Congrats to HaystackID^® with the announcement that HaystackID achieves SOC 2 Type 2 certification across all trust services criteria for the third consecutive year! Part of the press release is below, full press release is available here.

HaystackID Achieves SOC 2 Type 2 Certification Across All Trust Services Criteria for Third Consecutive Year

Audit acts as a pillar of confidence and commitment to the security and privacy of the company’s customers

WASHINGTON – September 13, 2023 – HaystackID, a specialized eDiscovery services firm supporting law firms and corporate legal departments, announced today it has successfully received Service Organization Control for Service Organizations (SOC 2) Type 2 certification in all five trust services criteria for the third year in a row. The assessment showcases the company’s unwavering commitment to security, availability, processing integrity, confidentiality, and privacy. Including HaystackID’s five acquisitions since 2018, the firm has consistently maintained these high standards for the past eight years without fail.

“Maintaining SOC 2 Type 2 certification across all five trust services criteria for three consecutive years highlights HaystackID’s dedication to data security,” said Evan Craghead, Chief Technology Officer at HaystackID. “This achievement demonstrates the strength of our controls and policies that protect the confidentiality, privacy, and integrity of our clients’ data. Our customers’ trust is non-negotiable, and we will continue undergoing rigorous third-party audits like SOC 2 to provide our customers with assurance that their information remains secure with HaystackID.”

The independent audit was conducted by Wipfli LLP, a national accounting and consulting firm, using criteria developed by the American Institute of Certified Public Accountants. It ensures the protection of customer data and establishes an organization’s reliability and credibility to meet its commitments and system requirements by testing for five trust services criteria, each measured by a set of controls and testing standards from the AICPA:

• Security – The system is protected against unauthorized access, use, or modification.
• Availability – The system is available for operation and use.
• Processing Integrity – System processing is complete, valid, accurate, timely, and authorized.
• Confidentiality – Information designated as confidential is protected.
• Privacy – Personal information is collected, used, retained, disclosed, and disposed.

“The SOC 2 Type 2 certification is a high bar that few companies can clear across all five trust services criteria,” said Michael Cammack, Vice President of IT Security at HaystackID. “By meeting these stringent standards, we’ve shown our unwavering dedication to protecting our clients’ data. Our customers can trust that we have the controls, policies, and procedures in place to keep their information secure.”

The report is a testament to the design of HaystackID’s discovery management system, self-reporting, and span of expertise and engagement. A true mark of holistic security is the ability to attest in all five trust services criteria, demonstrating the continued success of quality systems and processes in place.

“We have always worked to ensure our company’s security – maintaining this achievement through a third-party auditor is further proof that we continue to do right by our clients,” said HaystackID CEO Hal Brooks. “Law firms and corporate legal departments that want to ensure their data is protected can have the utmost confidence in HaystackID, as our unwavering commitment to security speaks volumes.”

Congrats again to HaystackID for the announcement that HaystackID achieves SOC 2 Type 2 certification across all trust services criteria for the third consecutive year! Impressive!

So, what do you think? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclosure: HaystackID is an Educational Partner and sponsor of eDiscovery Today

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.