LEGAL ADJACENCY DATA SECURITY OVERVIEW
Last updated: January 14, 2021.
This security overview describes the minimum security standards that Legal Adjacency maintains to protect our data and the data and other information provided by you to us during the course of providing services to you (“Client Data”) from unauthorized use, access, disclosure, theft, or manipulation*.
• We aim to be consistent with current leading industry standards. Legal Adjacency’s security framework includes administrative, technical, and physical safeguards reasonably designed to protect the confidentiality, integrity, and availability of Client Data that is accessed, collected, used, stored, or transmitted by Legal Adjacency and its authorized representatives.
• Legal Adjacency’s office space has a physical security program that manages visitors, building entrances, and overall office security.
• We keep our systems and software up-to-date with the latest upgrades, updates, bug fixes, new versions, and other modifications necessary to ensure the security of systems and data to protect Client Data from known or reasonably anticipated threats or hazards to its security and integrity, accidental loss, alteration, disclosure and all other unlawful forms of processing.
• Legal Adjacency’s current policy for password management requirements for any software or systems where Client Data is stored includes either the use of biometric authentication or strong password practices, including a 20 character minimum, with at least three of the following characteristics: upper case letter, lower case letter, number, special character, and the use of two-factor authentication (2FA).
• Legal Adjacency performs regular backups of data. Backup data are retained redundantly across availability zones and are encrypted in transit and at rest using 256-bit Advanced Encryption Standard (AES-256) server-side encryption.
• Firewalls are utilized to restrict access to systems from external networks and between systems internally. Firewalls used provide both ingress and egress filtering and have a default policy of blocking network traffic.
• As with virtually all law firms, we do not segment Client Data from other clients’ data. Your Client Data may reside on the same servers as another Legal Adjacency’s client’s data. We consider Client Data private and confidential and do not permit anyone other than Legal Adjacency employees to access it unless you explicitly share it or authorize us to share it with someone.
• Legal Adjacency uses third-party vendors to support our internal operations or how we provide services to you. Legal Adjacency carries out a security risk-based assessment of prospective vendors before working with those vendors to validate that prospective vendors meet Legal Adjacency’s security requirements. Legal Adjacency periodically reviews each vendor in light of Legal Adjacency’s security standards, including the type of access and classification of data being accessed (if any), controls necessary to protect data, and legal/regulatory requirements. Legal Adjacency ensures that Client Data is returned or deleted at the end of a vendor relationship. For the avoidance of doubt, telecommunication providers are not considered subcontractors of Legal Adjacency.
• Legal Adjacency enters into agreements with all of its vendors, which provide an appropriate level of protection for the confidential or personal data contained within the Client Data that these vendors may process.
• We currently use the Microsoft 365 suite of software. By default, any data, including client data, generated using a Microsoft 365 product not stored locally on Legal Adjacency devices is stored on Microsoft’s Canadian data servers.
• Legal Adjacency uses a cloud-based legal practice management solution as part of managing our practice and business. Client Data stored as part of our use of this service is hosted by Amazon Web Services (“AWS”). The current location of the AWS data center infrastructure used by our legal practice management vendor is located in the United Kingdom.
• Legal Adjacency uses a third-party vendor for our client portals. Client Data stored in a client portal is hosted by our third-party vendor using AWS. The current location of the AWS data center infrastructure used by our client portal vendor is located in Ireland.
• Further information about the security provided by AWS is available from the AWS security webpage available at https://aws.amazon.com/security/. In addition, the overview of AWS’s security process is available at https://aws.amazon.com/whitepapers/overview-of-security-processes/.
• AWS data centers that host Legal Adjacency Services are strictly controlled at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors must present identification and are signed in and continually escorted by authorized staff. These facilities are designed to withstand adverse weather and other reasonably predictable natural conditions. Each data center has redundant electrical power systems that are available twenty-four (24) hours a day, seven (7) days a week. Uninterruptible power supplies and on-site generators are available to provide backup power in the event of an electrical failure. More details about the physical security of AWS data centers used by Legal Adjacency’s vendors are available at https://aws.amazon.com/whitepapers/overview-of-security-processes/.
*The content of this security overview is for informational purposes only. To the fullest extent permitted by law, Legal Adjacency expressly disclaims all and makes no representations, warranties, conditions, or undertakings of any kind, whether express or implied, in connection with this security overview.