When it comes to managing your data and evidence, we offer reliable and efficient solutions. Let us know your specific needs, and we will provide the support solutions you require.
Law In Order maintains an industry-leading security program that is based on a layered security approach. Security measures are incorporated at every level of our organisation to compound their effectiveness.
We actively maintain ISO/IEC 27001 certification, an internationally recognised standard for information security management systems.
Law In Order has also aligned with the ASD Essential Eight mitigation strategies, implementing the recommendations and best practices, and regularly assessing and improving upon our maturity level which is currently at Level 3.
A series of policies and procedure documents are maintained and reviewed at least bi-annually or as and when significant changes occur, or risks are identified.
At Law In Order, we treat all client data as confidential and implement our systems and processes with the highest level of security possible. Data transfers are facilitated using best-practice encryption and data transfer methods. Access to data and systems is provided using unique user accounts, strong passwords, and MFA (multi-factor authentication). Access and permission levels is provided in a “least-privilege” approach and limited to only those approved personnel deemed necessary to deliver requested services. Access logs are reviewed regularly, and permission levels are modified as required and recorded in our IT service desk system.
Data is retained in accordance with our Data Classification and Retention policies that vary according to services requested or as specifically requested by our clients. Data is securely deleted using best-practice methods and destruction certificates are available upon request. We have dedicated staff managing all aspects of data management and governance to ensure we maintain our high security standards.
Our world class data centres are protected by multi-layered, physical access security controls including access controls for general and restricted areas such as server rooms, data centres, operations floors, etc. Access levels to personnel are provided following the least-privilege principle and restricted to only those necessary for the delivery of services.
All our data centres are certified in ISO 27001 and critical data centres hold IRAP, SOC1 Type II, and SOC 2 Type II certifications.
Personnel undergo employment screening at Law In Order which includes having their identity and working rights status verified; at minimum have two professional references checked and cleared; and have completed and cleared an Australian Criminal History Check before being offered employment.
Employment at Law In Order is subject to ongoing conditions of engagement including and not limited to, eligible working rights, understanding and abiding by company policies including Privacy and Confidentiality and Code of Conduct and that training is routinely completed.
Law In Order maintain asset registers for hardware, software, and information assets and are managed in accordance with relevant policies. Asset registers are used to document and manage ownership, accountability, and lifecycle management. Reviews are conducted annually or as and when required in response to significant changes.
Law In Order staff undergo mandatory security awareness training at induction and to existing staff on regular intervals. Course material and assessments are delivered using an online LMS (Learning Management System) which includes progress tracking and escalations to management.