We put data security at the forefront of everything that we do because we understand that your data is sensitive and valuable.

Here are some of the ways LawVu keeps your data secure.

Information security policy

Data protection

Data Encryption

All data that passes between you and LawVu is encrypted using industry-standard security protocols. 

We encrypt all data at rest to AES-256, including databases, document files, backups and logs.

Data is protected in transit using HTTPS with TLS 1.2 and above.

Access Control

As an organisation you have complete control over who you invite into your account and total flexibility when it comes to giving users access to individual matters and contracts. You can further control access by using roles and permissions settings within LawVu.

We support and encourage integration with your organisation’s single sign on technology using SAML2.0 and we require all SSO integrations to utilise SCIM provisioning for extra security. You can also enforce multi-factor authentication across your organisation’s account.

Internally we implement a password standard with enforced complexity rules across our organisation and use SSO with enforced 2FA wherever possible.

Platform and network security

Real time monitoring and alerting

We utilise Microsoft Azure’s Security Center for real time monitoring of all LawVu production systems including threat detection and network vulnerability scanning.

Alerts are triggered and sent to a monitored mailing list.

All new vulnerabilities and exceptions are assessed and added to our vulnerability and risk registers where necessary. Remediation plans are put in place in line with our patching standards policy which is available in the LawVu  security pack.

Application vulnerability scanning

We use Qualys WAS to check our system for new vulnerabilities daily.

All new vulnerabilities and exceptions are assessed and added to our vulnerability and risk registers where necessary. Remediation plans are put in place in line with our patching standards policy which is available in the LawVu security pack.

External Audits

Penetration Testing

We partner with industry-leading crest certified security vendors so we can leverage their expertise and knowledge as well as have them perform third party security audits on our entire platform.

We undergo annual penetration tests of the LawVu application and services. Our pen test reports and remediation plans are made available in the LawVu security pack.

Secure Developmnent

Development Process

All changes to the LawVu application go through formal change control procedures which include the following phases:

  • Design
  • Development
  • Functional Testing
  • Regression Testing
  • Release to Production

Each of the development and test stages are performed in segregated development, QA and staging environments.

Our teams follow OWASP security by design principles and all development is peer reviewed before going through approval gates with a software architect, QA manager and senior management before release to production.

Test Data

Client data is never copied to / used in non-production environments.

Confidential data, as well as data that can be related to individual persons is never used as test data.

Personnel

Background Verification Checks

All new staff undergo police and reference checks before access to client data is granted.k

Confidentiality Requirements

All employees are subject to perpetual confidentiality agreements.

Security Awareness

All new employees participate in an information security induction and are required to review and sign our information security policies on their first day in the office.

New starters also participate in an online security awareness training program as part of their onboarding and receive refresher training annually thereafter.

We conduct periodic security awareness sessions for all staff throughout the year on selected security and privacy related topics

LawVu Security Pack

Everything you need to get started on your security assessment.

Menu