Security

Radical & Relentless Commitment to Security

Let's Talk
Case Status: Security Is Our Commitment

At Case Status, we hold the highest regard for security and privacy. Safeguarding the data we handle, including the personal information of our customers and their clients, has always been and will always be our top-most priority. We believe in an unwavering dedication to ensure a secure and compliant environment is reflected in every aspect of our operations, from our structural framework to our educational pursuits and even our recruitment process.

"Radical transformation of client engagement isn't just on the surface. This vision runs deep into the technology and systems that help each firm scale to have a better brand experience and optimal operational excellence. A fundamental pillar of our platform is performance and security. We continually make a concerted effort to prioritize information security, data privacy, and compliance initiatives across our platform. Protecting our customers and their data is a top priority."
- Charles Lane, Chief Technology Officer - Case Status

SOC 2® Type I Compliance

At Case Status, we are committed to ensuring we deliver the highest standards of security for our customers. One of the ways we’ve demonstrated this commitment is by pursuing SOC 2
compliance.

After undergoing this rigorous third-party assessment of our security controls, we are proud of obtaining a SOC 2 Type I report relevant to security, confidentiality, availability, privacy, and processing integrity.

Passing the audit means we conform to the American Institute of Certified Public Accountants
("AICPA") SOC 2 standard, which measures security, confidentiality, availability, privacy, and processing integrity and serves as assurance that your data is being managed in a controlled and audited environment.

The SOC 2 Type I audit was conducted by Modern Assurance, an independent, third-party
accounting and auditing firm who evaluated our processes, procedures, and controls for security, confidentiality, availability, privacy, and processing integrity on September 21, 2023.

This is not the end for our SOC 2 journey, however. We are committed to carrying out an ongoing SOC 2 Type II audit to ensure we continue to sustain the high standards that we have put in place and keep supporting our customers' needs. We’ll continue to partner with Secureframe to achieve this milestone and continuously track, monitor, and remediate any compliance needs.

Learn More About SOC 2
Powered by AWS Cloud Computing
Cloud Partner

Cloud computing is the on-demand delivery of IT resources over the Internet with pay-as-you-go pricing. Instead of buying, owning, and maintaining physical data centers and servers, we access technology services, such as computing power, storage, and databases, on an as-needed basis from the industry-leading cloud provider Amazon Web Services (AWS). AWS allows us to keep our security, redundancy, and business continuity at the highest levels in the industry.

Embracing a Culture of Security

The essence of a strong security culture permeates every level of our organization. From the moment potential employees join our ranks, we emphasize the significance of security. Thorough background checks are conducted, ensuring that only individuals committed to upholding our security policies become part of our team. Upon onboarding, all employees receive comprehensive security training, enabling them to understand and implement our stringent security measures. Regular training sessions are conducted throughout their tenure, keeping their knowledge up to date with the latest security practices. We strive to foster a robust security culture among all our employees, recognizing that each team member plays a vital role in fortifying our defenses against potential security breaches.

Data Protection is Paramount

At Case Status, we leave no stone unturned when it comes to protecting our clients' data. All employees are mandated to adhere to our rigorous password security and lockout policy. Furthermore, they are required to utilize two-factor authentication (2FA) and maintain a secure Wi-Fi connection, safeguarding against unauthorized access.

Empowering Secure Development Practices

Our IT developers are well-versed in industry-leading coding and development practices. They are equipped with the knowledge of implementing the principle of least privilege when granting access rights, minimizing potential security risks. By incorporating two-factor authentication (2FA) procedures across all feasible areas, we fortify our defense mechanisms. Moreover, multiple layers of encryption are meticulously applied to ensure the utmost safety and confidentiality of our clients' valuable data.

HIPAA Compliance

At Case Status we believe it is important to certify to industry recognized, independent standards which provide assurance about the design and effectiveness of controls in place at a service provider and demonstrate a company’s ability to adhere to critical security practices. Given that many legal practices work with clients who are also patients, we are proud to be complete with the rigorous effort to meet the safeguard requirements of the Health Insurance Portability and Accountability Act (HIPAA) security standards relevant to personal health information.

Learn More About HIPAA

GDPR Compliant

What is GDPR?
The General Data Protection Regulation (GDPR) is a unified data protection law that came into effect on May 25, 2018, in the EU, replacing the European Data Protection Directive 95/46/EC.  The law strengthens the protection of personal data belonging to EU individuals and gives them more control over the use of their personal data within the EU and internationally. GDPR aims to unify the regulatory environment for businesses handling the personal data of EU individuals.

Who does GDPR affect?
GDPR applies to all businesses that process personal data for EU residents. Businesses can be defined as either a data controller or a data processor: a data controller collects and oversees the management of personal data, and data processor processes personal data on behalf of a data controller.  GDPR also expands the definition of “personal data” to include categories of information such as location data, online identifiers (such as an IP address), and other electronic metadata that was not included in previous data protection laws within the EU. Businesses that do not protect the personal data of EU individuals in accordance with GDPR rules are susceptible to significant fines.

How does Case Status address GDPR?
We believe that GDPR is an important means to ensuring the rights of individuals to control access to their personal information, and we are committed to supporting our customers in meeting their GDPR requirements. We have updated our product and business operations to comply with GDPR guidelines, meeting our requirements as both a data controller and data processor. These updates are reflected in our Terms of Service and Privacy Policy. Privacy Policy Case Status’ Terms of Service explicitly acknowledge our role as a data processor for law firms. Case Status will continue to fulfill that role while providing tools and customer service to help law firms meet their responsibilities as data controllers. Case Status’ Privacy Policy also identifies how personal data is collected and kept secure, and how data subjects may contact Case Status regarding their information. Case Status’ industry-leading security measures protect data stored within and transmitted from the Case Status product. Case Status also provides advanced security features to ensure customers are properly equipped to protect any data stored within Case Status. For general information on GDPR, please visit the Information Commissioner’s Office website.

With Case Status, 93% of clients open the Case Status app and find what they are looking for without contacting their law firm.
Learn More
93%