Most state bars have released ethics opinions on cloud computing for lawyers. These opinions make clear that lawyers can use cloud computing to transmit or store confidential client information, so long as they do the appropriate due diligence. Across almost all the jurisdictions that have published ethical guidance, the consensus is that a lawyer must choose a vendor that can be reasonably relied upon to keep client information confidential. This requires the lawyer to evaluate the nature of the technology, available security precautions, and limitations on third-party access.
Fortunately for Casetext customers, we have made the due diligence process easy by providing detailed information concerning our security practices. Our robust security practices establish a clear expectation of security so that lawyers can rest assured that their client’s confidential information stays privileged when they transmit or store sensitive information on CoCounsel.
All user access is protected through strong authentication.
Perimeter firewalls block unauthorized ports and protocols.
Customer instances and data are logically separated.
Access to data sources, queries, and query results are captured and can be audited.
We have a Business Continuity Plan in place and is it tested annually.
Customers can utilize SSO for authentication.
Data source credentials are encrypted and stored in a secrets manager.
Data are encrypted at rest.
Data are encrypted in transit.
User access is logged and can be audited
Network vulnerability scans are performed monthly.
A third party executes an annual penetration test.
All third party vendors and contractors are fully vetted for security.
If you have questions about our security program, please email us at email@example.com.