LITIGATION SUPPORT TIP OF THE NIGHT

If you're working in a remote location for a trial, be sure to confirm that your team has their devices hidden if they are using a hotel or courtroom wifi or wired network. Follow these steps in Windows 10:

1. Under settings go to Network & Internet.

2. Select either Wi-Fi or Ethernet from the menu on the left.

3. Select the network that you are using. A new window will open which will allow you to set the network profile to 'Public'. This will hide the device, but also means that it can't reach a printer or a shared drive.

You'll need your own router to set up a secure network on which files can be shared and printers reached.

The security white paper for Relativity, Understanding Security in RelativityOne, is available for download here. It was released in February 2019. Keep the following points in mind about Relativity's approach to cyber security:

1. Relativity takes a proactive approach in attempting to identify threats, making use of Recorded Future and Anomali ThreatStream.

2. It examines the dark web, including Tor sites and hacker forums, looking for malicious code and stolen documents.

3. Malware is reviewed in sandboxes so Relativity can understand how it functions.

4. It monitors its network traffic for unusual data transfers.

5. It takes the possibility of insider threats into consideration.

6. Penetration testing is performed at least once a year.

7. Splunk is used for log automation so data can be monitored more quickly and comprehensively.

8. Relativity uses a threat intelligence platform (TIP) to collect data automatically.

9. Developers must take courses in secure coding.

10. Code libraries are scanned for vulnerabilities.

11. Relativity is ISO 27001 certified, HIPAA compliant, and has achieved SOC 2, Type II attestation.

12. Relativity's Azure infrastructure meets additional security standards.

13. It participates in the Information Sharing and Analysis Center (IT-ISAC) to share and gather information about cyber threats.

FedRAMP, the Federal Risk and Authorization Management Program, mandates the use of Third Party Assessment Organizations to confirm the security standards of cloud service providers. FedRAMP requires that 3PAOs be accredited by A2LA, the American Association for Laboratory Accreditation. 3PAOs are evaluated for a period of one year during which they are monitored and tested.

3PAOs prepare a Readiness Assessment Report (RAR) which is submitted to a FedRAMP repository. Once approved 3PAOs, such as Coalfire, can refer to themselves as a "Accredited FedRAMP Third Party Assessment Organization" and use the FedRAMP brand.

Be sure that your CSPs have been evaluated by a 3PAO approved by FedRAMP.