LEXEL takes application-security and user-privacy seriously. We are implementing ISO 27001 for information security management to further our compliance with security policies and best practices. The following sections highlight our security practices for cloud-based litigation management.
Access to LEXEL is limited to individuals who have received a user-specific digital invitation from the Administrator. The invitation is tied to the user’s established account and it provides a temporary password that must be changed upon the initial login to the system. This security measure prevents team members from granting access to third parties without oversight from the LEXEL administrator. LEXEL also supports Windows Active Directory authentication.
Within LEXEL, enterprise-grade security and access control are implemented. Multiple cases are hosted within a law firm’s instance of the cloud-based litigation management platform, but each individual user is only able to access the cases to which they have been assigned. Users can collaborate only within their case teams.
LEXEL Administrators can create custom roles such as Paralegal, Partner, Co-Counsel, Client or any other distinction needed. The permissions associated with each role can then be customized and each authorized team member is associated with one role. This enables administrators and team leaders to control the types of operations that can be completed by each collaborator in the workspace. For example, case team members may be permitted to create annotations on all files, while Clients may be limited to only viewing others’ annotations. This fine-grained group- and role-based security ensures that users can share their work in a case but only within their own team.
Access to servers and application logs is limited to designated senior employees who are bound by confidentiality agreements as part of their LEXEL employment contracts. For debugging purposes, whenever application logs are accessed, such instances are documented and periodically reviewed by the Chief Information Security Officer.
In a cloud environment, LEXEL server can be configured for automated backup and failsafe deployment.
Similar mechanisms can be supported in on-premises deployments.
LEXEL stores system data and user-generated data in a database which runs in a clustered environment, and based on the load, new instances are automatically added to the cluster. The database is configured for continuous and incremental backup as well as for point-in-time recovery. Files uploaded to LEXEL are configured to be automatically backed-up and they can be restored when needed.
LEXEL can be hosted on major cloud platform such as MS Azure, Google Cloud and AWS. On-premises hosting is also fully supported, in a clustered and load balanced environment. The application is accessible over an encrypted communication (AES 256-bit and TLS 1.2). The data is automatically and transparently decrypted when accessed by an authorized user. LEXEL enterprise clients may upgrade this service to customer-managed or customer-supplied encryption keys, if desired.
Internet technology evolves daily, and cyber security must remain in lock-step. From design to coding, the LEXEL development team adheres to secure coding practices and uses web application security tools such OWASP ZAP and Burp Suite to conduct security testing. Source code is reviewed on a regular basis to identify potential security vulnerabilities and resolve them immediately.
Third party modules embedded within LEXEL, such as its database and search engine, are maintained according to the Original Equipment Manufacturers’ (OEM) technical recommendations, and LEXEL’s library and tools are upgraded to the latest versions before every major release. This ensures that all the security updates are applied regularly and that LEXEL clients are always accessing the latest version of the platform.
All major releases undergo security penetration testing by external organizations to ensure our strict access protocols are maintained as the technology progresses.
Copyright © 2018-2022 LegalCraft Solutions Pvt. Ltd. All Rights Reserved.
