Security Policy

LEAP Legal Software Canada

This Security Policy governs the processing of data provided by a Subscriber in connection with their user license agreement (“Agreement”) or through the use of the LEAP Services. By using the Software, our services, or our website, or by signing an Agreement with LEAP, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Sites or App.

Keeping your firm safe

There is a lot of legitimate concern about cyber-security with many malicious actors seeking to extract money using nefarious online methods.

Whilst it might seem as if a server in your office with local PC's is secure, if your inhouse network is connected to the Internet, it is incredibly vulnerable to attack, and Ransomware is typically placed on on-premise servers. Trojans often get placed on PC's used for recreational purposes when we are least alert to danger.

LEAP has a dedicated in-house Information Security team that is dedicated to maintaining the security of client data in LEAP, LEAP itself, and of course all our internal systems that support our business.

LEAP Data on the LEAP Servers

Being a cloud solution, the software and all client data is stored on LEAP Servers, which are built on the AWS (Amazon Web Services) platform.

Amazon Web Services (AWS) is a leading cloud services platform, providing database storage, content delivery and a range of other functions. It is probably the largest and most successful cloud platform provider in the world.

AWS makes security its top priority, providing a data centre and network architecture built to meet the requirements of the most security-sensitive organisations such as NASA, Atlassian and Dow Jones. AWS is constantly evolving its core security services such as identity and access management, logging and monitoring, encryption and key management, network segmentation and Denial of Service (DDoS) protection.

LEAP stores data in the jurisdiction of origin, in the UK that is in Dublin, Ireland, in Australia that is in Sydney and in the United States in North Virginia. Data is also stored in Canada. LEAP actively works to take advantage of AWS services, following Information Security best practices.

LEAP also makes continuous backups, so your LEAP data will be up to date to the time you last connected to the Internet.

We keep your LEAP data safe by adhering to industry best practices.

AWS has an extensive and constant Cyber Security presence (its reputation depends on it) and LEAP too has its own Information Security Team. We continually monitor our AWS environment, implementing updates and patches in line with best practices prescribed by AWS.

You can find out more about AWS security in the AWS Security & Compliance Quick Reference Guide.

Security Controls

LEAP utilises multiple layers of security controls (software, physical and process based) to protect our client data. This includes, but is not limited to:

  • Local & Network Firewalls

  • Web Application Firewalls

  • Intrusion Detection Systems (IDS)

  • Multi-vendor Anti-Virus

  • DDoS Throttling Services

  • Access Control Lists

  • Security Patch Management

  • Identity and Access Management

  • Centralised Log Management

  • Symmetric and Asymmetric Encryption systems

  • Two Factor Authentication

  • Separation of Duties

  • Vulnerability Assessment

  • Anomaly Detection

  • Externally commissioned penetration testing

  • Externally commissioned audits

  • Remote Monitoring & Alerting

LEAP understands security is of foremost importance to law firms. These are some security measures you can implement, alongside systems LEAP has developed to strengthen security for your law firm.

Your PC Anti-Virus and Malware | Data stored on LEAP

Security on your PC is the responsibility of you and your IT provider. All information on your PC is vulnerable to attack without proper security precautions, so it is imperative to ensure every PC in your firm has the necessary anti-virus, malware and security protection.

As far as LEAP is concerned, should your PC be compromised or lost, all your data on the LEAP servers would still be safe. All you need do is buy a new PC and login to LEAP. Your data will still be there.

Password Theft | Two Factor Authentication

Theft of login information and passwords threaten all electronic systems.

As with banks, LEAP requires Two Factor Authentication (2FA) to change a password.

In practice, when you apply for a new password, a verification code is sent by SMS to another device, usually a mobile device tied to your personal use. The phone number of this mobile device must be entered in LEAP to allow you to create a new password.

To protect your firm, you should have all LEAP users setup 2FA immediately.

Email Hacking/Document Sharing | LawConnect

Email is a ubiquitous but high-risk communication method, vulnerable to infiltration and hacking.

You should never send highly confidential, private or security-related information or documents by email.

To enable LEAP clients to communicate safely and securely, we developed LawConnect for document sharing. When a document is shared on LawConnect, it is not transported. It remains in LawConnect, and anyone with the right credentials can interact with it.

An email is sent to the other party to allow them to view and comment on the document in LawConnect. The document itself is not sent.

Find out more about LawConnect in your LEAP Community.

Data Encryption | LEAP Applications

Each LEAP application is accessed via HTTPS using Transport Layer Security (TLS). TLS is a cryptographic protocol designed to protect information transmitted over the internet against eavesdropping, tampering, and message forgery.

Once client data reaches the LEAP cloud infrastructure, all information is then encrypted at rest, using AES-256, military grade encryption.

Service Availability | Multiple AWS Datacentres

LEAP has been designed to be a highly available, active-active solution. LEAP services are split over multiple AWS data centers within Canada. In the event of one data center going offline in a disaster scenario, the second data center continues to serve data with minimal, if any, service interruption. LEAP is not responsible for any delays resulting from AWS server availability.

Backup Policy | Frequent

LEAP servers are backed up multiple times daily, weekly and monthly.

System Monitoring | 24/7

LEAP is monitored 24hours a day, 7 days a week, 365 days a year.

Data Breach Notification

LEAP will notify the Subscriber without undue delay and in writing on becoming aware of any Data Breach in respect to our client's data. If a vulnerability is identified or data is available publicly outside of the LEAP Software, please contact LEAP immediately via quality@leap.ca.

Privacy Policy

LEAP's Privacy Policy is subject to change and can be accessed at: https://leaplegalsoftware.ca/privacy-statement.

LEAP and Your Data Security Responsibilities

Authorization

If you provide to LEAP any personal or sensitive data relating to other individuals, either directly, through our websites, through our software, or otherwise, you represent that you have the authority to do so and permit us to use, access, or host that data in accordance with this policy.

Account Access

LEAP employs industry standard security measures to ensure the security of information. However, the security of information transmitted through the Internet can never be guaranteed. LEAP is not responsible for any interception or interruption of any communications through the Internet or for changes to or losses of information. Site users are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access to password protected or secure areas of any LEAP websites.

In order to protect you and your information, LEAP may suspend your use of a website, without notice, pending an investigation, if any breach of security is suspected. Access to and use of password protected and/or secure area of any Unauthorized access to such areas is prohibited and may lead to criminal prosecution. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contacting Us” section herein.

We may use your information as we believe to be necessary or appropriate:

  • under applicable law, including laws outside your country of residence;

  • to comply with legal process;

  • to respond to requests from public and government authorities including public and government authorities outside your country of residence;

  • to service providers which act for us or provide services for us, such as for marketing or for the processing of payments, and as to such service providers their use of Personal Information is subject to our agreements with them and any applicable laws;

  • to enforce our terms and conditions;

  • to protect our operations or those of any of our affiliates;

  • to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and

  • to allow us to pursue available remedies or limit the damages that we may sustain.

Contact us

This statement reflects the security policy of LEAP and is regularly reviewed and updated. It should be regarded as the primary source of truth regarding security within LEAP. Any questions should be directed to security@leapdev.io.

Policy Last Update Date

09/15/2020

LEAP is everything you need to run a law firm