We understand that your data is sensitive and valuable and that is why we put data security at the forefront of everything we do.

Here are some of the ways that LawVu keeps your data secure.

Data Protection

Data Encryption

All data that passes between you and LawVu is encrypted using industry-standard security protocols.

We encrypt all data at rest to AES-256, including databases, document files, backups and logs.

Data is protected in transit using HTTPS with TLS 1.2 and above.

Access control

As an organisation you have complete control over who you invite into your account and total flexibility when it comes to giving users access to individual matters and contracts. You can further control access by using roles and permissions settings within LawVu.

We support and encourage integration with your organisation’s single sign on technology using SAML2.0 and we require all SSO integrations to utilise SCIM provisioning for extra security. You can also enforce multi-factor authentication across your organisation’s account.

Internally we implement a password standard with enforced complexity rules across our organisation and use SSO with enforced 2FA wherever possible.

Platform and network security

Real time monitoring and alerting

We utilise Microsoft Azure’s Security Center for real-time monitoring of all LawVu production systems including threat detection and network vulnerability scanning.

Alerts are triggered and sent to a monitored mailing list.

All new vulnerabilities and exceptions are assessed and added to our vulnerability and risk registers where necessary. Remediation plans are put in place in line with our patching standards policy which is available in the LawVu security pack.

Application vulnerability scanning

We use Qualys WAS to check our system for new vulnerabilities daily.

All new vulnerabilities and exceptions are assessed and added to our vulnerability and risk registers where necessary. Remediation plans are put in place in line with our patching standards policy which is available in the LawVu security pack.

External audits

Penetration testing

We partner with industry-leading crest certified security vendors so we can leverage their expertise and knowledge as well as have them perform third party security audits on our entire platform.

We undergo annual penetration tests of the LawVu application and services. Our pen test reports and remediation plans are made available in the LawVu security pack.

Secure development

Development process

All changes to the LawVu application go through formal change control procedures which include the following phases:

Design
Development
Functional Testing
Regression Testing
Release to Production
Each of the development and test stages are performed in segregated development, QA and staging environments.

Our teams follow OWASP security by design principles and all development is peer reviewed before going through approval gates with a software architect, QA manager and senior management before release to production.

Test data

Client data is never copied to / used in non-production environments.

Confidential data, as well as data that can be related to individual persons is never used as test data.

Personnel

Background verification checks

All new staff undergo police and reference checks before access to client data is granted.

Confidentiality requirements

All employees are subject to perpetual confidentiality agreements.

Security awareness

All new employees participate in an information security induction and are required to review and sign our information security policies on their first day in the office.

New starters also participate in an online security awareness training program as part of their onboarding and receive refresher training annually thereafter.

We conduct periodic security awareness sessions for all staff throughout the year on selected security and privacy related topics.

Policies / Statements

Information Security Policy Statement

Please click here to view our Information Security Policy Statement.

Request a copy of our security pack

The LawVu Security pack contains everything your organisation needs to get started on a security assestment of LawVu.

By clicking subscribe I acknowledge and accept the terms of the LawVu privacy policy (found here) and consent to receiving marketing emails from LawVu to stay up to date with news and events (you can unsubscribe at any time).

United States of America
+1-213-634-4557
LawVu logo

LawVu Head Office
26-28 Wharf Street, Tauranga 3110, New Zealand