We design our information security management system in line with industry-standard control frameworks such as ISO27001,  SOC 2, SOC 1 & HIPAA

ISO 27001

ISO 27001 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.

LawVu achieved ISO27001 in April 2019 and maintains annual internal and external audits to keep our certification current.

Our statement of applicability and certification documents are available as part of the LawVu security pack.

SOC 1

SOC 1 (System and Organization Controls) is a regularly refreshed report of the internal controls that are likely to be relevant to an audit of a customer’s financial statements.

LawVu was first audited for SOC1 compliance in February 2021. Our full report is available as part of the LawVu security pack.

HIPAA

HIPAA is the Health Insurance Portability and Accountability Act that was passed by US Congress in 1996 for the protection of health information.

LawVu has achieved an independent seal of compliance from Compliancy Group, LLC and continues to work with them on an ongoing basis to maintain and illustrate compliance.

Risk management

At LawVu we maintain a comprehensive risk management program.

Annual risk assessments require participation from the whole organisation to identify risk across the entire company.

Our risk assessment standard utilises an evaluation matrix based around confidentiality, integrity and availability (CIA) and our treatment policy requires the application of applicable controls from the ISO27001 standard to mitigate all identified risks.

The risk assessment and treatment plan are reviewed by senior management to ensure that all residual risks are understood and accepted and a risk assessment report is produced.

Risk assessments are also triggered after any major change.