Electronic Discovery Security | SAS 70 Audit

Lexbe Online
Document Review
features & description »
by case stage »
security »
reviews & testimonials »
schedule a demo »
sign-up (risk free) »
pricing »

Electronic Discovery
services »
outlook pdf+ »
pdf portfolio conversion+ »
searchable pdf ocr+ »
tiff to pdf+ »
searchable tiff ocr+ »
bates stamping+ »
request a quote »

Lexbe Data Security

At Lexbe, we highly value data security and actively maintain it. This page will describe our security operations, procedures and protocols. We are located in Austin, TX and all of our operations are conducted and data is solely maintained, in the United States. If you require additional information, please contact us.

Topics described below are web security, details of our physical and operational security, our SAS 70 Audit, how we handle backups and data redundancy, Lexbe Online user account security, our confidentiality/NDA commitments, our 99.99% service level guarantee and attorney ethical standards of using litigation supports services.

Web Security
Lexbe Online uses 256 bit Secure Socket Layer (SSL) technology to secure all data transferred between your computer and our servers, the same encryption used by financial institutions for online account access. Our SSL technology is supplied by GeoTrust, a leading SSL certificate provider. The SSL protocol is the web standard for encrypting communications between users and web sites and a mechanism that prevents eavesdropping and tampering with any transmitted data. SSL certificates also provide non-forgeable proof of a web site's identity.

lexbe You can tell that data on a page is transferred by the SSL protocol in two ways. First, the web address starts with "https" rather than the unsecure "http." Second, There is a standard among web browsers to display a “lock” icon somewhere in the window of the browser. The level of encryption (128 bit or 256 bit) is determined by your browser security settings and capabilities.

As part of e-Discovery processing, we sometimes send data between our servers and other locations for processing or delivery. When doing so we transfer on an SSL connection or if we use an FTP connection, we encrypt files before transfer.

Physical & Operational Security
As a litigation support vendor and software-as-a-service provider (SaaS), we maintain our client data on web-connected servers in multiple hosted servers. This means we are serving our hosted legal document repository services 'in the cloud' - according to the latest label describing internet hosted document repository services, but also known as software as a service (SaaS), application service provider (ASP) or just plain hosted document review services. We host from Tier-1 data centers combining more than 20 x 10 Gbps connections to create one of the industry’s fastest networks. Our centers also maintain redundant power, premium network connectivity, fire suppression, security and advanced monitoring systems. Our network is operational 24 hours a day, 7 days a week, 365 days a year.

Physical security features of our data centers include:

Data centers are physically isolated from everyone but authorized technicians
Public access is forbidden to data centers
Proximity access cards restrict entry into each datacenter
Redundant access check points

Electronic logging of entry and exit
24/7 security camera surveillance from the network operating center (NOC) and 24/7 security guards

On-server security includes:

Dual firewall protection including packet filtering capability to address attacks
Unnecessary server ports closed
Servers stripped to needed software only to limit vulnerabilities
Direct server access filtered to specified IP addresses
Ongoing operating system patches applied and anti-virus scanning on a regular basis
Continuous system watch and network monitoring

SAS 70 Type II Audit and Certification
Our data hosting and processing services are exclusively located in data centers certified reliable and secure, having received Statement on Auditing Standards No. 70 (SAS 70) Type II Certification. SAS 70 was developed by the American Institute of CPAs, and provides guidelines of audit a service organization’s control objectives, safeguards, and activities. The SAS 70 Type II report presents the results of extensive testing that determines how effectively the organization’s controls meet its control objectives. The review and report includes a full assessment of:

Oversight by Executive Management
Operations and Customer Service
Development and Information Technology Organization
Human Resources Policies and Procedures
Risk Assessment Monitoring

This review was conducted by an independent auditing agency and included extensive testing performed over a six-month period. It involved our data center facilities in Dallas and Seattle. A copy of the auditor's report is available on request for customers and persons interested in utilizing our services.

Backups and Data Redundancy
We locate our data center operations in physically separate parts of the country, and one center serves as a backup and synchronization site for the other. We handle backup and synchronization in a physically isolated data center to guard against the risk of a total data center failure. In such an event local backups in a single data center might prove to be insufficient to allow a quick recovery. Lexbe Online clients can also download documents and data from their account as an additional backup as needed.

User Account Security
Authorized users are given a secure login name and password to connect to their cases on Lexbe. After login, users see only their assigned cases. Password resets are sent only to the registered email address of the user. All data transfers concerning case documents are encrypted.

Confidentiality/NDA Commitments
We understand that all communications between us and a client regarding a case are intended to be confidential and may also include protected attorney work product and attorney client information. We agree to not disclose any information we receive from a client to any persons other than those a client designates, subject to court order. See our Services Agreement (sections 3 and 7) for details. Clients sometimes also need us to join court approved protective orders regarding confidentiality and we are happy to entertain these requests.

99.99% Uptime Service Guarantee
As part of our terms of service for Lexbe Online, our hosted litigation review platform, we offer a 99.99% uptime service level agreement to Lexbe Online accounts. See our Services Agreement (section 4) for details.

Attorney Ethical Standards in Using Litigation Support Services
The American Bar Association in Formal Opinion 08-451 has stated that it broadly supports as ethical and as potentially in the clients best interests, outsourcing of legal document management and many other litigation support activities. This opinion notes that non-legal support providers may be able to bring a degree of expertise to a representation that an attorney would have a hard time duplicating, at least at a reasonable cost. This opinion requires, however, that the outsourcing lawyer conduct outsourcing activities with the legal knowledge, skill, thoroughness and preparation reasonably necessary for the particular legal representation involved. This includes maintaining confidentiality and retaining appropriate supervisory control of any outsourcing arrangements. We support and adhere to this standard. more

All services described on this and related pages are subject to Lexbe's Services Agreement.