As cloud computing continues to grow in popularity with its many proven advantages for all kinds of businesses, law firms included, it is important to recognise that, there are also associated risks to consider. Due diligence is more important than ever in terms ensuring appropriate controls are in place to manage them. This is emphasised by the guidelines issues by the Solicitors Regulation Authority (November 2013) and The Law Society (April 2013).
This document gives an overview of how LAWFUSION Cloud (Select Legal Systems’ leading cloud based legal accounts, case and practice management software) complies with the SRA’s & The Law Society’s Guidelines on cloud computing for law firms.
- UK Data Centre: Select Legal Systems Limited, and its trusted partners for the provision of data centre services, are UK owned and operated businesses, which means they fall under the jurisdiction of UK law and the UK Data Protection Act. As such, USA laws of surveillance are not applicable to the data centres, services and data provided. This also means that because no data is stored outside of the EEA (European Economic Area), Safe Harbor compliance is not applicable.
- UK Data Protection Act: Select Legal Systems Limited complies with the Data Protection Act 1998 in terms of, where applicable, the provision of its Outsource services to its clients.All data within the LAWFUSION Direct, and that of its partners, used for the provision of legal business, data processing, storage and processing services is stored within the UK and no data is stored outside of the EEA. Concerning the client’s personal data and access to hosted systems, Select Legal Systems Limited only carries out activity on these following receipt of documented client instructions.
- Security: Select Legal Systems Limited owns the file servers used to provide their LAWFUSION Cloud hosted service and the servers are located in an ISO 27001 accredited data centre. In addition Select Legal Systems Limited complies with ISO 27001 security standards.
- Select Legal Systems Limited performs regular audits and reviews of internal systems as part of its compliance and the service delivery performance of its data centre service partners.
- Select Legal takes all reasonable steps to ensure that their clients’ confidential data is protected and thereby satisfies Outcome 4.3 of the SRA Code of Conduct.
- LAWFUSION Cloud is protected by high grade secure login and routine password change methods and it has hardened firewalls, virus scanning and 24/7 intrusion detection and logging at the server end. Select Legal Systems however, make it clear that clients must take responsibility for their own IT security (e.g. in terms of protecting passwords, anti virus mechanisms on their own PCs and their use of the internet / access to the internet).
- Ownership of all client data remains the property of the client. Provision is in place to allow this data to be extracted and put in a useable format for transfer, if required.
- All hosted data transferred on portable media are protected using either hardware or software based encryption technology.
- SRA Access: Providing prior written authorisation is received from a senior representative of the legal firm granting the SRA access to inspect data relating to the legal firm’s business hosted within LAWFUSION Cloud or hosted within a data centre used by Select Legal Systems, Select Legal Systems agrees to allow the SRA access to inspect this data. Should the SRA request permission to visit the premises of Select Legal Systems Limited for this purpose, this will be granted. Alternatively, access to the client’s hosted data can be provided. In both cases, access will be made using a suitably provisioned secure internet connection with a unique secure login and password. This satisfies Outcome 7.10 of the SRA Code of Conduct.
- SLA: For a copy of Select Legal Systems’ Service Level Agreement, a LAWFUSION Cloud demonstration or more information please contact Sales on 01482 567601.
Choosing a trusted technology partner, such as Select Legal Systems, is paramount if you decide to go with a cloud based legal practice management system.