Legal Ready ISO 27001 Certification

Legal Ready is independently certified to ISO 27001:2022. This article describes the benefits this certification provides to our clients on the eBrief Ready platform.

What is ISO 27001?

The International Organization for Standardization (“ISO”) is an independent, non-government body which develops global standards. ISO 27001 is the leading global industry standard for information security management. It provides a framework for the way that organisations manage the security of their data assets. 

How do Subscribers benefit?

ISO 27001 is not a compulsory regulatory requirement. Undergoing an independently verified certification Legal Ready ensures the best possible protection for the eBrief Ready platform and its subscribers.

Our clients and their end customers benefit from Legal Ready’s ISO 27001 certification through key security objectives:

  1. Legal Ready enforces the mandatory use of two-factor authentication (2FA) for all eBrief Ready accounts. 2FA verifies that the person trying to gain access to the account is who they say they are – in addition to the login username and password. Even if someone else obtains your password, the two-factor authentication requires an additional step of SMS code or authenticator validation.
  2. All client documents are held securely on Amazon AWS. The servers are in Sydney (for those using the platform within Australia) and in London (for those using the platform within the UK), so your data stays inside your sovereignty.
  3. eBrief Ready relies on third-party services, such as Amazon Web Services, Elastic Cloud, Elastic Email and others. All data from these services is encrypted in transit and, where possible, encrypted at rest.
  4. In line with industry best practice, user account passwords are encrypted.  The unencrypted password is not accessible to any member of the Legal Ready team.
  5. The software libraries used by the eBrief Ready platform are routinely checked for vulnerabilities as part of the application development and deployment process. A deployment of the platform is not able to proceed until any identified vulnerabilities have been rectified.
  6. All Legal Ready team members sign confidentiality agreements, and their access to the client data is limited to what is required for development or troubleshooting purposes only.
  7. Legal Ready has automated systems in place for error detection and reporting, as well as a robust system for the automated backup of critical user-provided data agreements.

These features collectively ensure that Legal Ready maintains a robust security posture, protecting both the platform and clients' information.

For more details, please refer to: