Our security team covers multiple areas, including product security, which is responsible for our products and services, Marketplace and Apps. Our security team is also responsible for determining and responding to any security breaches. Lexzur security also covers security requirements for our products and services, and applications. We provide training to our employees on working securely.

Review of Security Policies

Lexzur regularly reviews security policies to ensure that we are up to date with the latest developments in security and data protection and privacy.

Internal Security Environment

Lexzur has several policies and procedures in place to safeguard our internal environment.

Security Operations

Information assets

Lexzur keeps track of information assets through production systems which are in the Cloud.

Change management 

Our change management process is very agile. Changes to code or infrastructure are reviewed and any adverse consequences are discussed. The number of reviews will depend on the nature of the change, critical or not. Our highly qualified engineers will flag any potential issues before a change is made. If a change poses too big a risk, the status quo will remain in place.

Business continuity and disaster recovery management

We have ensured that business continues as usual in the event of disruptions. Lexzur has plans for disruptions to ensure that our customers experience minimal outfall. Various activities are in place to meet our business continuity and disaster recovery objectives, including resiliency measures, testing and recording improvements.

Lexzur monitors metrics to pick up on potential problems as soon as possible. Alerts notify our engineers when there is a supposed threat. Our disaster recovery tests cover our processes and systems. Test results are captured and analyzed. We conduct business impact assessments yearly.

Service availability

When creating a support request through our Service Desk, our Customer Support & Operations team will respond within the Service Level Agreement (SLA) detailed in the table below.

We aim to satisfy customer requests within the same business day, to guarantee a high quality of service. We will use reasonable measures to provide support in accordance with the SLA. We will not, however, be responsible for any delays caused by the customer for reasons beyond our control.

Our Customer Support & Operations team is available from 04:00 to 20:00 GMT, Sunday through Friday (i.e. all weekdays except Saturday). Our support agents are constantly monitoring the Customer Portal and the support channels to maintain the priority of our customers, especially when it comes to critical incidents.

Clients can request support through one of the following channels:

• Submitting a ticket on the Customer Portal through the Service Desk (signup is required for new customers)
• Sending an email to: [email protected]

SLA:

Our standard support includes:

• Help with troubleshooting problems
• Answering support requests related to Lexzur modules and licensing from both technical and functional perspectives
• Bug fixing, executing of minor patches remotely on client servers in order to fix Lexzur bugs or getting automatically the fixes when on-cloud
• Access to upgrades and new Lexzur versions for Lexzur on-server

Our standard support does not include:

• Support and maintenance of Lexzur on client premises unless the client purchases on-site man-days
• Development requests, including custom code development or support for non-certified third party software
• Lexzur on-server, database integrity or server’s/networks performance issues, including tuning and technical optimization
• Lexzur on-server, servers and hardware issues not directly related to Lexzur
• Client network topology or environment issues

Backups and restore 

The backups of Lexzur are done on a regular basis. The backups are done in a timeframe where there is minimal activity on the servers. The backups are a full backup of all the data.

Backups are done on two levels:

1. Hosting Provider Backup: the backup of the whole image of the infrastructure server that is holding the customer application.

1. Manual Backups: regular backups that are done on the server level, which is a more detailed backup of the files and folders of the Application and should act as another backup plan in case the first backup failed to restore.

Our recovery time objectives and recovery point objectives attempt to strike a balance between a few factors, including cost, benefits and risk.

Sanity checks and backup resilience

Backup Restoration Tests are periodically conducted to test whether the Backup and Restoration process is working properly. The Sanity Checks of the backups are conducted on local/cloud machines and are done every month after the latest backup is taken.

Regular security tests

At Lexzur, we conduct at least 2 yearly security checks on our platform using the most cutting-edge methods available. These tests are conducted by an independent security consultant company.

Geographic redundancy

Lexzur has geographic redundancy in place. This means that we have multiple servers backing up the client data. We backup customers’ data from when they start using Lexzur. In the unlikely event of a server failure or loss, this means that your data will still be accessible to you.

Secure development practices

Lexzur adopts a secure development lifecycle approach throughout the different stages of the development. Lexzur secure SDLC involves security testing into the existing development process. This includes writing security requirements alongside functional requirements and performing risk analysis during the design phase of the SDLC.

Coding practices

Lexzur follows development best practices in order to cater to the highest security standards. The below standards and procedures are followed in Lexzur SDLC:

• OWASP Top 10 best practices for web applications
• Data & Input Validation
• Data & Input Sanitization
• Peer-To-Peer Code Review

Security training and awareness

Lexzur provides security training sessions for developers, architects, and QA. The focus is on secure design principles, security issues, web security, and encryption.

Data Security 

Data centers

Lexzur offers hosting options On Cloud (Microsoft Azure UK) – Private SaaS – On Premise. Read more about Microsoft Azure security Trust your cloud | Microsoft Azure

SSL Encryption

Lexzur uses bank-grade TLS/SSL (Secure Sockets Layer) 256-bit encryption, which protects the data in transit. Any customer data in Lexzur cloud products is encrypted to protect it from unauthorized access. Our implementation of TLS enforces the use of strong ciphers and key-lengths where supported by the browser.

Data drives on servers holding customer data in Lexzur products use full disk encryption, using industry-standard AES-256 algorithm.

Providers of SSL certificates assure the identity of the website you are visiting by checking references and researching the company before the certificate is awarded.

These SSL certificates are used every time you send data between your computer and the hosting server of a website to ensure the identity of the company or entity you are visiting. Once the website is verified by this certificate, an initial connection is made.

During this initial connection, both connections agree to an encryption protocol. This is used to establish a secure connection between the two computers – this is the SSL itself. The data is scrambled in transit in order to protect your information, making it difficult for anyone in the middle to intercept and collect your confidential information.

Password policies

Lexzur stores passwords using Bcrypt hashing with Salt and utilizes the password strength guidelines to evaluate whether a new password is legitimate.

Login Protection

Login protection will allow up to 3 failed login attempts after which the account will be suspended.

Credit card/subscription information security

To preserve your privacy and the security of your information, SSL encryption is used to secure all sensitive connections, including those involving credit cards.

Mobile device security

Your credentials are shielded from outside sniffing by Lexzur Mobile App’s use of Access Tokens to authenticate with the Core Application.

Permissions

When adding a new user to your Lexzur account, account permissions are a crucial factor to consider.

It is important to consider how the responsibilities people perform, in your firm or organization, relate to your account with Lexzur.

Groups

The Groups feature lets you classify different user types into specific categories or groups. The groupings may be “Partners,” “Attorneys,” “Paralegals,” or “Assistants” for various businesses.

Monitoring account sessions

Through Lexzur security settings, you can view which IP addresses your users are using to get into your Lexzur account.

Audit log

For debugging reasons, Lexzur’s user audit login collects user email, login date, result, IP address, and other data.

Tenant isolation

We understand that tenant separation is fundamental, therefore we take action to ensure that the data of one customer does not interfere with the data of another customer. We achieve tenant isolation by providing 2 levels of segregation: 1st level, each client has his own database and credentials; 2nd level, every client has his own attachment path.

Personal Data Protection and Privacy

Lexzur takes every reasonable measure and precaution to protect and secure your personal data. We have dedicated procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction. We have several layers of security measures in place. In no particular order, they follow below.

Access to customer data

Customer data is never accessed without direct consent. We understand the importance of treating customer data with absolute privacy. Throughout Lexzur, employees are trained in the importance of handing customer data with the greatest care. Without the client’s consent, the Lexzur Team does not have access to the client’s cloud-based data.

Use of personal data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you.

Lexzur may use Personal Data for the following purposes:

• To provide and maintain our Service, including to monitor the usage of our Service.
• To manage your Account
• To contact you: regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
• To manage your requests: to attend and manage your requests.
• To adhere to legal obligations: Lexzur may disclose customer data to third parties and public authorities where such disclosure is regulated by law e.g., to avoid loss of value, including in connection with judgments, public authority orders, the customer’s bankruptcy, death or the like.

Retention of personal data

Lexzur will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and only use your Personal Data to the extent necessary to comply with our legal obligations. Lexzur has an obligation to delete customer data 90 days after termination of the subscription regardless of the reason for termination. Lexzur will not store any customer data after such time.

General Data Protection Regulation (GDPR)

Lexzur is committed to protecting our customers data by ensuring that we are fully compliant with the General Data Protection Regulation (GDPR) and its privacy regulations.

The intention of the GDPR is to ensure that individuals have control over how their personal data us used. Articles 5 of the GDPR sets out the spirit of the legislation. It states that data should be processed with consent of the data subject in a transparent manner. Whenever you share your data with Lexzur, we remain accountable to you for how it is used. We ensure that your personal data receives adequate protection and safeguards, and that it is not accessed or shared without your consent. It also states that data must be collected and used for the purposes given, and only data that is needed should be collected. Lexzur will only use your personal data needed for the purposes set out herein. The GDPR also states that data should be maintained for accuracy and deleted where it is no longer relevant. Lexzur will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and only use your Personal Data to the extent necessary to comply with our legal obligations. Further it states that data should be stored in a way that preserves its integrity and confidentiality. Lexzur takes numerous steps to ensure that our products and services are encrypted and protected to ensure the integrity of your data.

Our GDPR actions to date

• Lexzur has an appointed Data Protection Officer
• A gap analysis of all our business processes has been performed where personal data is held or collected
• We are continuously improving our privacy policy on our website to incorporate our GDPR compliance
• Lexzur has mechanisms to identify potential data breaches where necessary as soon as is reasonably practicable
• Lexzur provides training to all our employees and raises awareness of GDPR and its importance to business

Built with data residency (and physical security) in mind

Lexzur provides hosting choices. Private SaaS – On-premises – On Cloud (Microsoft Azure UK). The hosting facilities used by Lexzur are inspected yearly for security certifications (such SOC 2 and ISO 27001) to make sure they use cutting-edge physical security features like biometrics, CCTV cameras, and round-the-clock on-site security.

SOC 1, SOC 2, SOC 3 and ISO 27001 Certifications

Our hosting provider is SOC 1, SOC 2, SOC 3 and ISO 27001 certified, which ensures that internal controls are in place and effective. For more information refer to https://docs.microsoft.com/en-us/compliance/regulatory/offering-soc-2