All data that passes between you and LawVu is encrypted using industry-standard security protocols.
We encrypt all data at rest to AES-256, including databases, document files, backups and logs.
Data is protected in transit using HTTPS with TLS 1.2 and above.
As an organisation you have complete control over who you invite into your account and total flexibility when it comes to giving users access to individual matters and contracts. You can further control access by using roles and permissions settings within LawVu.
We support and encourage integration with your organisation’s single sign on technology using SAML2.0 and we require all SSO integrations to utilise SCIM provisioning for extra security. You can also enforce multi-factor authentication across your organisation’s account.
Internally we implement a password standard with enforced complexity rules across our organisation and use SSO with enforced 2FA wherever possible.
We utilise Microsoft Azure’s Security Center for real-time monitoring of all LawVu production systems including threat detection and network vulnerability scanning.
Alerts are triggered and sent to a monitored mailing list.
All new vulnerabilities and exceptions are assessed and added to our vulnerability and risk registers where necessary. Remediation plans are put in place in line with our patching standards policy which is available in the LawVu security pack.
We use Qualys WAS to check our system for new vulnerabilities daily.
All new vulnerabilities and exceptions are assessed and added to our vulnerability and risk registers where necessary. Remediation plans are put in place in line with our patching standards policy which is available in the LawVu security pack.
We partner with industry-leading crest certified security vendors so we can leverage their expertise and knowledge as well as have them perform third party security audits on our entire platform.
We undergo annual penetration tests of the LawVu application and services. Our pen test reports and remediation plans are made available in the LawVu security pack.
All changes to the LawVu application go through formal change control procedures which include the following phases:
Design
Development
Functional Testing
Regression Testing
Release to Production
Each of the development and test stages are performed in segregated development, QA and staging environments.
Our teams follow OWASP security by design principles and all development is peer reviewed before going through approval gates with a software architect, QA manager and senior management before release to production.
Client data is never copied to / used in non-production environments.
Confidential data, as well as data that can be related to individual persons is never used as test data.
All new staff undergo police and reference checks before access to client data is granted.
All employees are subject to perpetual confidentiality agreements.
All new employees participate in an information security induction and are required to review and sign our information security policies on their first day in the office.
New starters also participate in an online security awareness training program as part of their onboarding and receive refresher training annually thereafter.
We conduct periodic security awareness sessions for all staff throughout the year on selected security and privacy related topics.
Please click here to view our Information Security Policy Statement.
By clicking subscribe I acknowledge and accept the terms of the LawVu privacy policy (found here) and consent to receiving marketing emails from LawVu to stay up to date with news and events (you can unsubscribe at any time).
LawVu Head Office
26-28 Wharf Street, Tauranga 3110, New Zealand