You Chose a SaaS Vendor, Now Check its Security
You found it! The perfect productivity software for your small law firm. Or you found something good enough. At the very least, you get to cross this task off your list. Finding compatible, easy to use, affordable and productive software is a bear. Still, you have one more level of validation that you need to the software to go through: Is it secure? How on earth can you figure this out? Lawyers can’t be IT experts in addition to legal experts.
Never fear: Below is a short list of how to go about figuring out if your new software is secure:
Have there been any known security breaches in the past 18-24 months? If there have been breaches, how has the organization addressed the issues?
How transparent is the organization?
What efforts does the organization make to communicate their efforts to sustain a culture of security?
Is the vendor compliant to the industry standards of security?
Information security management system (ISMS) with the most common being the ISO 27001 certification. An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.
Do they follow Service Organization Control (SOC) Reporting best practices? The most common is a SOC1 Type II, SOC 2 Type II and SOC3. These reports mostly cover auditing related to a service organization’s security, availability, processing integrity, confidentiality, or privacy as it relates to test and controls best practices.
What privacy measures are in place?
Where are the Data Centers?
Do they own their own data centers or host on a known platform such as Amazon Web Services or the Google Cloud? This assessment should also include understanding uptime guarantees and the geo location / diversity of your data.
What forms of authentication for accessing the data are in available?
Is two step authentication available and needed?
Will you be leveraging any integrations or partners with this provider?
Will the data be stored on the partner’s servers? If so, what security measures are in place for the partner? What protocols does the vendor require of its vendors?
Service Level Agreement.
This document should outline all of the specifics as it relates to the vendor’s responsibility to your data and its accessibility.
All of these steps can be discovered through contacting the software company or doing a Google search. Your clients deserve this kind of attention to detail. Your new software should make you productive as well as secure.
At LeanLaw, our mission is for every lawyer to have a lean practice. Getting there involves not only new technology, but behavior change as well. Meaning: you have to use the technology. Sometimes, new technology can be an adjustment and other times, you take your first step and never look back.
At LeanLaw, we offer legal software as well as IT services specifically catering to lawyers to help you create a lean law firm. We focus on small law firms and solo attorneys.
Whether you use LeanLaw Timekeeping Software, a competitor’s or (please don’t) a yellow pad, tracking your time will help you build a leaner, more successful – and more meaningful to you – law practice.
Join the Movement!