Epiq Successfully Completes SOC 2 Examination of eDiscovery Data Hosting Environment and Services

Global News

25
Apr
2016

Editor

Epiq Systems, a leading global provider of integrated technology and services for the legal profession, today announced that the company has successfully completed the Service Organization Control (SOC) 2 Type 2 examination. The examination consisted of an independent audit that verified Epiq’s internal controls for security, confidentiality, availability and processing integrity related to its eDiscovery services.

Epiq is one of the few legal services companies to receive SOC 2 accreditation, which is recognized as one of the most stringent audit programs for service providers.

Conducted by Grant Thornton, a leading independent audit, tax and advisory firm, the audit was performed in accordance with the following American Institute of Certified Public Accountants’ applicable Trust Services Principles and Criteria:

• Security: The system is protected against unauthorized access (both physical and logical)
• Availability: The system is available for operation and use as committed or agreed
• Confidentiality: Information designated as confidential is protected as committed or agreed
• Processing Integrity: System processing is complete, accurate, timely, and authorized

“The SOC 2 accreditation demonstrates Epiq’s commitment to providing our clients with the highest standards of operational excellence, security, system integrity, and application and data controls,” said Neil Watkins, senior vice president of global security, risk and compliance, Epiq. “Our ability to provide clients the results of our evaluation, and to dedicate ongoing resources to achieving these standards beyond a point-in-time certification effort, reinforces our deep commitment to the safeguarding our clients’ data and quality of services.”

In addition, the SOC2 assessment provides validation of Epiq’s processes and controls to maintain compliance with HIPAA requirements. Controls for processing, storing and handling ePHI (electronic protected health information) include standard workflows, technical controls and configurations, established policies, monitoring structures and organization-wide training. Epiq’s HIPAA Compliance Program provides a framework for an annual risk assessment, ongoing monitoring and validation of the implemented controls. Alignment of Epiq’s SOC 2 efforts with the HIPAA standards and requirements provides clients with a centralized validation point for these considerations.