Ensuring legal software meet information security standards is critical to any procurement decision. This checklist will help you to move through the Q&A stage...
How do you ensure your legal and company information is kept securely, and appropriate measures are taken to protect against data loss? This 8-point information security checklist will ensure you can get some immediate comfort from your cloud based legal matter software provider before making a purchasing or 'try before you buy' decision.
Some organizations have policies to maintain data - particularly data about their clients - onshore, or in the same jurisdiction as their head office. By knowing where your data is stored, you will be able to give consideration to adherence to data sovereignty and privacy regulation. There is a shift towards cloud storage solutions like Amazon S3 or Google Cloud, which provide robust security features.
A reputable data host satisfies a very wide range of information security requirements, particularly around architecture, physical infrastructure, firewall and redundancy.
Whilst a good data host is important, the application itself should also be built to ensure high levels of security. The best way to test this security is with regular, independent penetration testing by a reputable firm specialising in this work. Penetration testing is important to an organization's security, as you can detect any potential problems and address them quickly before any malicious attacks occur. One of the main reasons for regular penetration testing is to verify that remediation efforts were effective. Penetration testing should be performed on a at least once or twice a year.
Encryption at rest and in transit should be standard in the application. Encryption at rest protects your data in the event of a matter management system compromise or data theft by encrypting data while stored. Encryption in transit protects your data if communications are intercepted while data moves across the internet or a network.
It's sometimes necessary for your legal matter management software provider to have access to your data, to provide you with the service you require. However, you should understand how this access is gained, whether an audit history is kept of access to the data and the policies and processes which govern access to your data.
It's useful to understand that your legal matter management software provider has built a culture of protecting client data. Staff should have a regular and thorough training schedule to be reminded of policies and processes, and kept up to date on new developments on information security and cybersecurity best practices. Information security awareness training for employees is important as it helps them understand the importance of cybersecurity, the potential risks and threats and how to prevent breaches.
Even mega corporations get hacked - ensuring that your legal matter management software provider has given careful consideration to what it will do in such an event will mean that in the unlikely but unfortunate circumstance in which it occurs, protection of your data and communication of the risks and steps being taken, are the #1 priority.
Losing data is one thing, losing access to an entire matter management software is the next step up, and can be crippling if you have come to rely on technical tools to conduct business. If your matter management system goes down, be sure that your provider has a cloud-based disaster recover solution in place to minimize downtime and data loss in case of a system failure and they're able to bring it back to full operation as quickly as possible.
This checklist covers LegalTech information security questions only. A more comprehensive look at IT questions can be seen in this blog post - 10 questions to ask before you go to your CIO.
If you are getting started on building a legal technology roadmap for your in-house legal department, download the white paper and template to help you get started.
Xakia takes your security seriously. Xakia is certified as compliant with ISO/IEC 27001:2013. To learn more about our security, get in touch with the friendly team today or get a demo to see our legal matter management software in action.
Municipal legal teams are looking for ways to better manage work and identify efficiency improvements. Here are some themes from IMLA 2023.
As you explore legal technology solutions, it’s imperative to get buy-in from your IT department. Here are 10 questions to answer before you meet the...
There's a shift to move to the cloud, but what does this mean for in-house lawyers? Learn the key points when evaluating cloud-based legaltech...
Legal matter management for in-house legal teams who need to ruthlessly triage the chaos