We take security seriously

We deal with sensitive, business critical information, and we take this responsibility seriously. We have invested in systems and processes designed to promote security, reliability maximum uptime.

Delivered from the World’s Leading Technology Infrastructure

LawVu is hosted on the Microsoft Azure platform. App Service
within Azure is designed for building and hosting secure
mission-critical applications that can be hosted on a secure
cloud platform. The Azure cloud hosting platform is compliant
with ISO information security standard, SOC2 accounting
standards and PCI security standards, and comes complete with
enterprise-level SLAs.
The Microsoft cloud services’ environment meets numerous
government-mandated, regional and country-specific
data security standards and industry-specific security
requirements in addition to Microsoft’s own business-driven
specifications. Microsoft’s compliance framework is based
on security capabilities from sources such as the National
Institute of Standards and Technology (NIST) Special
Publication 800-53, ISO/IEC 27001:2013, AT 101 Service
Organization Controls (SOC) 2 Trust Service Principles, the
European Union Data Protection Directive.
The data centre uses the ISO/IEC 27001:2013 approach to
provide a mechanism of continual improvement. Microsoft
regularly monitors changes in regulatory needs and adjusts
the compliance framework and audit schedule accordingly.
In addition to providing a high level of assurance that
Microsoft’s controls are operating as expected, the
compliance framework also results in several important
certifications and attestations for Microsoft’s cloud
infrastructure, including ISO/IEC 27001:2013 certification,
SSAE 16/ISAE 3402 SOC 1 Type I and Type II and AT Section
101 SOC 2 and 3 Type I and Type II attestations, as well as
FedRAMP and FISMA Certification and Accreditation.

Application and Data Security: A Top Priority

We employ many different layers of security to keep your data safe. These security policies and processes follow industry best practices whenever possible and are periodically reviewed for conformance and compliance.

  • All authentication and data transfer is fully encrypted, and conducted via SSL.
  • We employ firewall protections that prevent unauthorized users from attempting to connect to us.
  • We have separate privileges for customer data and application access, and customer data is not commingled.
  • We employ an industry leading 3rd Party Security Scanning service audits our externally facing infrastructure to determine any possible security threats daily.
  • Source Code Management is employed for all applications and development processes.
  • Application source code is hosted using an industry leading secure, third party source code repository.

Geo-Redundancy

All live data within the LawVu system is actively replicated
from our primary data centre (Azure Australia East DC) to a
secondary copy in another region (Azure Australia Southeast
DC) using Azure Active Geo-Replication.
One of the primary benefits of Active Geo-Replication is that
it provides a database-level disaster recovery solution with
low recovery time.
By placing the secondary database on a server in a different
region we achieve a high level of resilience. Cross-region
redundancy would position us to recover from a permanent
loss of an entire data centre or parts of a data centre caused by
natural disasters, catastrophic human errors or malicious acts

LawVu Database Encryption

We employ real-time encryption of all production databases,
associated backups and transaction log files.
Storage is protected using a symmetric key called the
database encryption key. In SQL Database the database
encryption key is protected by a built-in server certificate.
Microsoft automatically rotates these certificates at least
every 90 days.

Backups and Disaster Recovery

All databases are protected with an automatic backup system.
Database backups are retained for a minimum of 14 days,
with a point-in-time restore facility allowing us to restore a
historical version of the database as at any point (down to the
second) in the retention period.

Secure system access

All access to LawVu is performed via web browser over secure
256 bit SSL. URLs for white-listing:
https://go.lawvu.com
https://api.lawvu.com
Our system enforces a baseline level of password complexity
(minimum 8 characters, at least one special and numeric
character required) and multi-factor authentication is
scheduled for release in 2017