Manage Information Anywhere

Castlepoint is a compliance, security and discovery management solution for all of your electronic data, in any of your business information systems.

​Step 1 - Register

We read and register every item in an environment, no matter what format or source system. We capture all the information about the item into our register

Step 2 - Classify and Index​

We use Artificial Intelligence to classify items and aggregations against rule sets (Records Authorities, security policies or ontologies, for example)

Step 3 - Manage​

We actively manage the items over time, updating their classifications whenever they are modified. We actively manage and report on  high-value/high-risk information.

Step 4 - Dispose

When a record comes due for disposal, we alert the records team, and show them where all the file parts are in any system, so that they can be disposed of.


  • Find everything due for disposition this week, in every single system
  • Find everything sentenced with a particular Class
  • Find everything subject to a freeze
  • Find everything related to an individual record or topic, across all systems
  • Find everything overdue for disposition, and see its potential risk and value
  • Find underclassified records, or items out of place
  • Report on all aspects of your compliance regime 


  • Identify data spills across the network
  • See a dashboard of all sensitive information, including PII, credit cards, TFNs and your own risk sets
  • Show ontologies of high-risk information based on your own 
  • Report and alert on new and modified risk data
  • See all audit events across the network by type
  • See all audit events on a record over time
  • See all audit events by a particular user
  • Report on all aspects of your high-risk data


  • Find everything from a function you need to transfer to another business area
  • Find every record you are working on across the enterprise through a single portal
  • Find everything related to a topic, no matter where it is
  • Find records from systems you are allowed to view but don’t have direct access to 
  • Find high-risk items, and view audit events 
  • Find high-value items, and re-use them to get full value from your assets

Castlepoint catalogues systems and information regardless of location or format, including Office 365, Amazon Web Services, Google Drive, Dropbox, Twitter, Microsoft SharePoint, databases, line of business applications, bespoke systems, legacy data stores, existing Electronic Document and Records Management Systems (EDRMS), and social media for example. Castlepoint can be implemented on premises, in our secure cloud, or in your cloud environment, and can manage systems in all environments. All information is registered in our information asset register, and remains in its source system for its whole lifespan. We take records and regulatory control to the information – we don’t need the information to be brought into our records and regulatory system.  This means users and business processes are never impacted by compliance obligations, and data integrity is never affected by migration or duplication.

Contact us  for a demonstration, presentation or a copy of the business whitepaper and the technical bluepaper.

Information compliance has traditionally relied on user compliance. We have asked users to save in certain locations, ‘make a record’ intermittently, apply metadata to individual items, use naming conventions and copy or move their content into records systems. As well as creating an unwelcome impost on users, this results in low-quality compliance outcomes, as users are not experts in compliance and often do not apply the correct rules. The same goes for security – we rely on users to know what information should be classified (which is not always obvious, when based on business impact) and to then label items correctly. This model has not been effective. Castlepoint addresses this challenge by using AI to identify the applicable rules and classifications for information based on its content, and to apply them centrally.

Previous approaches to achieving information compliance across a network have relied on either customising systems, closely integrating them together, or adding point solutions  in the form of agents and connectors. All of these approaches introduce technical risk. Customising, integrating and connecting systems in this way affects their supportability and upgrade path. The cost of deploying these approaches can be excessive, and the impact on the source system security, failover and sustainment can be high. Castlepoint addressed this challenge by avoiding any changes to source systems – it only needs read access to the system, like a user, to compliantly manage its data. 

As Artificial Intelligence and automation have become more common, many traditional compliance systems have modified their toolset to try to take advantages of the benefits of this new technology. But many of these automation approaches are ‘Mechanical Turks’ – they look like a robot, but there is a person inside. That person is often the records manager, who needs to write and manage hundreds or thousands of rules manually, so that the system can apply them ‘automatically’. Some Machine Learning approaches to compliance also use a highly supervised approach, requiring compliance teams to pull together thousands of curated examples of documents to match every single rule in order to ‘train’ those systems. Castlepoint addresses this challenge by training the AI engine on the rules, not just on the data, taking the burden off administrators so that they can spend their time actioning the insights from Castlepoint, not just feeding the machine. 

Other compliance systems require the source data itself to be moved, duplicated, or modified in order to apply the compliance rule. Moving information into compliance systems takes it out of its business context, reducing its usability. Duplicating information doubles the threat surface of PII and sensitive data, and halves the discoverability. Adding metadata labels or tags results in changes to original records, which can affect the integrity of both the record and its source system. Additionally, these labelling approaches do not address the full scope of compliance – the number of labels that can be applied is limited, meaning organisations have to choose whether to label based on retention rule, value marker or risk designation. This means that compliance is only ever addressed through a narrow lens. Castlepoint addresses this challenge by never moving or copying information, or modifying it in any way – we register all the metadata about an item, including as many compliance attributes as required, in the Castlepoint information asset register, where it is centrally available for search, reporting and oversight.  

es_ESSpanish en_USEnglish