Excellence in Security and Data Integrity

Everything we touch is confidential, and every case we work on is sensitive. Given that our clients are the largest organizations in the world with the highest information security standards, we handle high-stakes matters daily.

At Divergent, we recognize the paramount importance of information security, business continuity, and operational effectiveness to our clients. As such, we have worked tirelessly to prepare for SOC 2 Type II certification. Divergent is currently in its observation period to achieve certification during Q1 of 2025.

SOC 2 Type II compliance will provide a more tangible form of assurance to clients that Divergent has implemented and adheres to essential policies and critical controls and prove our commitment to maintaining a robust data security program that meets industry standards.

The boutique nature of Divergent means that, unlike large enterprises with hundreds of individuals and systems, a select group of highly experienced and thoroughly vetted experts handle every step of the process. This allows us to be highly responsive, ensuring close attention to every project with direct oversight from senior leadership. This level of hands-on management enables us to maintain rigorous quality control, reducing operational risks typically associated with larger organizations.

Our Policies Are Based on the Following Foundational Principles:

• Access is limited to only those with a legitimate business need and granted based on the principle of least privilege.
• Security controls are applied consistently across all areas of our business.
• The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.

Vendor Security

Divergent uses a risk-based approach to vendor security. Factors which influence the inherent risk rating of a vendor include:

• Access to customer and corporate data
• Integration with production environments
• Potential damage to the Divergent brand

Once the inherent risk rating has been determined, the vendor’s security is evaluated to determine a residual risk rating and an approval decision. All vendors have strict agreements with Divergent outlining a range of standards and a code of conduct. Where SOC 2 or ISO certifications are unavailable, Divergent ensures third-party risk assessments are carried out.

CertaTranslate Security

Divergent currently deploys one web application called CertaTranslate, designed exclusively for pro bono professionals and individuals dealing with immigration matters who need smaller translation requirements.

CertaTranslate is a publicly available ordering platform. No account is necessary. This public-use application can be used to obtain quotes and place an order. Please note that this is not a machine translation ordering service. Instead, CertaTranslate automates some otherwise manual and time-consuming steps and then passes on an order for our traditional human translation to the Divergent production team.

Divergent conducts vulnerability scanning at key stages of our Secure Development Lifecycle (SDLC):