Data Encrypted at Rest in Relativity
top of page
Search
    • Jan 13, 2021

Data Encrypted at Rest in Relativity

RelativityOne encrypts data at rest on servers so attackers cannot read the data without encryption keys.


FedRAMP, HIPAA, and other regulations may require data at rest encryption. Relativity uses the Microsoft Azure platform which according to this white paper meets, “more than 70 international and industry-specific compliance standards, such as ISO 27001, SOC 2, Type II, HIPAA, and FedRAMP, as well as country- specific standards like Australia IRAP, UK G-Cloud, and Singapore MTCS.”


Note that the HIPAA Security Rule does not actually require encryption but it does make it an 'addressable implementation' which means that it may be found that it is reasonable and appropriate to encrypt data. If not, alternative measures can be taken.


FedRAMP's Control Specific Contract Clauses, which provides language to be used in the provisions of contracts addressing cloud security, states that, "Cloud Service Providers pursuing a FedRAMP authorization will have to support the capability to encrypt data-at-rest; however, contract clauses should indicate any specific agency requirements for data encryption."










Sean O'Shea has more than 20 years of experience in the litigation support field with major law firms in New York and San Francisco.   He is an ACEDS Certified eDiscovery Specialist and a Relativity Certified Administrator.

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer.

If you have a question or comment about this blog, please make a submission using the form to the right. 

Your details were sent successfully!

© 2015 by Sean O'Shea . Proudly created with Wix.com

bottom of page