Trust Center
Welcome to Lawyal's Trust Center.
Trust is the cornerstone of everything we do. This Trust Centre was built for Lawyal’s existing and potential clients in order to reflect our efforts of making Lawyal the most trustworthy platform for your firm.
Our Trust Center highlights our commitment to security, compliance, and privacy by showcasing our adherence to global standards, and local regulations. We prioritize robust cybersecurity measures, including encryption and advanced monitoring tools to protect your data. With a focus on transparency and accountability, we ensure your information is secure, private, and handled with the utmost care.
We believe in complete transparency and therefore provide our customers with clear information about how their data is managed and the security measures we implement. Through regular audits and a culture of accountability, we ensure that your information is secure and handled with the highest level of professionalism.
Certification
Service Organization Control 2
SOC 2 (Service Organization Control 2) focuses on evaluating a company’s systems based on trust service criteria: security, availability, processing integrity, confidentiality, and privacy. It ensures that service providers securely manage data to protect the interests of their customers. SOC 2 compliance demonstrates a commitment to stringent operational controls and safeguards for handling sensitive information.
The General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a European Union law that establishes strict rules for data protection and privacy. It governs how personal data is collected, stored, processed, and shared. GDPR emphasizes transparency, user consent, and data minimization, with severe penalties for non-compliance, ensuring individuals maintain control over their personal information.
International standard for information security management systems
ISO 27001 is an international standard for information security management systems (ISMS). It provides a framework for implementing, managing, and continuously improving security practices. Organizations certified with ISO 27001 demonstrate their ability to protect sensitive data through risk assessments, structured policies, and robust control measures.
Data Privacy
-
Your data privacy is of paramount importance. Lawyal’s systems are designed to keep your information confidential, and accessible only to authorized parties. We never share customer data with third parties without consent, and all stored information is encrypted and securely managed.
Lawyal's Privacy Policy
-
Data Backups
Lawyal captures backups regularly to ensure internal and customer data is protected from loss according to our Business Continuity and Disaster Recovery procedures. -
Encryption-at-rest
All customer data is encrypted at-rest using AES-256. Lawyal is committed to following encryption best practices per industry guidelines and continually reviews the rigor of current encryption standards. -
Encryption-in-transit
All communication with our services is encrypted using the TLS protocol and HTTPS secure protocol, ensuring the confidentiality, integrity, and authenticity of transmitted data. -
Physical Security
The physical security of our infrastructure is managed by AWS. Additional Information can be found in AWS’s security documentation: https://aws.amazon.com/security/ -
Web Application firewall
Lawyal is committed to securing online applications for continued security and availability.
Data Security
Data Security
-
Data Backups
Lawyal captures backups regularly to ensure internal and customer data is protected from loss according to our Business Continuity and Disaster Recovery procedures. -
Encryption-at-rest
All customer data is encrypted at-rest using AES-256. Lawyal is committed to following encryption best practices per industry guidelines and continually reviews the rigor of current encryption standards. -
Encryption-in-transit
All customer data is encrypted in-transit between Lawyal and customers and between Lawyal and service providers using TLS 1.2. Lawyal is committed to following encryption best practices per industry guidelines and continually reviews the rigor of current encryption standards. -
Physical Security
The physical security of our infrastructure is managed by AWS. Additional Information can be found in AWS’s security documentation: https://aws.amazon.com/security/ -
Web Application firewall
Lawyal is committed to securing online applications for continued security and availability.
Infrastructure
-
AWS
Lawyal's infrastructure is hosted by AWS in multiple regions (Israel and Ireland). Additional information on AWS infrastructure security can be found at: https://aws.amazon.com/security/ -
BCP/DR
We have a formal Business Continuity and Disaster Recovery plan, which is exercised, reviewed, and approved annually. -
Separate environment
At Lawyal, the production, staging, and development environments are maintained as distinct entities to safeguard operational integrity and data confidentiality.
-
EDR/XDR
All employee endpoints are protected with an advanced EDR solution. Endpoint security signals are monitored regularly for anomalous activity. -
SIEM
Lawyal prioritizes the secure and centralized storage of crucial infrastructure logs. Our SIEM systems continuously monitor these logs, enabling real-time analysis to promptly detect, alert, and mitigate potential threats. -
SOC team
The SOC (Security Operations Center) team is responsible for 24/7/365 monitoring of the company's entire infrastructure
Endpoint Security and Monitoring
Endpoint Security and Monitoring
-
EDR/XDR
All employee endpoints are protected with an advanced EDR solution. Endpoint security signals are monitored regularly for anomalous activity. -
SIEM
Lawyal prioritizes the secure and centralized storage of crucial infrastructure logs. Our SIEM systems continuously monitor these logs, enabling real-time analysis to promptly detect, alert, and mitigate potential threats. -
SOC team
The SOC (Security Operations Center) team is responsible for 24/7/365 monitoring of the company's entire infrastructure
External Controls
-
Annual Penetration Testing (PT)
We conduct annual penetration tests performed by an external, independent cybersecurity firm. These tests identify potential vulnerabilities in our systems, ensuring our security measures remain effective and up to date. Additionally, a retest is performed to verify that all identified issues have been properly addressed and mitigated. Upon request, we provide existing customers with a detailed findings report. -
Risk Assessments by External Experts
We conduct regular risk assessments to identify and evaluate potential threats to our organization. These assessments are overseen by an independent third-party company specializing in risk management, ensuring unbiased and comprehensive reviews of our processes and controls.
For further information regarding privacy, data security and the system’s infrastructure, contact us at: security@law-yal.com
Last updated: 01.01.2025