Skip to content

Security

The world’s leading law firms trust Legatics

We’ve built Legatics to the highest security standards and provide industry-leading permissions to customise the security of each transaction.

Cloud security

Security, compliance, and privacy are built-in

Legatics’s cloud-native architecture is built on top of Amazon Web Services. This, together with the use of third party tools such as Cloudflare and Datadog, ensures network security, resilience, transparency, and reliability.

Web application firewall

Cloudflare’s WAF filters and inspects web traffic, blocking malicious requests to protect against DDoS and other threats.

Intrusion detection and prevention

Provided by our central monitoring system.

Security audits and penetration tests

Continuous monitoring through tools such as Datadog and AWS Cloudtrail, and annual penetration testing by CREST-certified third-party auditors.

Application security

Matter security is in your control

Legatics’s platform is built to enable you, and your users, to have granular control over who can access matters and who can see information inside those matters.

SAML SSO and Two-Factor Authentication (2FA)

Control who can access Legatics. For details about our SSO providers, click here.

Comprehensive user permissions

Role-Based Access Control (RBAC) allows you to customize who can view, edit, or manage your matters, with fine-tuned permissions for each user.

Audit trail

Record user actions for everyone.

Legatics dashboard permissions screen

Data security

Protecting your data is our priority

Legatics takes data security extremely seriously. We take every step possible to ensure that all user data is secure.

Data encryption

All data uploaded to Legatics is encrypted at rest with AES-256 bit encryption – and all requests must be made over HTTPS using TLS v1.2 or higher.

Data separation

Each customer has their own tenancy, with the data logically separated from data in another customer’s tenancy.

BYOK (Bring Your Own Key)

As an advanced security measure, customers on private instances can enable BYOK (customer-managed encryption keys) via AWS Key Management Service (KMS) for additional control over encryption keys and data.

Data hosting locations

Legatics has several core AWS hosting data locations, covering the United States, EU, Australia and more, to support our customers’ wide-ranging data requirements.

Backups

Data is backed up on an hourly, daily and monthly basis and replicated across multiple AWS availability zones to maintain resilience in case of an issue with any one zone.

Organisation security

Security is our passion

Security at Legatics extends beyond systems and technologies. It’s also embedded into our organisational culture and everyday business processes.

ISO 27001:2022

Legatics holds an ISO 27001:17 certificate issued by the British Assessment Bureau (BAB). This confirms that Legatics has been internally and externally audited for compliance with the ISO 27002 control set.

Cybersecurity community engagement

As a member of the National Cyber Security Centre’s (NCSC) Cyber Security Information Sharing Partnership (CISP), Legatics stays informed about the latest cyber threats and industry best practices.

Policies

Legatics has developed a comprehensive set of security policies, which are updated frequently and communicated to all employees.

Employee screening

Legatics performs background checks on all new employees in accordance with the laws applicable to our business.

This is the tip of the iceberg

Book a demo to learn more about how we secure your transactions.