LawWare is committed to building strong information security safeguards into all its software and everything it does. By working closely with our datacentres, we ensure that the highest standards of security and resilience are met at all times within our fully managed and protected environment.
Our key security protection measures are described in the following points.
Our data centre partners have designated Information Security Managers who are responsible for managing and implementing security standards, policies and best practice. The Network, Infrastructure and Quality Assurance teams support the Information Security Manager. They have internal information security policies, which their Information Security Committees govern.
Datacentres prioritise the patching of internal systems by role, importance and location in the network. It automatically deploys and manages patches where appropriate. In addition to this, we update each LawCloud server ourselves with updates released for Microsoft operating systems and all application software used on the cloud. These are tested on a test server before being rolled out to all servers. Assuming all updates pass our compatibility test, they are applied within 3 days of passing the test. Microsoft releases these security updates at least monthly, other vendor’s timescales differ.
We implement a robust, industry leading anti-virus software on all our servers. Virus definition updates are applied daily as a minimum and hourly where required.
If you have an email subscription through us under Office 365 then you are protected in addition by Microsoft Exchange Online Protection EOP (anti-spam and anti-malware).
LawCloud is also a member of CISP (Find out more about CISP) Helping us to keep a watchful eye on securty.
CISP is the Cyber-Security Information Sharing Partnership, a joint, collaborative initiative between industry and government to share cyber threat and vulnerability information to increase overall situational awareness of the cyber threat and therefore reduce the impact upon UK business.
All LawCloud servers sit behind the strongest and most secure firewalls that we are able to implement. For VMware platforms, we use Edge Gateway and for Hyper-V, we tend to favour Cisco Virtual Firewall (Cisco Adaptive Security Appliance operating on Cisco ASA5550).
Windows Firewall is enabled on each individual server.
Our data centre partners conduct penetration testing of the internal infrastructure on an ongoing program on a risk based approach and on all new services before going live.
Data centre policies and procedures ensure that our team:
At LawWare, the security and safety of your data is our paramount concern. We have invested a great deal of resource and technical expertise to make sure your data meets industry safety and compliance standards and we partner with the UK’s most secure and robust data centres to host your data.
LawCloud uses a number of hosting providers who all offer state-of-the art security solutions.
- A >99.9% uptime SLA
- Monitoring services
- Unlimited bandwidth (network traffic)
- Automatic failover
- SSL certificate
- RAID protected storage
ISO 27001 sets out the requirements of Information Security Management systems. It is part of the ISO 27000 family of standards relating to information and cyber security and offers a comprehensive set of controls based on best practice in information security. The accreditation shows our hosting providers’ compliance with regulatory and contractual requirements regarding data security, privacy and IT governance.
Part of the ISO 14000 family of international standards covering environmental impact and the reduction of greenhouse gas emissions, ISO 14001 is the standard that covers the design and implementation of an Environmental Management System. This is a framework designed to measure and improve the way natural resources are used and disposed of by an organisation.
ISO 9001 sets out the steps necessary to adopt a quality management system. It is designed to help organisations ensure they meet the needs and expectations of both customers and other parties, based on internationally recognised quality management principles set out by the International Standards Organisation (ISO). The Certification shows that our quality processes have been audited against ISO 9001 and that our hosting providers’ meet the requirements.
Rest assured, at Lawware we leave nothing to chance – your data will always be secure and will be readily recoverable even should a catastrophic failure scenario arise.
The data centre team is responsible for maintaining optimum system performance in all data centres and:
Our team:
The team ensures confidentiality, integrity and availability of all data and:
There is a responsibility for ensuring that the principal of least privilege applies in the data centres.
This means we ensure that only engineers who need access to servers, infrastructure and networks get it. Employees who don’t have a business requirement to access these can’t do so without authorized personnel.
The team is responsible for securely destroying its data, hardware and removable media.
The team is responsible for maintaining secure communications in its private network, backup and disaster-recovery services.
The team is responsible for managing incidents on its network.
The team is responsible for maintaining internet connections for servers.
The team is responsible for notifying partners of planned outages.
The team is responsible for initially configuring VPN concentrators and firewalls.
The team is responsible for mitigating denial of service attacks from the Internet.
If you require any further information or would like to arrange a guided tour of our UK-based data centre, please get in touch.
Also see our Security white paper
Find out more about how LawCloud is Green
Or request a copy of our Cloud Guidelines document
Our clients range from small start-up legal practices to multi-partner, multi-site firms.