Security

Information Security & Privacy

Level Legal understands the importance of a flawless and impenetrable infrastructure management and cyber security system with expertise in the intricacies of eDiscovery. We partnered with the best in the industry whose core business is the design, implementation, and maintenance of private cloud resources with a key focus on security, connectivity, and redundancy. 

Customer data protection is our highest priority. As a Level Legal customer, you’ll benefit from our information security management system that is designed and managed to meet the requirements of the most security-sensitive organizations.

  • GDPR compliant
  • HIPAA Compliant, ISO27007 and ISO27077 certified
  • Data centers provide HIPAA, PCI, NIST and ISO Compliance (amongst others)
  • Ongoing staff awareness and education

Information, Communication, and System Security

  • Strict role based and least privilege Identity and access management, including MFA
  • System hardening and pro-active patch management activities
  • All client data segregated and stored on logically distinct SAN volumes
  • Network protection via firewalls with redundant gateways
  • PRTG and system center operations manager monitoring provides alerts for system health
  • Anti-virus across whole estate (end points and servers)
  • All data is encrypted in transit and at rest (TLS 7.2 or higher, FDE using AES-256)
  • Data transfer (non-physical) utilizes integrity block checking.

Advanced Threat Detection

  • Award winning security monitoring software
  • 24/7/365 monitoring with full spectrum visibility
  • Real-time- threat detection via security operations center (see everything, miss nothing)
  • Endpoint defense with full packet capture and analysis
  • IDS and IPS implemented
  • Log retention of 72 months
  • Weekly vulnerability scans and regular penetration testing

Disaster Recovery and Backup

  • Increased redundancy through geographically selected locations
  • Fully redundant hardware with immediate failover capabilities
  • Fail over testing performed monthly with annual BCP testing site-wide
  • Full environment replication using SAN replication
  • 3-2-7 methodology in place for data backup
  • High Availability for primary servers
  • Failover – RPO (Recovery point objective – 5 minutes)
  • Fail over – RTO (Recovery time objective – 4 hours)

Physical Security (Data Center Partners)

  • Multilayered, zoned physical security
  • Directly employed, armed security staff with 24x7x365 coverage
  • Built in lowest risk areas from natural disasters
  • Monitored interior & exterior surveillance cameras
  • Zone access via bio-metrics & proximity card down to cabinet level
  • 2N+l Fully redundant infrastructure (Dual power grid & systems)
  • Multiple on-site diesel generators, redundant and diverse UPS systems
  • Onsite, Certified Fire Dept with advanced fire detection systems
  • Prioritized for power & fuel as a part of DHS Critical Infrastructure Sector support

Secure Virtual Desktops

Level Legal offers the highest levels of security through our scalable, fully-managed virtual desktop environment for end users. This includes quick spin-up, virtualization software, patching and updates, security, bandwidth, and reporting and monitoring at a predictable monthly operating cost.

Our high-performance virtual desktops not only provide the fastest end-user experience, but our customizable solution also complies with the most stringent security and compliance needs, including ITAR, PCI, and HIPAA HITECH compliance.

Multiple Layers of Built-In Security

Level Legal takes a comprehensive approach to security and controls to specifically address each layer of the cloud-delivered desktop. From the user and their endpoint devices, all the way to the physical data center infrastructure, security has been built in using a combination of virtual technologies, hardware, and customizable user controls.

Also, Level Legal’s environment is ITAR, PCI, and HIPAA HITECH compliant, ensuring regulated organizations have the framework to achieve and maintain compliance. 

User Controls

Level Legal’s cloud-delivered desktops enable us to restrict access and capabilities using more than 100 available control attributes. Controls can be customized per user, project, group, and other granularity. All environments begin with these basic controls:

  • Restrict user administrative rights
  • Deny printing (local, network, screen)
  • Deny screenshots
  • Redirect files and folders
  • Disable USB access to peripheral devices
  • Redirect clipboards
  • Turn off copy and paste completely

Information Security & Privacy

Level Legal understands the importance of a flawless and impenetrable infrastructure management and cyber security system with expertise in the intricacies of eDiscovery. We partnered with the best in the industry whose core business is the design, implementation, and maintenance of private cloud resources with a key focus on security, connectivity, and redundancy.

Customer data protection is our highest priority. As a Level Legal customer, you’ll benefit from our information security management system that is designed and managed to meet the requirements of the most security-sensitive organizations.

  • GDPR compliant
  • HIPAA Compliant, ISO27007 and ISO27077 certified
  • Data centers provide HIPAA, PCI, NIST and ISO Compliance (amongst others)
  • Ongoing staff awareness and education

Information, Communication, and System Security

  • Strict role based and least privilege Identity and access management, including MFA
  • System hardening and pro-active patch management activities
  • All client data segregated and stored on logically distinct SAN volumes
  • Network protection via firewalls with redundant gateways
  • PRTG and system center operations manager monitoring provides alerts for system health
  • Anti-virus across whole estate (end points and servers)
  • All data is encrypted in transit and at rest (TLS 7.2 or higher, FDE using AES-256)
  • Data transfer (non-physical) utilizes integrity block checking.

Advanced Threat Detection

  • Award winning security monitoring software
  • 24/7/365 monitoring with full spectrum visibility
  • Real-time- threat detection via security operations center (see everything, miss nothing)
  • Endpoint defense with full packet capture and analysis
  • IDS and IPS implemented
  • Log retention of 72 months
  • Weekly vulnerability scans and regular penetration testing

Disaster Recovery and Backup

  • Increased redundancy through geographically selected locations
  • Fully redundant hardware with immediate failover capabilities
  • Fail over testing performed monthly with annual BCP testing site-wide
  • Full environment replication using SAN replication
  • 3-2-7 methodology in place for data backup
  • High Availability for primary servers
  • Failover – RPO (Recovery point objective – 5 minutes)
  • Fail over – RTO (Recovery time objective – 4 hours)

Physical Security (Data Center Partners)

  • Multilayered, zoned physical security
  • Directly employed, armed security staff with 24x7x365 coverage
  • Built in lowest risk areas from natural disasters
  • Monitored interior & exterior surveillance cameras
  • Zone access via bio-metrics & proximity card down to cabinet level
  • 2N+l Fully redundant infrastructure (Dual power grid & systems)
  • Multiple on-site diesel generators, redundant and diverse UPS systems
  • Onsite, Certified Fire Dept with advanced fire detection systems
  • Prioritized for power & fuel as a part of DHS Critical Infrastructure Sector support

Secure Virtual Desktops

Level Legal offers the highest levels of security through our scalable, fully-managed virtual desktop environment for end users. This includes quick spin-up, virtualization software, patching and updates, security, bandwidth, and reporting and monitoring at a predictable monthly operating cost.

Our high-performance virtual desktops not only provide the fastest end-user experience, but our customizable solution also complies with the most stringent security and compliance needs, including ITAR, PCI, and HIPAA HITECH compliance.

Multiple Layers of Built-In Security

Level Legal takes a comprehensive approach to security and controls to specifically address each layer of the cloud-delivered desktop. From the user and their endpoint devices, all the way to the physical data center infrastructure, security has been built in using a combination of virtual technologies, hardware, and customizable user controls.

Also, Level Legal’s environment is ITAR, PCI, and HIPAA HITECH compliant, ensuring regulated organizations have the framework to achieve and maintain compliance.

User Controls

Level Legal’s cloud-delivered desktops enable us to restrict access and capabilities using more than 100 available control attributes. Controls can be customized per user, project, group, and other granularity. All environments begin with these basic controls:

  • Restrict user administrative rights
  • Deny printing (local, network, screen)
  • Deny screenshots
  • Redirect files and folders
  • Disable USB access to peripheral devices
  • Redirect clipboards
  • Turn off copy and paste completely

Key Benefits

Secure the Endpoint
Protect against device theft or loss and control where data resides by getting it off the endpoint.

Protect sensitive or proprietary data.
Control or restrict specific behaviors to ensure users can access only what they need.

Seamless integration with existing app Infrastructure
No need for duplicate authentication systems or to require users to manage multiple logins and passwords.

Eliminate network vulnerabilities
Highly redundant, highly available network security configuration including HA firewalls and load balancers, front-side/back-side network isolation, VLAN and IP address, isolation and customer-specific security configurations.

Reduce Device & OS Maintenance
Hardened OS results in greater security and control while enterprise-grade anti-malware, rigorous patching and updates, and golden image management ease traditional IT burdens.