LegalFly attains SOC 2 (Type II) certification

The What and Why of SOC 2 (Type II)

System and Organization Controls (SOC) 2 is a widely recognized security standard for SaaS companies developed by the American Institute of Certified Public Accountants (AICPA). It prescribes how organizations should manage customer data to ensure they adhere to the highest standards. Concretely, SOC 2 is based on five Trust Service Criteria: Security, Privacy, Availability, Processing Integrity and, finally, Confidentiality.  

The SOC 2 certification is confirmed by a meticulous external audit and comprehensive evaluation process. To qualify for the certification, all required infrastructure components, security measures, and processes have to be in place. 

There are two types of SOC 2 compliance. A Type I report evaluates whether the design of a service provider’s system controls meet the Trust Service Criteria at one specific point in time. 

SOC 2 Type II, on the other hand, is more ambitious. A Type II report details the operational effectiveness of the systems controls to perform as designed over a longer period of time. Given the stringent security requirements of our typical customers, only the best will do – we’ve got Type II. 

In order to achieve that stringent Type II compliance, LegalFly’s information security mechanisms, guidelines and procedures were thoroughly audited by an accredited auditing firm. The conclusion: we’re 100% up to standard and ready for take-off.

‍

‍

LegalFly’s Commitment to Data Security

Our clients are diverse: corporate lawyers, accountants and financial institutions all rely on LegalFly to step-up their productivity. That means our legal AI is applied in a multitude of different use cases. However, all of our clients have one thing in common: they handle vast amounts of sensitive data. Because of this, LegalFly has opted for the gold standard in data protection. 

‍

Let’s go over what LegalFly’s SOC 2 certification means for our clients:

‍

1. Trust and Assurance: SOC 2 assures that we have implemented stringent security measures to protect sensitive data. In this way, we maintain the foundational trust that exists between us and our users.

2. Risk Mitigation: It helps in identifying and mitigating potential future risks related to data breaches or mishandling of information, thereby reducing the likelihood of data loss or fraud in the future as well. 

3. Compliance: Many industries have regulatory requirements for data protection. SOC 2 certification helps LegalFly meet these compliance obligations.

4. Competitive Advantage: Our SOC 2 certification differentiates us from our competitors, who have not fully grasped the importance of data protection in legal tech. 

5. Operational Efficiency: To obtain and maintain SOC 2 certification we implemented robust internal controls, which improve the overall operational efficiency and reliability of our processes.

‍

Dennis Montégnies, LegalFly CO-Founder and CISO, is confident that LegalFly’s clients will benefit greatly from the new SOC 2 certification: “This will benefit our users most of all. Working with third-party providers that don’t have SOC 2 and ISO certifications exposes your company to considerable risks, risks which can lead to data breaches. And data breaches have dire consequences, such as regulatory penalties and reputational damage. Our users won’t have to worry about that.”

‍

‍

‍

‍

‍

‍

‍

‍

‍

‍

‍

‍

‍

‍

‍

Moving Forward

Our SOC 2 certification is not an award that we congratulate ourselves on and forget about. In order to maintain the highest degree of data security in the future, LegalFly has built a Trust Center where our clients can monitor our security controls in real time. Additionally, our clients can download our certification reports if they want to get into the nitty-gritty. To keep up the flight metaphor, you could say that everyone has a window seat here at LegalFly.