Security

Level Legal understands the importance of a flawless and impenetrable infrastructure management and cyber security system with expertise in the intricacies of eDiscovery. We partnered with the best in the industry whose core business is the design, implementation, and maintenance of private cloud resources with a key focus on security, connectivity, and redundancy. 

Customer data protection is our highest priority. As a Level Legal customer, you’ll benefit from our information security management system that is designed and managed to meet the requirements of the most security-sensitive organizations.

  • GDPR compliant
  • HIPAA Compliant, ISO27007 and ISO27077 certified
  • Data centers provide HIPAA, PCI, NIST and ISO Compliance (amongst others)
  • Ongoing staff awareness and education

Information, communication, and system security.

  • Strict role based and least privilege Identity and access management, including MFA
  • System hardening and pro-active patch management activities
  • All client data segregated and stored on logically distinct SAN volumes
  • Network protection via firewalls with redundant gateways
  • PRTG and system center operations manager monitoring provides alerts for system health
  • Anti-virus across whole estate (end points and servers)
  • All data is encrypted in transit and at rest (TLS 7.2 or higher, FDE using AES-256)
  • Data transfer (non-physical) utilizes integrity block checking.

Advanced Threat Detection

  • Award winning security monitoring software
  • 24/7/365 monitoring with full spectrum visibility
  • Real-time- threat detection via security operations center (see everything, miss nothing)
  • Endpoint defense with full packet capture and analysis
  • IDS and IPS implemented
  • Log retention of 72 months
  • Weekly vulnerability scans and regular penetration testing

Disaster recovery and backup.

  • Increased redundancy through geographically selected locations
  • Fully redundant hardware with immediate failover capabilities
  • Fail over testing performed monthly with annual BCP testing site-wide
  • Full environment replication using SAN replication
  • 3-2-7 methodology in place for data backup
  • High Availability for primary servers
  • Failover – RPO (Recovery point objective – 5 minutes)
  • Fail over – RTO (Recovery time objective – 4 hours)

Physical security (data center partners).

  • Multilayered, zoned physical security
  • Directly employed, armed security staff with 24x7x365 coverage
  • Built in lowest risk areas from natural disasters
  • Monitored interior & exterior surveillance cameras
  • Zone access via bio-metrics & proximity card down to cabinet level
  • 2N+l Fully redundant infrastructure (Dual power grid & systems)
  • Multiple on-site diesel generators, redundant and diverse UPS systems
  • Onsite, Certified Fire Dept with advanced fire detection systems
  • Prioritized for power & fuel as a part of DHS Critical Infrastructure Sector support

Secure Virtual Desktops

Level Legal offers the highest levels of security through our scalable, fully-managed virtual desktop environment for end users. This includes quick spin-up, virtualization software, patching and updates, security, bandwidth, and reporting and monitoring at a predictable monthly operating cost.

Our high-performance virtual desktops not only provide the fastest end-user experience, but our customizable solution also complies with the most stringent security and compliance needs, including ITAR, PCI, and HIPAA HITECH compliance.

Multiple layers of built-in security.

Level Legal takes a comprehensive approach to security and controls to specifically address each layer of the cloud-delivered desktop. From the user and their endpoint devices, all the way to the physical data center infrastructure, security has been built in using a combination of virtual technologies, hardware, and customizable user controls.

Also, Level Legal’s environment is ITAR, PCI, and HIPAA HITECH compliant, ensuring regulated organizations have the framework to achieve and maintain compliance. 

User controls.

Level Legal’s cloud-delivered desktops enable us to restrict access and capabilities using more than 100 available control attributes. Controls can be customized per user, project, group, and other granularity. All environments begin with these basic controls:

  • Restrict user administrative rights
  • Deny printing (local, network, screen)
  • Deny screenshots
  • Redirect files and folders
  • Disable USB access to peripheral devices
  • Redirect clipboards
  • Turn off copy and paste completely

Information Security & Privacy

Level Legal understands the importance of a flawless and impenetrable infrastructure management and cyber security system with expertise in the intricacies of eDiscovery. We partnered with the best in the industry whose core business is the design, implementation, and maintenance of private cloud resources with a key focus on security, connectivity, and redundancy.

Customer data protection is our highest priority. As a Level Legal customer, you’ll benefit from our information security management system that is designed and managed to meet the requirements of the most security-sensitive organizations.

  • GDPR compliant
  • HIPAA Compliant, ISO27007 and ISO27077 certified
  • Data centers provide HIPAA, PCI, NIST and ISO Compliance (amongst others)
  • Ongoing staff awareness and education

Information, communication, and system security.

  • Strict role based and least privilege Identity and access management, including MFA
  • System hardening and pro-active patch management activities
  • All client data segregated and stored on logically distinct SAN volumes
  • Network protection via firewalls with redundant gateways
  • PRTG and system center operations manager monitoring provides alerts for system health
  • Anti-virus across whole estate (end points and servers)
  • All data is encrypted in transit and at rest (TLS 7.2 or higher, FDE using AES-256)
  • Data transfer (non-physical) utilizes integrity block checking.

Advanced threat detection.

  • Award winning security monitoring software
  • 24/7/365 monitoring with full spectrum visibility
  • Real-time- threat detection via security operations center (see everything, miss nothing)
  • Endpoint defense with full packet capture and analysis
  • IDS and IPS implemented
  • Log retention of 72 months
  • Weekly vulnerability scans and regular penetration testing

Disaster recovery and backup.

  • Increased redundancy through geographically selected locations
  • Fully redundant hardware with immediate failover capabilities
  • Fail over testing performed monthly with annual BCP testing site-wide
  • Full environment replication using SAN replication
  • 3-2-7 methodology in place for data backup
  • High Availability for primary servers
  • Failover – RPO (Recovery point objective – 5 minutes)
  • Fail over – RTO (Recovery time objective – 4 hours)

Physical security (Data Center Partners).

  • Multilayered, zoned physical security
  • Directly employed, armed security staff with 24x7x365 coverage
  • Built in lowest risk areas from natural disasters
  • Monitored interior & exterior surveillance cameras
  • Zone access via bio-metrics & proximity card down to cabinet level
  • 2N+l Fully redundant infrastructure (Dual power grid & systems)
  • Multiple on-site diesel generators, redundant and diverse UPS systems
  • Onsite, Certified Fire Dept with advanced fire detection systems
  • Prioritized for power & fuel as a part of DHS Critical Infrastructure Sector support

Secure Virtual Desktops

Level Legal offers the highest levels of security through our scalable, fully-managed virtual desktop environment for end users. This includes quick spin-up, virtualization software, patching and updates, security, bandwidth, and reporting and monitoring at a predictable monthly operating cost.

Our high-performance virtual desktops not only provide the fastest end-user experience, but our customizable solution also complies with the most stringent security and compliance needs, including ITAR, PCI, and HIPAA HITECH compliance.

Multiple layers of built-in security.

Level Legal takes a comprehensive approach to security and controls to specifically address each layer of the cloud-delivered desktop. From the user and their endpoint devices, all the way to the physical data center infrastructure, security has been built in using a combination of virtual technologies, hardware, and customizable user controls.

Also, Level Legal’s environment is ITAR, PCI, and HIPAA HITECH compliant, ensuring regulated organizations have the framework to achieve and maintain compliance.

User controls.

Level Legal’s cloud-delivered desktops enable us to restrict access and capabilities using more than 100 available control attributes. Controls can be customized per user, project, group, and other granularity. All environments begin with these basic controls:

  • Restrict user administrative rights
  • Deny printing (local, network, screen)
  • Deny screenshots
  • Redirect files and folders
  • Disable USB access to peripheral devices
  • Redirect clipboards
  • Turn off copy and paste completely

Key Benefits

Secure the endpoint.
Protect against device theft or loss and control where data resides by getting it off the endpoint.

Protect sensitive or proprietary data.
Control or restrict specific behaviors to ensure users can access only what they need.

Seamless integration with existing app infrastructure.
No need for duplicate authentication systems or to require users to manage multiple logins and passwords.

Eliminate network vulnerabilities.
Highly redundant, highly available network security configuration including HA firewalls and load balancers, front-side/back-side network isolation, VLAN and IP address, isolation and customer-specific security configurations.

Reduce device & OS maintenance.
Hardened OS results in greater security and control while enterprise-grade anti-malware, rigorous patching and updates, and golden image management ease traditional IT burdens.

Close Modal

Our Framework

Understand.

During this phase, we work to step away from any assumptions and guesses about what our customers needs, and let our research findings inform our decision-making. We learn more about our customers, their problems, wants, and needs, and the environment or context in which they will use the solution we offer.

Our Framework

Define.

During the Define phase, we analyze our research findings from the Understand phase and determine what is the most important problem to solve — and why. This step defines the goal. Then we can give a clear problem statement, describing what our customers’ needs are that we are trying to solve, making sure that we heard and defined their problem correctly.

Our Framework

Solve.

This phase is an important part of the discipline in our process. People often settle for the first solution, but the most obvious solution is often not the right one. During the Solve phase, we brainstorm collaboratively with multiple stakeholders to generate many unique solutions. We then analyze our potential solutions and make choices about which are the best to pursue based on learnings in the Understand phase.

Our Framework

Build & Test.

This phase is critical in developing the right solution to our customers’ problem. An organized approach to testing can help avoid rework and create exceptional outcomes. Starting small and testing the solution, we iterate quickly, before deploying solutions across the entire project.

Our Framework

Act.

During this phase, the hard work of prior phases comes to life in our customers’ best solution. The research, collaboration, and testing performed prior to project kick-off ensure optimal results.

Our Framework

Feedback.

At the project completion, we convene all stakeholders to discuss what went well, what could have been better, and how we might improve going forward. We call these meetings “Retrospectives,” and we perform them internally as a project team, and with our external customers. The Retrospective is one of the most powerful, meaningful tools in our framework.

Next