App4Legal keeps track of information assets through production systems which are in the Cloud.
Our change management process is very agile. Changes to code or infrastructure are reviewed and any adverse consequences are discussed. The number of reviews will depend on the nature of the change, critical or not. Our highly qualified engineers will flag any potential issues before a change is made. If a change poses too big a risk, the status quo will remain in place.
We have ensured that business continues as usual in the event of disruptions. App4Legal has plans for disruptions to ensure that our customers experience minimal outfall. Various activities are in place to meet our business continuity and disaster recovery objectives, including resiliency measures, testing and recording improvements. App4Legal monitors metrics to pick up on potential problems as soon as possible. Alerts notify our engineers when there is a supposed threat. Our disaster recovery tests cover our processes and systems. Test results are captured and analyzed. We conduct business impact assessments yearly.
When creating a support request through our Service Desk, our Customer Support & Operations team will respond within the Service Level Agreement (SLA) detailed in the table below. We aim to satisfy customer requests within the same business day, to guarantee a high quality of service. We will use reasonable measures to provide support in accordance with the SLA. We will not, however, be responsible for any delays caused by the customer for reasons beyond our control. Our Customer Support & Operations team is available from 04:00 to 20:00 GMT, Sunday through Friday (i.e. all weekdays except Saturday). Our support agents are constantly monitoring the Customer Portal and the support channels to maintain the priority of our customers, especially when it comes to critical incidents. Clients can request support through one of the following channels:
|Type of Request||Priority||Definition||First Time to response||Time to Work-around by Remote Access||Time to Final Resolution by Remote Access|
|Incident / Bug / Question||Critical||Any Defect, error, bug or malfunction that causes a failure or imminent failure of the software installed at Client servers and or on-cloud||2 Hours||6 Hours||2 Business Days|
|High||Any Defect, error, bug or malfunction that causes significant system degradation, without causing Priority 1 (Critical) issue of the software installed at Client servers or on-cloud||4 Hours||8 Hours||2 Business Days|
|Medium||Any Defect, error, bug or malfunction that affects the use of the Software but that is not: (a) a Priority 2 (High) request; (b) a Priority 1 (Critical) request; or (c) a single question functional or technical on the software installed at Client servers or on-cloud.||6 Hours||2 Business Days||4 Business Days|
Our standard support includes:
Our standard support does not include:
The backups of App4Legal are done on a regular basis. The backups are done in a timeframe where there is minimal activity on the servers. The backups are a full backup of all the data. Backups are done on two levels:
Our recovery time objectives and recovery point objectives attempt to strike a balance between a few factors, including cost, benefits and risk.
Backup Restoration Tests are periodically conducted to test whether the Backup and Restoration process is working properly. The Sanity Checks of the backups are conducted on local/cloud machines and are done every month after the latest backup is taken.
At App4Legal, we conduct at least 2 yearly security checks on our platform using the most cutting-edge methods available. These tests are conducted by an independent security consultant company.
App4legal has geographic redundancy in place. This means that we have multiple servers backing up the client data. We backup customers’ data from when they start using App4Legal. In the unlikely event of a server failure or loss, this means that your data will still be accessible to you.
App4Legal adopts a secure development lifecycle approach throughout the different stages of the development. App4Legal secure SDLC involves security testing into the existing development process. This includes writing security requirements alongside functional requirements and performing risk analysis during the design phase of the SDLC.
App4Legal follows development best practices in order to cater to the highest security standards. The below standards and procedures are followed in App4Legal SDLC:
App4Legal provides security training sessions for developers, architects, and QA. The focus is on secure design principles, security issues, web security, and encryption.
App4legal offers hosting options On Cloud (Microsoft Azure UK) – Private SaaS – On Premise. Read more about Microsoft Azure security Trust your cloud | Microsoft Azure
App4Legal uses bank-grade TLS/SSL (Secure Sockets Layer) 256-bit encryption, which protects the data in transit. Any customer data in App4Legal cloud products is encrypted to protect it from unauthorized access. Our implementation of TLS enforces the use of strong ciphers and key-lengths where supported by the browser. Data drives on servers holding customer data in App4Legal products use full disk encryption, using industry-standard AES-256 algorithm. Providers of SSL certificates assure the identity of the website you are visiting by checking references and researching the company before the certificate is awarded. These SSL certificates are used every time you send data between your computer and the hosting server of a website to ensure the identity of the company or entity you are visiting. Once the website is verified by this certificate, an initial connection is made. During this initial connection, both connections agree to an encryption protocol. This is used to establish a secure connection between the two computers – this is the SSL itself. The data is scrambled in transit in order to protect your information, making it difficult for anyone in the middle to intercept and collect your confidential information.
App4legal stores passwords using Bcrypt hashing with Salt and utilizes the password strength guidelines to evaluate whether a new password is legitimate.
Login protection will allow up to 3 failed login attempts after which the account will be suspended.
To preserve your privacy and the security of your information, SSL encryption is used to secure all sensitive connections, including those involving credit cards.
Your credentials are shielded from outside sniffing by App4Legal Mobile App’s use of Access Tokens to authenticate with the Core Application.
When adding a new user to your App4Legal account, account permissions are a crucial factor to consider. It is important to consider how the responsibilities people perform, in your firm or organization, relate to your account with App4Legal.
The Groups feature lets you classify different user types into specific categories or groups. The groupings may be “Partners,” “Attorneys,” “Paralegals,” or “Assistants” for various businesses.
Through App4Legal security settings, you can view which IP addresses your users are using to get into your App4Legal account.
For debugging reasons, App4legal’s user audit login collects user email, login date, result, IP address, and other data.
We understand that tenant separation is fundamental, therefore we take action to ensure that the data of one customer does not interfere with the data of another customer. We achieve tenant isolation by providing 2 levels of segregation: 1st level, each client has his own database and credentials; 2nd level, every client has his own attachment path.
Customer data is never accessed without direct consent. We understand the importance of treating customer data with absolute privacy. Throughout App4Legal, employees are trained in the importance of handing customer data with the greatest care. Without the client’s consent, the App4legal Team does not have access to the client’s cloud-based data.
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. App4Legal may use Personal Data for the following purposes:
App4legal provides hosting choices. Private SaaS – On-premises – On Cloud (Microsoft Azure UK). The hosting facilities used by App4Legal are inspected yearly for security certifications (such SOC 2 and ISO 27001) to make sure they use cutting-edge physical security features like biometrics, CCTV cameras, and round-the-clock on-site security.
Our hosting provider is SOC 1, SOC 2, SOC 3 and ISO 27001 certified, which ensures that internal controls are in place and effective. For more information refer to https://docs.microsoft.com/en-us/compliance/regulatory/offering-soc-2