LEAP Information Security Policy

LEAP Legal Software

Cloud Infrastructure

The LEAP cloud infrastructure is maintained by the industry leading cloud platform provider, Amazon Web Services (AWS), in multiple unmarked facilities within the United States.

The terms of agreement between LEAP & AWS are here: aws.amazon.com/agreement

AWS has achieved a substantial amount of certification and compliance in industry standards, which recognize best practices in Information Security.

For a full listing of AWS certification and compliance, visit aws.amazon.com/compliance

Security Controls

LEAP utilizes multiple layers of security controls (software, physical and process based) to protect our client data. This includes, but not limited to:

  • Local & Network Firewalls
  • Web Application Firewalls
  • Intrusion Detection & Prevention Systems
  • Multi-vendor Anti-Virus
  • Application White Listing
  • DDoS Throttling Services
  • Access Control Lists
  • Security Patch Management
  • ITIL Framework (release/incident/change)
  • Identity and Access Management
  • Centralized Log Management
  • Symmetric and Asymmetric Encryption systems
  • Two-factor Authentication
  • Secure Code Reviews
  • Separation of Duties
  • Data Loss Prevention
  • Vulnerability Assessment
  • Anomaly Detection
  • Externally Commissioned Penetration Testing
  • Externally Commissioned Audits
  • Remote Monitoring & Alerting

Data Encryption

Each LEAP application is accessed via HTTPS using Transport Layer Security (TLS). TLS is a cryptographic protocol designed to protect information transmitted over the internet, against eavesdropping, tampering, and message forgery.

Once client data reaches the LEAP cloud infrastructure, all information is then encrypted at rest, using AES-256, military grade encryption. This is done to protect client information in the event the LEAP server is compromised by an authorized party.

Employee Vetting

All LEAP staff who have direct access to our cloud infrastructure must go through an extensive vetting process, which includes background checks, to ensure only bona fide team members are selected to look after our core platform.

Service Availability

LEAP has been designed to be a highly available, active-active solution. LEAP services are split over multiple AWS data centers within the United States. In the event of one data center going offline in a disaster scenario, the second data center continues to serve data with minimal, if any, service interruption.

The LEAP service is designed to scale up as more clients use it at peak times, and then scale down at low times. This scaling allows LEAP to mitigate external attacks trying to flood our system resources.

Data Ownership

The data contained in LEAP remains the property of the licensed subscriber. If the subscriber ends their agreement with LEAP, LEAP will retain the data for a minimum of seven (7) years, before having it destroyed.

At any time during the post-active subscription, seven (7) year period, a subscription can be reactivated to gain access to the client data.

Backup Policy

LEAP servers are backed up multiple times daily, weekly and monthly.

System Monitoring

LEAP is monitored 24 hours a day, 7 days a week, 365 days a year.

Found a Vulnerability?

At LEAP, we strive to have the most secure solution we can. If you believe you’ve found a security vulnerability in our platform, please let us know at secure@leap.com.au.

Report a Data Breach

If you believe LEAP client information has become publicly available, outside of LEAP, please contact us immediately at secure@leap.com.au for validation.

LEAP has a duty of care of our clients' data. If a data breach occurs, we must notify affected clients immediately.

Everything you need to run a law firm.

Book your free demonstration today.