Data Security in the Legal Tech Industry
Data Security is the Oxygen Your Business Breathes
Security, not to be confused with securities cases in settlement administration, in this industry is a very big deal. Data breaches are so common it barely raises an eyebrow in the news. Simpluris knows this very well, and is fully committed to the security and overall protection of its own and its customer's data and information.
Our systems have been put through military-grade security protocol checks. At every level, every layer, Simpluris networks are battle-hardened and ready for action.
As demonstration of our commitment, we have obtained SOC 2 certification which requires us to adhere to strict policies and procedures surrounding information security including processing and storage of confidential customer data. Simpluris has and maintains a comprehensive, written Information Security Program that complies with all applicable laws and regulations (e.g. HIPAA, Gramm-Leach-Bliley Act, MA 201 CMR 17.00) and that is designed to (a) ensure the security, privacy and confidentiality of Client and Class Member Information, (b) protect against any reasonably anticipated threats or hazards to the security or integrity of Client or Class Member Information, and (c) protect against unauthorized access to, use, deletion, or modification of Class Member Information. Simpluris has designated specific employees to be responsible for the administration of its Information Security Program. In addition, Simpluris regularly monitors, tests, and updates its Information Security Program.
Simpluris uses Client and Class Member Information only for the purposes for which its' clients provide it, as described in any Agreements or Court Orders governing the provision of Simpluris' services in any particular case.
Matt Aires, Director of Information Technology
Simpluris has and maintains a process for identifying, assessing, and mitigating the risks to Class Member Information in each relevant area of Simpluris' services/operations and evaluating the effectiveness of the safeguards for controlling these risks.
Simpluris restricts access to Class Member Information only to those employees, agents, or subcontractors who need to know the information to perform their jobs. Simpluris performs background checks of all its employees that will have access to Sensitive Personal Information, including a review of their references, employment eligibility, education, and criminal background to ensure they do not pose a risk to the security of Client or Class Member Information.
Simpluris adheres to the following industry best practices to safeguard its systems which process, store or transmit Client and Class Member Information:
Authentication/Authorization
- Identity and access management
- Complex password requirements
- Network password changes required at regular intervals
- Role-based access control systems to limit individual employee access to network apps/areas based on role and function
- Complex password authentication for remote access to Company's networks
- Preventing terminated employees from accessing Class Member Information
Data Security
- Passed all compliance requirements for SOC 2 certification
- Data Loss Prevention and Intrusion Prevention System software at multiple layers, preventing data leaks, malicious activity, and policy violations
- Encryption of Class Member Information in if it is transmitted over public or wireless networks (e.g., via email, ftp, Internet, etc.)
- Implementation of a Secure File Transfer system (using SSL encryption) for transmitting documents back and forth to clients
- Encryption of servers, portable media, laptops, desktops, smartphones, mobile devices, and new technologies that store Class Member Information
Security Training
- Upon hire and annually thereafter, training of all employees with access to Class Member Information, (including any agents, and subcontractors with access to Class Member Information) are formally disclosed and sign for their obligations to implement the Information Security Program
- Monthly all-company security reminder training, highlighting any new and pertinent techniques that have been observed in the general public
- Disciplinary measures for employees who violate the Information Security Program
Hardware & Server Security
- Appropriately configured and updated firewall, antivirus, and spyware software
- Hardware USB and similar device detection on the network
- Intrusion detection systems
- Prompt application of vendor-recommended security patches and updates to systems and other applications to avoid any adverse impact to Class Member Information
Fraud Prevention
- Separation of duties practices and policies
- Out-of-Band communications practices and policies
- Phishing email detection and regular preventative practices
- Email attachment / download scanning
Physical Security
- Infrastructure and physical security systems at all business locations including 24-hour video monitoring at key Simpluris operations centers
- Biometric fingerprint identification hardware at all doors at our Costa Mesa headquarters
- Business continuity planning
- Disaster recovery planning
EXPERTISE, AT SCALE
A Technology Platform
For Settlement Administration
For Settlement Administration
- Tech Platform
- Architecture
- Strategy
- Software
- Software Development
- Technology Architecture
- LegalTech
- Data
- Data Scrubbing
- CASS
- NCOA
- Skip Trace
- Software Framework
- Software Platform
- History
- Software Development
- Automation
- Architecture
- Data
- Data Mining
- Large Datasets
- Data
- Business Intelligence
- Culture
- Statistics
- Security
- Networks
- Authentication
- Protocols
