Ensuring legal technology software meet appropriate information security standards is critical to any procurement decision, and this checklist will help you to move through the Q&A stage as quickly as possible.
How do you ensure your legal and company information is kept securely, and appropriate measures are taken to protect against data loss? This 8-point checklist will ensure you can get some immediate comfort from your cloud based legal software provider before making a purchasing or 'try before you buy' decision.
Why is this important? Some organizations have policies to maintain data - particularly data about their clients - onshore, or in the same jurisdiction as their head office. By knowing where your data is stored, you will be able to give consideration to adherence to data sovereignty and privacy regulation.
Why is this important? A reputable data host satisfies a very wide range of information security requirements, particularly around architecture, physical infrastructure, firewall and redundancy.
Why is this important? Whilst a good data host is important, the application itself should also be built to ensure high levels of security. The best way to test this security is with regular, independent penetration testing by a reputation firm specialising in this work.
Why is this important? Encryption at rest and in transit should be standard in the application. Encryption at rest protects your data in the event of a matter management system compromise or data theft by encrypting data while stored. Encryption in transit protects your data if communications are intercepted while data moves across the internet or a network.
Why is this important? It's sometimes necessary for your legal matter management software provider to have access to your data, to provide you with the service you require. However, you should understand how this access is gained, whether audit history is kept of access to the data and the policies and processes which govern access to your data.
Why is this important? It's useful to understand that your legal management software provider has built a culture of protecting client data and that staff have a regular and thorough training schedule to be reminded of policies and processes, and kept up to date on new developments on information security.
Why is this important? Even mega corporations get hacked - ensuring that your legal matter management software provider has given careful consideration to what it will do in such an event will mean that in the unlikely but unfortunate circumstance in which it occurs, protection of your data and communication of the risks and steps being taken, are the #1 priority.
Why is this important? Losing data is one thing, losing access to an entire legal matter software is the next step up, and can be crippling if you have come to rely on technical tools to conduct business. If your matter management system goes down, be sure that your provider has the right steps in place to bring it back to full operation as quickly as possible.
This checklist covers LegalTech information security questions only. A more comprehensive look at IT questions can be seen in this blog post - 10 questions to ask before you go to your CIO.
If you are getting started on building a legal technology roadmap for your in-house legal department, download the white paper and template to help you get started.
Two-thirds to three-quarters of large organizations struggle to implement their strategies. Download Xakia’s ready-to-use Legal Department Strategic...
How can you prepare for the year ahead, amid stagnant budgets, growing workloads, and economic uncertainty? Here are three tips for an in-house legal...
How do you quickly and easily change the way your corporate legal team operates for a more effective (and less stressful!) 2018?