We understand that your data is sensitive and valuable and that is why we put data security at the forefront of everything we do.

Request a copy of our Security Pack:

All data that passes between you and LawVu is encrypted using industry-standard security protocols. We encrypt all data at rest to AES-256, including databases, document files, backups and logs.

Data is protected in transit using HTTPS with TLS 1.2 and above.

As an organization you have complete control over who you invite into your account and total flexibility when it comes to giving users access to individual matters and contracts. You can further control access by using roles and permissions settings within LawVu.

We support and encourage integration with your organization's single sign on technology using SAML2.0 and we require all SSO integrations to utilise SCIM provisioning for extra security. You can also enforce multi-factor authentication across your organisation’s account.

Internally we implement a password standard with enforced complexity rules across our organization and use SSO with enforced 2FA wherever possible.

We utilise Microsoft Azure’s Security Center for real-time monitoring of all LawVu production systems including threat detection and network vulnerability scanning.

Alerts are triggered and sent to a monitored mailing list.

All new vulnerabilities and exceptions are assessed and added to our vulnerability and risk registers where necessary. Remediation plans are put in place in line with our patching standards policy which is available in the LawVu security pack.

We use Qualys WAS to check our system for new vulnerabilities daily.

All new vulnerabilities and exceptions are assessed and added to our vulnerability and risk registers where necessary. Remediation plans are put in place in line with our patching standards policy which is available in the LawVu security pack.

We partner with industry-leading crest certified security vendors so we can leverage their expertise and knowledge as well as have them perform third party security audits on our entire platform.

We undergo annual penetration tests of the LawVu application and services. Our pen test reports and remediation plans are made available in the LawVu security pack.

All changes to the LawVu application go through formal change control procedures which include the following phases:

Our teams follow OWASP security by design principles and all development is peer reviewed before going through approval gates with a software architect, QA manager and senior management before release to production.

Client data is never copied to / used in non-production environments.

Confidential data, as well as data that can be related to individual persons is never used as test data.

All new staff undergo police and reference checks before access to client data is granted.

All employees are subject to perpetual confidentiality agreements.

All new employees participate in an information security induction and are required to review and sign our information security policies on their first day in the office.

New starters also participate in an online security awareness training program as part of their onboarding and receive refresher training annually thereafter.

We conduct periodic security awareness sessions for all staff throughout the year on selected security and privacy related topics

Please click here to view our Information Security Policy Statement.