Last updated: July 9, 2020
Background
SimpleLegal recognizes your expectation of privacy and security and we greatly value and appreciate the trust you place in us to maintain the privacy and security of your data. We have implemented business practices that limit the availability of confidential information. We have also implemented technical safeguards to reduce the likelihood of an external breach of our systems.
Physical Security
- SSAE18 SOC 2 Type 2 Data Center (Hosted at AWS)
- Redundant power connections with standby generators
- Multiple redundant network connections
- Biometric scanning for controlled data center access
- Physical Security audited by independent firm
- 24/7 video monitoring
Application Security:
- Data at rest secured with AES-256 block-level encryption
- Data in transit utilizes Secure Socket Layer (SSL) connections using TLS 1.2 encryption to secure data
- Antivirus on the infrastructure and employee workstations
- Vulnerability scans on the SimpleLegal environment
- Annual penetration testing conducted by an external vendor
- Managed web application firewall
- Enforced multi-factor authentication and secure passwords for critical systems
- Logged application activity includes, source IP address, user information, page visits, transactions processed, and other relevant information
Operation Security:
- SimpleLegal audits to SSAE18 SOC 1 Type 2 and SSAE18 SOC 2 Type 2 standards, verified by an independent auditing firm
- Required Security Awareness Training for all employees
- Annually reviewed Compliance policies and procedures
- Access to confidential information is restricted to authorized personnel only, according to documented procedures