Our security practices passed more than 100 different security reviews and multiple onsite privacy assessments from fortune 500 companies, banks, and government entities.
At LawLogix, we believe in adhering to only the strictest of security standards. Unlike other vendors in this space, LawLogix owns ALL the hardware related to our private cloud environment to provide genuine data segregation and security that far exceeds industry regulations.
In our rigorous attempts to ensure the highest level of system security, we contracted with a security expert, SecureWorks, to conduct a $50,000 evaluation of our security practices. This was not just a quick PEN Test performed with free software, but a combination of automated and manual penetration testing, web application testing, network configuration analysis, and a social engineering exercise. The successful completion of these evaluations confirmed our multi-layered approach to security is best in class.
Unlike most vendors, LawLogix owns and utilizes distributed SAN (Storage Area Network) technology. While upfront costs are high, experts agree that using SAN is the best defense against catastrophes because it provides superior protection against data loss in a disaster event. Applications running traditional servers may fail through data corruption caused by the server disks, but the storage arrays in SAN use superior algorithms to make sure your data will always stay consistent.
LawLogix uses Certified SSAE 16 SOC 1 Type 2 Facilities to ensure privacy and continuous up time and service. LawLogix cyber-threat resistant multiple UNIX server clusters are hosted at CyberTrails, a Tier 1 co-location facility located in seismically neutral, non-flood, non-fire risk zone with the primary facility located in Phoenix, Arizona.
Access to the facility is controlled by biometric authentication, swipe card validation, sign-in logs and 24-hour video monitoring.
All client Personal Identifiable Information (i.e. Social Security number, date of birth, etc.) is encrypted ‘at rest’ with the highest level of security allowed by U.S. law, currently 128-bit AES.
All communications (i.e. in transit) between clients and our servers are encrypted with VeriSign Class 3 128-bit Encryption Utilizing SSLv3/TLSv1.
A Tipping Point IDS/IPS is used to scan the network and prevent malicious attacks. State monitoring occurs every 20 seconds, 10 seconds for HA failover, throughout the IDS/IPS to ensure all systems are running at optimal performance.
LawLogix utilizes McAfee Secure to conduct enterprise level vulnerability scanning and daily penetration testing. Any vulnerability detected by McAfee is immediately tested in our development environment before deploying to the production environment.
LawLogix employs a typical SaaS architecture with a front-end web server, and application server, a reports server, and a database server. All of those components reside behind dual redundant 3Com X-5 firewalls with 24/7 live intrusion monitoring and prevention.