Information Security and Data Privacy

 

The security of your legal related information is critical and we take that responsibility seriously.

 

ESI365 was founded with the primary goal of introducing the best eDiscovery solutions available to corporations. Our main technology partner was founded by information security and computer forensic professionals who are serious about the way their solutions are built from an information security perspective. They have been and continue to be on the forefront of maintaining data in the most secure manner for legal and regulatory matters.

Data Privacy and Encryption

 

All data is secured and encrypted, both at rest and during transit. All encryption uses open-source encrypting mechanisms and has been designed and implemented by information system security experts.

 

  • All information is secured using 256bit AES encryption

  • Cryptographic Key Management is via a trusted PKI system

  • ISO/IEC 27001, NIST SP800-53 and certain DoD Security Directives standards maintained

  • HIPAA, PCI and PII aware and compliant systems

  • All data is stored in systems maintained by our technology partner and housed in Tier 4 global hosting facilities

  • All data maintained within U.S. border

  • For international customers or projects, secure foreign data facilities available

  • ESI365 systems and processes meet or exceed E.U. and Asia consumer data protection regulations

  • SSL/TLS used for securing data in transit

  • Use of well-accepted Certificate Authority

  • No key-sharing between production and development systems

  • ESI365 corporate and operational systems segregated from customer production systems

 

 

Development Process and Change Control

 

ESI365's technology partner has been designing and building tools and software for managing legal related information in a defensible and cost-effective way for over a decade. Part of that success is because of the software development process and strict change control process we follow.

 

  • Hybrid Agile development process

  • All ESI365 developers are U.S. based and highly qualified with at least 5+ years of experience

  • Separate development and SDET teams and systems to ensure independent quality control

  • Iterative release cycle to ensure quick updates at a high quality

  • All new versions of ESI365's technology are staged and tested before release

  • Strict and well documented issue tracking and resolution process

 

 

Auditing and Tracking

 

Because everything we do may find itself as evidence in a legal matter or as part of a legal process, it’s critical that all actions and tasks are audited and tracked. Thus any user action within the ESI36 applica5tion and all ESI365 personnel actions are monitored, tracked and logged for legal auditability purposes.

 

  • All systems and processes are audited annually as per IT standards (e.g., ISO, NIST)

  • All software development is performed and managed by our technology partner employees in Seattle

  • All ESI365 employees undergo strict background checks and are all US citizens or equivalent

  • Internal security audits and other process audits occur on a semi-annual basis

  • Formal reporting procedures used for incident tracking and escalation

Access Restriction and Control

 

Along with ensuring that data is kept private, it is important that all systems are secured from an access and control perspective. All systems and products are tightly controlled in several ways to ensure only authorized access.

 

  • User/Role based user access management

  • All user access related information maintained in an encrypted database

  • Only authorized users can access their data

  • Customer approval required for ESI365 employees/contractors to access data

  • Chain-of-custody and ACL maintained for all data access processes

  • Strong password policies enforced

  • System time-out enforced for idle browser sessions

  • Access to ESI365 systems available via secure (HTTPS) browser sessions

  • Segregation of duties in-place to ensure hierarchical security paradigm

  • Documented security policy acceptance required as part of ESI365's employment 

 

 

 
System Availability and Data Backup
 

It’s critical that all data and systems are accessible at all times from anywhere around the globe. Thus ESI365 leverages a technology partner that has invested in the appropriate systems and processes to ensure high-availability to all customer data at all times.

 

  • All data is backed-up nightly and encrypted

  • Guaranteed 99.95% uptime of all systems and data

  • Hot/warm sites maintained for ensuring quick uptime after natural or other disasters

  • Backup and DR systems and processes tested on a frequent basis