Thomson Reuters became the first legal services provider to achieve FedRAMP “In Process” status, marking a significant milestone in our commitment to data security.
This accomplishment demonstrates our dedication to strengthening security measures and provides government customers with robust assurance of our seriousness regarding security obligations.
Jump to ↓
| What Is FedRAMP “In Process” status? |
| How did we achieve this status? |
| Why does this matter for government legal professionals? |
| What should government legal professionals expect from FedRAMP documentation and audit transparency? |
What Is FedRAMP “In Process” status?
The Federal Risk and Authorization Management Program (FedRAMP) is a standardized approach which federal agencies use for security assessment and for authorization of cloud service offerings. Products with FedRAMP “In Process” status undergo comprehensive third-party assessments and reviews required for federal cloud security authorization.
The “In Process” status also confirms the applicant’s commitment to completing full FedRAMP authorization process. By contrast, “FedRAMP Ready” is an early-stage designation, which means only that a company has had a third-party assessment of its capabilities, often without any federal involvement.
In July, we achieved FedRAMP “In Process” status by obtaining a federal government sponsor, the U.S. Department of Health and Human Services. No provider can skip this “In Process” step—all of its products must be evaluated in this manner before they receive full FedRAMP authorization.
Throughout the authorization process, we will be engaged with our federal sponsor HHS, for both its Legal Research and Risk & Fraud applications.
By committing to a collaborative approach, we are aiming to expedite the FedRAMP Program Management Office review of our application and listing in the FedRAMP marketplace. This sponsorship strengthens our commitment to meet, and to surpass, all security requirements necessary to protect federal information systems while delivering mission-critical solutions.
How did we achieve this status?
We have been experiencing heightened demand from federal customers over the past few years, and we anticipate such demand will grow even further. So we made the strategic decision to undertake the FedRAMP process, seeking to move our services for federal government customers to a new, elevated level.
Our solutions which currently have this status include:
- Westlaw, our leading legal research service;
- Practical Law, our legal how-to resource hub, written and maintained by more than 650 full-time attorney-editors globally; and
- CLEAR, our legal investigation software, used by law enforcement agencies to manage and analyze cases.
Each of these products are being FedRAMPed individually.
The FedRAMP process includes having the applicant conduct internal education efforts, make any necessary investments in internal security upgrades, and have routine, ongoing collaborations between its internal security teams and its government sponsors.
Our pursuit of FedRAMP authorization supports a broader strategy to achieve compliance with additional state and local security frameworks, such as the Government Risk and Authorization Management Program (GovRAMP) and the Texas Risk and Authorization Management Program (TxRAMP).
Why does this matter for government legal professionals?
FedRAMP represents the gold standard for cloud security, and federal agencies require this designation for competitive bids. By achieving this milestone—especially as no vendor currently holds full certification for certain products—helps customers who use our products gain a significant edge over competition who doesn’t.
Our current expectation is to achieve full FedRAMP Authorization by early 2026.
FedRAMP authorization will assure government customers that we deliver best-in-class security and service. This achievement will also strive to reinforce confidence in our products among large law firms and corporate clients, addressing any potential security concerns.
What’s next?
We have committed to FedRAMPing additional products in our legal suite, including CoCounsel Core and Drafting, to meet all federal government security needs.
And the FedRAMP approval process is not one-and-done achievement, by any means. It’s an ongoing, and continually revised, process. All applicable products will need to be re-certified as they evolve, such as if new features are added to approved products, as well as to keep in compliance with any new or altered security standards and data regulations. This is particularly important with the growth of generative artificial intelligence programs and sensitive data handling.
What should government legal professionals expect from FedRAMP documentation and audit transparency?
Government legal professionals should regard the FedRAMP process as putting a stamp of approval upon what is already a suite of trusted, secure products with the highest security standards. We are committed to being transparent as to where each of our products stand throughout the FedRAMP journey.
Clients will benefit from having verified legal research and compliance tools, adding greater value and increased reliability in their work in the federal sector. Our major achievement of achieving FedRAMP “In Process” demonstrates its rock-solid commitment to data security, and its dedication to keeping compliant with all relevant regulations.
Learn more about FedRAMP by reading the official press release regarding our new status.
