Our compliance program is
designed to make your life easier.

We design our information security management system inline with industry standard control frameworks such as ISO27001 and SOC2

ISO 27001

ISO 27001 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.

LawVu achieved ISO27001 in April 2019 and maintains annual internal and external audits to keep our certification current.

Our statement of applicability and certification documents are available as part of the LawVu security pack.

SOC2

SOC 2 (System and Organization Controls) is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality of a cloud service.

LawVu was first audited for SOC2 compliance in January 2020. Our full report is available as part of the LawVu security pack.

Risk Management

At LawVu we maintain a comprehensive risk management program.

Annual risk assessments require participation from the whole organisation to identify risk across the entire company.

Our risk assessment standard utilises an evaluation matrix based around confidentiality, integrity and availability (CIA) and our treatment policy requires the application of applicable controls from the ISO27001 standard to mitigate all identified risks.

The risk assessment and treatment plan are reviewed by senior management to ensure that all residual risks are understood and accepted and a risk assessment report is produced.

Risk assessments are also triggered after any major change.

Supplier Relationships

LawVu seeks to maintain the security of our sensitive data and systems whenever they are accessed, processed or managed by external parties. Therefore, the risks to our data and systems from external parties are quantified, and appropriate controls implemented, before access is granted.

Where sensitive information is shared with external service providers, the commercial agreement will specify their information security responsibilities. External service providers who handle our sensitive information will agree to adhere to our information security policy. LawVu also maintains the right to audit external parties that handle our sensitive information.

LawVu Security Pack

Everything you need to get started on your security assessment.

Menu