Trust Centre

We’re pleased to share that in February 2026, Definely successfully completed its ISO/IEC 27001:2022 recertification audit with the British Assessment Bureau (now Amtivo). The audit (dated 4 February 2026) concluded with 0 major and 0 minor nonconformities, and the auditor recommended continuing certification.

This certification provides independent assurance that Definely maintains a robust Information Security Management System (ISMS) aligned to the ISO/IEC 27001:2022 standard—supporting enterprise expectations around security governance, risk management, and continuous improvement.

Our customers can request access to our latest certification documentation through the Trust Centre.

At Definely, trust and responsible innovation are foundational to how we design, build, and deliver our AI-powered legal technology for law firms and in-house legal teams worldwide.

We are pleased to share that Definely is actively pursuing ISO/IEC 42001 certification, the world’s first international standard for Artificial Intelligence Management Systems (AIMS). This standard establishes a global benchmark for AI governance, risk management, transparency, and the ethical use of artificial intelligence, and further strengthens our existing compliance posture, including GDPR, ISO 27001, and SOC 2 Type II.

To support this journey:

We are working with British Assessment Bureau (BAB) — now part of Amtivo — a leading UKAS-accredited certification body, to independently assess our alignment with ISO/IEC 42001.

We are also partnering with Drata to continuously monitor and evidence our compliance against the standard as our systems and controls evolve.

As we continue to build and scale AI-powered legaltech solutions for enterprise customers such as Enhance and Cascade, this initiative reinforces our commitment to ensuring that our artificial intelligence is secure, transparent, well-governed, and responsibly managed by design.

We believe that strong AI governance is essential to earning and maintaining customer trust, and ISO/IEC 42001 provides a robust framework to support that commitment as the regulatory and risk landscape for AI continues to mature.

We will share further updates as we progress toward certification.

On October 28, 2025, Definely achieved its re-certification of its SOC 2 Type 2 compliance in accordance with the American Institute of Certified Public Accountants (AICPA) standards for SOC for Service Organizations, also known as SSAE 18.

Data privacy and security are at the heart of our business. Definely is committed to dedicate time, effort, and resources to ensure that we handle our customers' data to the best of our abilities and to conform to world-class industry standards.

Thank you to Prescient Security for their support.