Manage Information Anywhere

Castlepoint is a compliance, security and discovery management solution for all of your electronic data, in any of your business information systems.

Manage your whole organisation's


  • Records retention
  • Regulatory rules
  • Freezes and holds
  • Reporting


  • Sensitive information 
  • Classified information
  • Auditing and investigations
  • Risk data


  • Search for items
  • Browse by functions and topics
  • View trends over time
  • Support FOI and eDiscovery

Castlepoint catalogues systems and information regardless of location or format, including Office 365, Amazon Web Services, Google Drive, Dropbox, Twitter, Microsoft SharePoint, databases, line of business applications, bespoke systems, legacy data stores, existing Electronic Document and Records Management Systems (EDRMS), and social media, for example. Castlepoint can manage any information format, in any system, on premises or in the cloud.

Contact us  for a demonstration, presentation or a copy of the business whitepaper and the technical bluepaper.

No negative impact on

Information compliance has traditionally relied on user compliance. We have asked users to save in certain locations, ‘make a record’ intermittently, apply metadata to individual items, use naming conventions, and copy or move their content into records systems. As well as creating an unwelcome impost on users, this results in low-quality compliance outcomes, as users are not experts in compliance and often do not apply the correct rules. The same goes for security – we rely on users to know what information should be classified (which is not always obvious) and to then label items correctly. This model has not been effective. Castlepoint addresses this challenge by using AI to identify the applicable rules and classifications for information based on its content, and to apply them centrally.

Previous approaches to achieving information command and control across a network have relied on either customising systems, closely integrating them together, or adding point solutions in the form of agents and connectors. All of these approaches introduce technical risk. Customising, integrating and connecting systems in this way affects their supportability and upgrade path. The cost of deploying these approaches can be excessive, and the impact on the source system security, failover, and sustainment can be high. Castlepoint addresses this challenge by avoiding any changes to source systems – it only needs read access to the system, like a user, to compliantly manage its data. 

As Artificial Intelligence and automation have become more common, many traditional compliance systems have modified their toolset to try to take advantages of the benefits of this new technology. But many of these automation approaches are ‘Mechanical Turks’ – they look like a robot, but there is a person inside. That person is often the records or compliance manager, who needs to write and manage hundreds or thousands of rules manually, so that the system can apply them ‘automatically’. Some Machine Learning approaches to compliance also use a highly supervised approach, requiring compliance teams to pull together thousands of curated examples of documents to match every single rule in order to ‘train’ those systems. Castlepoint addresses this challenge by training the AI on the rules, not just on the data, taking the burden off administrators so that they can spend their time actioning the insights from Castlepoint, not just feeding the machine. 

Other compliance systems require the source data itself to be moved, duplicated, or modified in order to apply the compliance rule. Moving information into compliance systems takes it out of its business context, reducing its usability. Duplicating information doubles the threat surface of PII and sensitive data, and halves the discoverability. Adding metadata labels or tags results in changes to original records, which can affect the integrity of both the record and its source system. Additionally, these labelling approaches do not address the full scope of compliance – the number of labels that can be applied is limited, meaning organisations have to choose whether to label based on retention rule, value marker or risk designation. This means that compliance is only ever addressed through a narrow lens. Castlepoint addresses this challenge by never moving or copying information, or modifying it in any way – we register all the metadata about an item, including as many compliance attributes as required, in the Castlepoint information asset register, where it is centrally available for search, reporting and oversight.