Data Encrypted at Rest in Relativity

RelativityOne encrypts data at rest on servers so attackers cannot read the data without encryption keys.


FedRAMP, HIPAA, and other regulations may require data at rest encryption. Relativity uses the Microsoft Azure platform which according to this white paper meets, “more than 70 international and industry-specific compliance standards, such as ISO 27001, SOC 2, Type II, HIPAA, and FedRAMP, as well as country- specific standards like Australia IRAP, UK G-Cloud, and Singapore MTCS.”


Note that the HIPAA Security Rule does not actually require encryption but it does make it an 'addressable implementation' which means that it may be found that it is reasonable and appropriate to encrypt data. If not, alternative measures can be taken.


FedRAMP's Control Specific Contract Clauses, which provides language to be used in the provisions of contracts addressing cloud security, states that, "Cloud Service Providers pursuing a FedRAMP authorization will have to support the capability to encrypt data-at-rest; however, contract clauses should indicate any specific agency requirements for data encryption."