Compliance

Committed to the highest standards.

At Cimplifi, we understand that the regulatory landscape governing data, privacy, and security is constantly evolving—especially for law firms and corporate legal departments. As global standards become more stringent, our commitment to compliance remains unwavering. We maintain a dedicated compliance team that actively monitors legal and regulatory developments across jurisdictions, ensuring our practices align with the latest national and international requirements.

Trusted. Certified. Compliant.

Cimplifi meets the highest standards in data security and privacy—ISO 27001, GDPR, CCPA, HIPAA, PCI DSS, GLBA, SOC 2, ITAR, and NIST 800-171—ensuring confidence across every engagement.

ISO 27001:2013/17

The “gold standard” for data hosting and service providers in the eDiscovery space. Cimplifi has been certified since 2019 and passed all subsequent audits.

GDPR

Individual data privacy is central to how we collect, store, process, and transmit information. As regulatory expectations continue to rise, we remain fully committed to adhering to all GDPR guidelines, particularly in areas requiring redaction and anonymisation.

CCPA

California set the precedent with the California Consumer Privacy Act (CCPA)—the first comprehensive data privacy regulation in the United States. But it’s only the beginning. Cimplifi complies with the CCPA and actively monitors emerging state and federal legislation to stay ahead of the curve.

PHI, HIPAA & HITECH

Safeguarding Protected Health Information (PHI) is a core responsibility—especially for clients operating in health and life sciences, and regulated industries. We comply with all provisions of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act in our role as a business associate.

PCI

As data breaches continue to rise, the protection of credit card information and payment processing systems has never been more critical. We recognise the heightened risk and take proactive measures to ensure full compliance with the Payment Card Industry Data Security Standard (PCI DSS).

GLBA

Protection of financial clients’ private information is foundational to our security protocols. We maintain strict adherence to the Gramm-Leach-Bliley Act (GLBA) across all engagements in our banking and finance vertical, ensuring that client data is handled with the highest level of confidentiality and care.

SOC 2

Our primary and disaster recovery (DR) data centres undergo rigorous SOC 2 audits, ensuring that we manage and safeguard client data in accordance with the highest standards of security, availability, and confidentiality.

ITAR

Cimplifi offers a RelativityOne environment that is fully ITAR-compliant, purpose-built to support clients handling sensitive data subject to International Traffic in Arms Regulations (ITAR). This secure instance is available upon request and ready to host matters requiring strict export control protections.

NIST 800-171 & DFARS

Cimplifi is fully aligned with the stringent cybersecurity requirements of NIST SP 800-171 and the Defence Federal Acquisition Regulation Supplement (DFARS)—ensuring the secure handling of Controlled Unclassified Information (CUI) for clients in the defence sector.