Check out our new thought leadership series - "The journey to becoming a data-informed legal team"

We design our information security management system in line with industry-standard control frameworks such as ISO27001,  SOC 2 and SOC 1

Compliance program
LawVu legal operations software is ISO27001 Compliant

ISO 27001

ISO 27001 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.

LawVu achieved ISO27001 in April 2019 and maintains annual internal and external audits to keep our certification current.

Our statement of applicability and certification documents are available as part of the LawVu security pack.

LawVu legal operations software is SOC1 Compliant


SOC 1 (System and Organization Controls) is a regularly refreshed report of the internal controls that are likely to be relevant to an audit of a customer’s financial statements.

LawVu was first audited for SOC1 compliance in February 2021. Our full report is available as part of the LawVu security pack.

LawVu legal operations software is SOC2 Compliant


SOC 2 (System and Organization Controls) is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality of a cloud service.

LawVu was first audited for SOC2 compliance in January 2020. Our full report is available as part of the LawVu security pack.

Risk management

At LawVu we maintain a comprehensive risk management program.

Annual risk assessments require participation from the whole organisation to identify risk across the entire company.

Our risk assessment standard utilises an evaluation matrix based around confidentiality, integrity and availability (CIA) and our treatment policy requires the application of applicable controls from the ISO27001 standard to mitigate all identified risks.

The risk assessment and treatment plan are reviewed by senior management to ensure that all residual risks are understood and accepted and a risk assessment report is produced.

Risk assessments are also triggered after any major change.

Supplier relationships

LawVu seeks to maintain the security of our sensitive data and systems whenever they are accessed, processed or managed by external parties. Therefore, the risks to our data and systems from external parties are quantified, and appropriate controls implemented before access is granted.

Where sensitive information is shared with external service providers, the commercial agreement will specify their information security responsibilities. External service providers who handle our sensitive information will agree to adhere to our information security policy. LawVu also maintains the right to audit external parties that handle our sensitive information.

LawVu In house legal operations software security pack

Request a copy of our security pack

The LawVu Security pack contains everything your organisation needs to get started on a security assestment of LawVu.