Security and Backups
An organization's LegalServer database contains information that needs to be secure from inappropriate disclosure, including confidential information about clients, and needs to be protected against loss. This document describes the measures LegalServer takes regarding security and the features provided to site administrators related to security.
No one can sign in to LegalServer without being issued a login name and password by a site administrator, having the Login Active field on their account set to Yes, and being assigned to a User Role with the Login permission. The permission can be granted or removed for internal and external logins (see Restricting Access to LegalServer by Location).
Password restrictions: Passwords must be at least 8 characters long and contain at least one number and one letter. Passwords cannot be a series of letters ending in 1, 12, 123, or 1234.
There is an optional password expiration option that allows site administrators to force passwords to be changed on a regular basis.
Failed login attempts are delayed by 1 second for the first 9 attempts. Beginning with the 10th attempt, the delay is increased to 10 seconds. We do not lock out accounts after a certain number of failed attempts since this would allow anyone reaching the site to lock out a user (including a site administrator) by attempting to login repeatedly.
Single Sign On is supported as an additional module, allowing an agency to control access via its identity provider. Google Workspaces, Microsoft Azure AD and Okta are supported.
Encrypted Sessions Required
LegalServer can only be accessed over a secure internet connection. Industry standard Transport Layer Security is used to encrypt the information that passes to and from each computer and the server running LegalServer (commonly referred to as "in transit" - see Physical Security of Servers below for "at rest").
LegalServer provides an automatic logout feature when someone has been inactive on the site for some length of time. The default is 1.5 hours. Administrators set the logout time on the Admin / Site Settings page.
Restrictions based on IP Address
Site administrators can take certain actions based on the IP (internet protocol) address of the device being used to login. Administrators can set a different session timeout value than the site-wide value, force users logging in from designated networks into a user role with limited permissions for that session, completely block the login, etc. For more information, see Restricting Access to LegalServer by Location.
User Roles and Permissions
LegalServer offers an extensive set of permissions that allow administrators to enforce agency policy regarding access to cases, features, and functions after someone has successfully logged in. See User Accounts and User Roles and Permissions for more information.
Revoking Permission to Login
Site administrators can immediately block a user from logging in by simply setting the Login Active field on a user account to No.
Limiting Collection of Sensitive Information
Agencies typically must collect sensitive information about applicants and clients for operations and reporting to funders. LegalServer provides agencies tools to limit the collection of sensitive information as much as possible.
* If Social Security Numbers must be collected, administrators can limit this to only 4 digits in Admin > Site Settings.
* Agencies can design their application processes to limit the data collected about applicants. For example, an agency can collect an applicant's type of problem and location to determine potential eligibility for services, and possibly halt the application process, before collecting name, date of birth, SSN, etc.
Physical Security of Servers
All sites are hosted on Amazon AWS. All data is stored on encrypted EBS volumes (commonly referred to as "at rest").
Software Security Updates
LegalServer staff regularly monitor information regarding security vulnerabilities, updates, and best practices as it relates to the entire application; including the programming languages, database application, server operating system, and running a web-based application serving requests over the internet. Updates to address security concerns can be applied to all servers immediately in critical situations or rolled out as part of the regular update process.
Data Backup and Disaster Recovery
Organization databases that we host are backed up as follows:
Database dumps are made each night.
Data is continuosly replicated to a different server at a different physical location.
Database volume snapshots are taken periodically.
Data is stored for at least 2 weeks before it is overwritten
Database restores are tested weekly to confirm the data backups are valid.
Almost instantly once the decision is made to fail over to replication, the main site can be shut down and redirected to a read-only replicated version of the site. In a real failover situation, there are site readiness checks and DNS issues our team must carefully examine before promoting a backup instance to production use. This takes from about 15 to 90 minutes, depending on what we uncover regarding the cause of the disruption. Re-linking to documents can take additional time, depending very much on the size of the document store.
LegalServer can send and receive email messages. Our mail servers offer TLS (Transport Layer Security) when connecting to send and when accepting connections to receive. if the sending or receiving server supports TLS, the mail is sent through an encrypted connection. Individual email messages are not encrypted. This is the same process used by secure (https) websites. The information on the website itself isn't encrypted, but the channel the information is sent through is encrypted.