Menu

LawWare statement of cyber-security responsibilities

statement of security responsibilitiesLawWare is committed to building strong information security safeguards into all its software and everything it does. By working closely with our datacentres, we ensure that the highest standards of security and resilience are met at all times within our fully managed and protected environment.

Our  key security protection measures are described in the following points.

Procedures, maintenance & testing.

LawCloud information security procedures for protecting systems against vulnerabilities.

Our data centre partners have designated Information Security Managers who are responsible for managing and implementing security standards, policies and best practice. The Network, Infrastructure and Quality Assurance teams support the Information Security Manager. They have internal information security policies, which their Information Security Committees govern.

LawWare patch management process.

Datacentres prioritise the patching of internal systems by role, importance and location in the network. It automatically deploys and manages patches where appropriate. In addition to this, we update each LawCloud server ourselves with updates released for Microsoft operating systems and all application software used on the cloud. These are tested on a test server before being rolled out to all servers. Assuming all updates pass our compatibility test, they are applied within 3 days of passing the test. Microsoft releases these security updates at least monthly, other vendor’s timescales differ.

Deployment and updating of anti-virus software.

We implement a robust, industry leading anti-virus software on all our servers. Virus definition updates are applied daily as a minimum and hourly where required.

If you have an email subscription through us under Office 365 then you are protected in addition by Microsoft Exchange Online Protection EOP (anti-spam and anti-malware).

LawCloud is also a member of CISP (Find out more about CISPHelping us to keep a watchful eye on securty.

CISP is the Cyber-Security Information Sharing Partnership, a joint, collaborative initiative between industry and government to share cyber threat and vulnerability information to increase overall situational awareness of the cyber threat and therefore reduce the impact upon UK business.

Use of firewalls to protect systems and data from the internet and other untrusted sources.

All LawCloud servers sit behind the strongest and most secure firewalls that we are able to implement. For VMware platforms, we use Edge Gateway and for Hyper-V, we tend to favour Cisco Virtual Firewall (Cisco Adaptive Security Appliance operating on Cisco ASA5550).

Windows Firewall is enabled on each individual server.

Use and frequency of penetration testing.

Our data centre partners conduct penetration testing of the internal infrastructure on an ongoing program on a risk based approach and on all new services before going live.

Security of datacentres.

Data centre policies and procedures ensure that our team:

  • Conducts annual physical security reviews to ensure it adheres with policies and best practices
  • Escorts visitors while they’re in data centres and signs them in and out of facilities.
  • Restricts access to data centres with fences, gates, swipe-card-entry systems and role-based privileges.
  • Protects facilities with out-of-hours security guards, CCTV monitoring and a reception that’s manned 24/7/365.
  • Maintains operations during short-term power fluctuations with reserve power supplies, backups (e.g. uninterrupted power supply) and redundant generators, which are tested regularly.
  • Maintains optimum environmental conditions in the data centres with air-conditioning systems, which are tested regularly.
  • Provides fire detection and suppression systems, which are tested regularly.

Where is your data held and how is it protected?

At LawWare, the security and safety of your data is our paramount concern. We have invested a great deal of resource and technical expertise to make sure your data meets industry safety and compliance standards and we partner with the UK’s most secure and robust data centres to host your data.

LawCloud uses a number of hosting providers who all offer state-of-the art security solutions.

Our hosting providers offer:

  • A >99.9% uptime SLA
  • Monitoring services
  • Unlimited bandwidth (network traffic)
  • Automatic failover
  • SSL certificate
  • RAID protected storage

ISO 27001 – Information Security.

2012_iso-logo_printISO 27001 sets out the requirements of Information Security Management systems. It is part of the ISO 27000 family of standards relating to information and cyber security and offers a comprehensive set of controls based on best practice in information security. The accreditation shows our hosting providers’ compliance with regulatory and contractual requirements regarding data security, privacy and IT governance.

 

ISO 14001 – Environmental Assurance.

2012_iso-logo_printPart of the ISO 14000 family of international standards covering environmental impact and the reduction of greenhouse gas emissions, ISO 14001 is the standard that covers the design and implementation of an Environmental Management System. This is a framework designed to measure and improve the way natural resources are used and disposed of by an organisation.

 

ISO 9001 – Quality Assurance.

2012_iso-logo_printISO 9001 sets out the steps necessary to adopt a quality management system. It is designed to help organisations ensure they meet the needs and expectations of both customers and other parties, based on internationally recognised quality management principles set out by the International Standards Organisation (ISO). The Certification shows that our quality processes have been audited against ISO 9001 and that our hosting providers’ meet the requirements.

 

Data Centres:

  • Provides electricity to data centres through two high-voltage power cables.
  • Maintains and tests power systems with built-in N+1 redundancy

Taking precautions by ensuring it has:

  • Backup power via UPS, which can provide up to 15 minutes of power
  • Redundant onsite power generators, which ensure operations continue during short-term power fluctuations or local utility failures
  • 24 hours’ worth of fuel to power generators
  • Maintains and tests redundant (N+1) air-conditioning systems to ensure optimum environmental conditions in its data centres.
  • Maintains and tests fire detection and suppression systems to protect its data centres and offices.
  • Our data centres audit their facilities regularly and is a founder member of the Cloud Industry Forum setting the standard in Cloud computing.

Rest assured, at Lawware we leave nothing to chance – your data will always be secure and will be readily recoverable even should a catastrophic failure scenario arise.

Hardware maintenance.

The data centre team is responsible for maintaining optimum system performance in all data centres and:

  • Maintains redundant hardware to transfer services to in the unlikely event of an outage.
  • Monitors business-critical hardware and resolves issues.

Security testing of infrastructure. 

Our team:

  • Conducts regular security tests on its infrastructure.
  • Manages the results of tests through incident/risk management processes to resolve issues quickly.

Confidentiality, Integrity and availability of services and infrastructure.

The team ensures confidentiality, integrity and availability of all data and:

  • Maintains confidentiality of data by preventing employees from accessing data.
  • Uses the following to ensure confidentiality:
    • Network security protocols
    • Network authentication services
    • Data encryption services
    • Physical entry controls
  • Ensures integrity of data by preventing employees from accessing it.
  • Uses the following to ensure integrity:
    • Firewall services
    • Communications security management
    • Role-based access control (RBAC)
  • Ensures systems are available by implementing redundant internet connections, power supplies, generators, and network infrastructure and storage area network (SAN) disks.
  • Uses the following to ensure availability:
    • RBAC
    • Redundant disk systems and internet connections
    • Acceptable Logins and operating process performance
    • Reliable and interoperable security processes and network security mechanisms.

Principal of least privilege.

There is a responsibility for ensuring that the principal of least privilege applies in the data centres.

This means we ensure that only engineers who need access to servers, infrastructure and networks get it. Employees who don’t have a business requirement to access these can’t do so without authorized personnel.

Secure Destruction of Data, Hardware, Removable Media.

The team is responsible for securely destroying its data, hardware and removable media.

  • Uses accredited partners to securely destroy hardware such as hard disk drives and backup media.
  • Cleanses hard disks before reusing them and tests samples to ensure data can’t be recovered. The company does this with software that adheres to HMG CESG standards.

Secure Data Communications on Data Centre Networks.

The team is responsible for maintaining secure communications in its private network, backup and disaster-recovery services.

  • Segments networks to prevent unauthorized access.
  • Restricts communications to the Internet within managed firewalls.
  • Encrypts virtual private network (VPN) tunnels with IPsec to protect traffic.

Incident Management on Data Centre Networks.

The team is responsible for managing incidents on its network.

  • Follows ITIL-based management processes to deal with incidents.
  • Provides a dedicated incident manager, who is responsible for restoring services.

Internet Connections at Data Centre.

The team is responsible for maintaining internet connections for servers.

  • Uses high performance connections to the Internet and diverse routing to ensure that connectivity is not lost due to one failure.

Notification of Planned Outages.

The team is responsible for notifying partners of planned outages.

  • Endeavours to provide at Least 24 hours’ notice of planned outages. In the majority of cases, it will provide notice earlier than this.
  • May give Less notice for emergency maintenance needed to resolve high-risk security incidents that affect multiple partners.

Firewall and VPN Concentrator.

The team is responsible for initially configuring VPN concentrators and firewalls.

  • Network engineers will initially configure systems.

Denial of Service Attacks.

The team is responsible for mitigating denial of service attacks from the Internet.

  • Reserves the right to remove service for the duration of an attack, or until it can deploy a compensating control, if an attack threatens the wider infrastructure.

If you require any further information or would like to arrange a guided tour of our UK-based data centre, please get in touch.
Also see our Security white paper
Find out more about how LawCloud is Green
Or request a copy of our Cloud Guidelines document

Previous
Next
© LawWare Limited 1995-2019

Join over 475 law firms across the United Kingdom.

Our clients range from small start-up legal practices to multi-partner, multi-site firms.

Another great customer service experience from LawWare. My laptop had to be stripped back to factory settings as part of a repair - taking hours! In contrast, restoring LawWare took one phone call to the support team and I was up and running in 6 minutes. If only everything was so easy!

VI pensions Law Ltd.
Vanessa Ingram

As the first commercial user of LawWare back in 1998, we have had no hesitation in remaining with the product through its development. We thoroughly recommend it to any firm looking for a practice management system.

Alastair Hart & Co.
Alastair Hart

The helpdesk is exceptionally good. Whatever the query there is always a human being there to help. No leaving messages or being advised to go to a website. The best computer service for solicitors I have ever used!

South Forrest
Irene Yule

The linking of documents and casefiles saves so much time! I have experience of several accounts packages and I like that LawWare is simple to use and easy to learn. Support is quick and effective and staff are helpful and courteous.

Sprang Terras
Fiona Allison

I have worked with a number of Case Management providers over the years but have not come across anything with the attention to detail and thoroughness of LawWare. My colleagues and I have not been disappointed.

Brymer legal Ltd.
Professor Stewart Brymer

I can’t imagine trying to be a law firm in the 21st Century without 21st Century IT systems. Having a ‘single system’ that underpins all the work, whether we are in the office or out, is an integral part of what we are building.

Sneddon Morrison
Eric Lumsden

The level of support is the main benefit using this system.  The system itself once you have had training is simple and easy to use. We have a great relationship with LawWare and the ongoing support is second to none.      

Linda George Family Law
Sharon Rodger

Significant preparation was required to configure and import the data from our old firm. We had to get all clients onto the new system and then learn how to use it. We just find it very easy to use, much easier than our old system.

Scanlon Ewing
Maureen Ewing

Being a busy litigator with a growing firm it is incredibly useful to be able to view my files from any location with some form of internet connection. I am a fan, and want to keep working with LawWare to make a good product great.

Helix Law Limited
Jonathan Waters

The switch to the new LawCloud system, which is still on-going, has gone very well. We found the LawWare team without exception to be very helpful and knowledgeable. All queries are followed up and dealt with promptly.

Cullen Kilshaw
Ross Kilshaw

interested in

Explore LawWare

Connect With Us

Scroll Up