  FedRAMP Ready indicates that a Third Party Assessment Organization (3PAO) attests to a cloud service’s readiness for the authorization process, and that a Readiness Assessment Report (RAR) has been reviewed and approved by the FedRAMP PMO.

2. FedRAMP In Process:  A cloud service posted as In Process on fedramp.gov indicates that they are actively working with the Joint Authorization Board (JAB) or an Agency to attain a FedRAMP authorization.

3. FedRAMP Authorized:  FedRAMP Authorized designation is given to systems that have demonstrated compliance with federal security requirements and completed a FedRAMP security package.

Everlaw’s Path to FedRAMP In Process

Everlaw is a cloud-based litigation and ediscovery platform with many benefits for government agencies. The platform can spin up new cases quickly, has predictable pricing models which align with budget cycles, and innovates rapidly to keep pace with the constant evolution of discovery needs in modern business. For that reason, Everlaw is used by attorneys general in all fifty U.S. states to facilitate ediscovery, collaboration, and document review for productions, investigations, and litigation.

But federal, state, and municipal agencies all have different security requirements and vetting procedures for software services, including cloud based services. In the federal market, cloud vendors are required to gain a FedRAMP Authorization in order to provide service to government agencies.

FedRAMP In Process is a significant milestone for the Everlaw team, but one that we have been working towards for a long time. We have an understanding of what government agencies expect when it comes to an organizational commitment to security and compliance and we are committed to independent validation of the operational effectiveness of our program. For that reason, the compliance framework for security and privacy at Everlaw was based on federal guidance regarding effective compliance and ethics programs.  

In 2015, we engaged independent auditors for a SOC 2 Type I audit in Security and Availability. The following year, in 2016, we completed our first SOC 2 Type II certification in Security and Availability, consistently achieving the annually renewed status since. And in 2018, we added the Privacy criteria to our annual SOC 2 Type II certification. We participate in National Cyber Security Awareness Month (NCSAM) with the Department of Homeland Security. We’re proud to have been named a 2018 and 2019 Data Privacy Champion by the National Cyber Security Alliance. This is all part of the broader commitment to cultivating an organizational culture in support of privacy and data protection.

Next Steps

The work doesn’t stop here. Everlaw will continue to work with our agency and the FedRAMP PMO in pursuit of FedRAMP Authorization, as well as keep our focus on releasing impactful features for our clients. If you have questions or would like more information about the federal program at Everlaw, please reach out to federal@everlaw.com.