CDS SECURITY

Real Protection. Real accountability.

Zero compromises.

Security is the infrastructure behind every real result we deliver.

SECURITY Overview

At Complete Discovery Source, security isn’t an add-on.

It’s a foundation of how we design, operate, and support every solution for our clients. From data ingestion through processing, retention, staging, and delivery into SaaS platforms, our security practices are engineered to protect confidentiality, integrity, and availability at every step.

Secure by Design

We employ a defense-in-depth architecture to protect client data across its full lifecycle, from ingestion through retention and secure disposition. Our approach combines technical controls, disciplined operational procedures, and continuous monitoring to deliver confidentiality, integrity, and availability at the highest security standards.

Security oversight is embedded across executive leadership, engineering, and operations. Controls are documented, independently audited, and continuously reviewed to meet the expectations of enterprise clients, government agencies, and regulated industries.

The First FedRAMP Authorization in eDiscovery

Complete Discovery Source sets the benchmark for security in the eDiscovery industry as the first provider to achieve a FedRAMP Authorization to Operate (ATO) to maintain the highest security standards. This authorization demonstrates our proven ability to safeguard Controlled Unclassified Information (CUI) and other sensitive government data in full compliance with U.S. federal security requirements.

This milestone reflects our proven ability to operate securely in the most demanding environments.

CORE CERTIFICATIONS

Independently Audited & Certified

We maintain certifications that demonstrate disciplined, verifiable security practices across our organization.

ISO/IEC 27001:2022
Our independently audited ISO 27001-certified information security management system reflects a structured approach to risk management, data protection, and continuous improvement.

SOC 2 Type 2
Independently audited SOC 2 controls govern our production and disaster recovery environments, validating our operational security, availability, and confidentiality controls.

Global Compliance Across Industries

We align with established global and U.S. regulatory standards to support our clients’ compliance obligations.

FedRAMP Authorization
CDS was the first eDiscovery provider to achieve FedRAMP Authorization to Operate (ATO). Our federal cloud environment is built to the FedRAMP Moderate baseline and is designed to protect Controlled Unclassified Information (CUI) and other sensitive government data in accordance with U.S. federal standards.

PHI / HIPAA
CDS safeguards protected health information (PHI) in accordance with HIPAA requirements. As a Business Associate, we implement administrative, technical, and physical safeguards to ensure the confidentiality and integrity of healthcare-related data.

ISO 27001:2022
CDS maintains an independently audited ISO 27001:2022-certified information security management system. This globally recognized standard reflects our structured, ongoing approach to managing risk, safeguarding data, and continuously improving our security program.

PCI
We maintain security controls aligned with PCI standards to protect payment card information and reduce the risk of data breaches involving financial transactions.

SOC 2
CDS maintains independently audited SOC 2 controls across our primary and disaster recovery environments.

GLBA
For clients in the banking and financial sectors, CDS supports compliance with the Gramm-Leach-Bliley Act (GLBA) through strict controls that protect nonpublic personal financial information.

GDPR
Controls support secure handling of personal data, including workflows for redaction, anonymization, and cross-border data transfers.

ITAR
CDS offers secure environments capable of supporting ITAR requirements, enabling clients with export-controlled matters to host data in compliance with applicable regulations.

CCPA and Evolving State Privacy Laws
CDS complies with the California Consumer Privacy Act (CCPA) and closely monitors evolving U.S. state and federal privacy laws. Our processes are designed to support clients in meeting their obligations related to consumer data rights and transparency.

NIST 800-171
We align our security controls with NIST 800-171 requirements to support clients in the defense and government sectors who require enhanced protection of sensitive information

Why CDS Security Is Unparalleled

Security isn’t just about compliance, it’s about trust earned through consistent execution. Whether we’re processing discovery data, staging it for analysis, or moving it securely to cloud systems, our approach ensures:

shield representing data privacy cyber security data privacy

Data integrity you can depend on

Side,View,Shot,Of,A,Man's,Hands,Using,Smart,Phone

Client Control and Visibility

Predicable, resilient operations

When clients trust us with their most sensitive information, we treat that responsibility as non-negotiable.

Learn More

For detailed security documentation, audit summaries, or questions about specific protocols, contact our Security Team at .

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
oktgid	1 year	This cookie is used for storing the visitor ID of the user who clicked on an okt.to link.
oktsid		This cookie is used for storing the session ID of the user who clicked on an okt.to link.
pardot	past	The cookie is set when the visitor is logged in as a Pardot user.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Cookie	Duration	Description
_dc_gtm_UA-109542572-2	1 minute	No description
_hjAbsoluteSessionInProgress	30 minutes	No description
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description
_hjTLDTest	session	No description
AnalyticsSyncHistory	1 month	No description
CONSENT	16 years 8 months 26 days 9 hours 2 minutes	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.

CDS SECURITY

Real Protection. Real accountability.

Zero compromises.

SECURITY Overview

Secure by Design

The First FedRAMP Authorization in eDiscovery

CORE CERTIFICATIONS

Independently Audited & Certified

Global Compliance Across Industries

Why CDS Security Is Unparalleled

Learn More

For detailed security documentation, audit summaries, or questions about specific protocols, contact our Security Team at .

Company

Awards & Certifications

Careers

Locations

Our Team

Security

Clients

Law Firms

Corporations

Public Sector

Products

CDS Convert

CDS Vision

Services

AI-Powered Review

Consulting

Data Migration

eDiscovery

Partnerships

Relativity

DISCO

Insights

Blog

Events

Resources

CDS SECURITY

Real Protection. Real accountability.

Zero compromises.

SECURITY Overview

Secure by Design

The First FedRAMP Authorization in eDiscovery

CORE CERTIFICATIONS

Independently Audited & Certified

Global Compliance Across Industries

Why CDS Security Is Unparalleled

Let's talk.

Contact us today to discuss your project. Complete the form, email us, or just give us a call.

Email

Phone

Learn More

For detailed security documentation, audit summaries, or questions about specific protocols, contact our Security Team at document.getElementById("eeb-123137-171121").innerHTML = eval(decodeURIComponent("%27%73%65%63%75%72%69%74%79%40%63%64%73%6c%65%67%61%6c%2e%63%6f%6d%27"))Email.

For detailed security documentation, audit summaries, or questions about specific protocols, contact our Security Team at .