skip to main content

Security

Data security is critical, and we take that responsibility seriously

 

As a company founded by information security and digital forensics professionals, BIA has always been on the forefront of maintaining data in the most secure manner for legal and regulatory matters. All of our people go through rigorous training, and all of our systems are constantly monitored. Plus, every bit of data is fully AES 256-bit encrypted. That’s why many Fortune 100 and AmLaw 500 companies – including many healthcare and financial entities – trust the safe and secure management of their data to BIA’s platforms and procedures.

Data Privacy and Encryption

All data is secured and encrypted, both at rest and during transit. All encryption uses open-source encrypting mechanisms and has been designed and implemented by information system security experts.

  • All information is secured using 256-bit AES encryption
  • Cryptographic Key Management is via a trusted PKI system
  • ISO/IEC 27001, NIST SP800-53 and certain DoD Security Directives standards maintained
  • HIPAA, PCI and PII aware and compliant systems
  • TotalDiscovery data is hosted in Amazon Web Services (AWS) and leverages its infrastructure and multiple security certifications
  • All data maintained within U.S. borders
  • For international customers or projects, secure foreign data facilities available
  • BIA systems and processes meet or exceed EU and Asia consumer data protection regulations
  • SSL/TLS used for securing data in transit
  • Use of well-accepted Certificate Authority
  • No key-sharing between production and development systems
  • BIA corporate and operational systems segregated from customer production systems

Access Restriction and Control

In addition to keeping data private, true security requires that access to all systems is tightly controlled. The following protocols and technologies ensure that access to BIA systems is granted only to authorized individuals:

  • User- and/or role-based access management
  • All user access related information maintained in an encrypted database
  • Only authorized users can access their data
  • Customer approval required for BIA employees/contractors to access data
  • Chain of custody and access control list (ACL) maintained for all data access processes
  • Strong password policies enforced
  • System time-out enforced for idle browser sessions
  • Access to BIA systems via secure (HTTPS) browser sessions
  • Segregation of duties in place to ensure hierarchical security paradigm
  • Documented security policy acceptance required as part of BIA employment

System Availability and Data Backup

It’s critical that all data and systems are accessible at all times from anywhere around the globe. BIA has invested in the appropriate systems and processes to ensure high availability to all customer data at all times.

  • All data is backed-up nightly and encrypted
  • Guaranteed 99.95% uptime of all systems and data
  • Hot/warm sites maintained for ensuring quick uptime after natural or other disasters
  • Backup and disaster recovery systems and processes tested on a frequent basis

Development Process and Change Control

BIA has been designing and building tools and software for managing legal-related information in a defensible and cost-effective way for over 15 years. Part of that success is due to the software development process and strict change control process we follow:

  • Hybrid agile development process
  • All BIA developers are US-based and highly qualified with at least 5+ years of experience
  • Separate development and SDET teams and systems ensure independent quality control
  • Iterative release cycle to ensure quick updates at a high quality
  • All new versions of BIA technology are staged and tested before release
  • Strict and well-documented issue tracking and resolution process

Auditing and Tracking

Because everything we do may become evidence in a legal matter or as part of a legal process, it’s critical that all actions and tasks are audited and tracked. Thus any user action within our platforms and all BIA personnel actions are monitored, tracked and logged for legal auditability purposes.

  • All systems and processes are audited annually as per IT standards (e.g., ISO, NIST)
  • Risk assessment is performed annually or as needed depending upon high priority publicly known risks (e.g., newly discovered vulnerabilities will trigger a risk assessment and security review)
  • All BIA employees undergo strict background checks and are all US citizens or equivalent
  • Internal security audits and other process audits occur on a semi-annual basis
  • Formal reporting procedures used for incident tracking and escalation