Send your emails in Gmail™ to your Matters, Cases, Contracts
Our security team covers multiple areas, including product security, which is responsible for our products and services, Marketplace and Apps. Our security team is also responsible for determining and responding to any security breaches. Lexzur security also covers security requirements for our products and services, and applications. We provide training to our employees on working securely.
Lexzur keeps track of information assets through production systems which are in the Cloud.
Our change management process is very agile. Changes to code or infrastructure are reviewed and any adverse consequences are discussed. The number of reviews will depend on the nature of the change, critical or not. Our highly qualified engineers will flag any potential issues before a change is made. If a change poses too big a risk, the status quo will remain in place.
We have ensured that business continues as usual in the event of disruptions. Lexzur has plans for disruptions to ensure that our customers experience minimal outfall. Various activities are in place to meet our business continuity and disaster recovery objectives, including resiliency measures, testing and recording improvements.
Lexzur monitors metrics to pick up on potential problems as soon as possible. Alerts notify our engineers when there is a supposed threat. Our disaster recovery tests cover our processes and systems. Test results are captured and analyzed. We conduct business impact assessments yearly.
When creating a support request through our Service Desk, our Customer Support & Operations team will respond within the Service Level Agreement (SLA) detailed in the table below.
We aim to satisfy customer requests within the same business day, to guarantee a high quality of service. We will use reasonable measures to provide support in accordance with the SLA. We will not, however, be responsible for any delays caused by the customer for reasons beyond our control.
Our Customer Support & Operations team is available from 04:00 to 20:00 GMT, Sunday through Friday (i.e. all weekdays except Saturday). Our support agents are constantly monitoring the Customer Portal and the support channels to maintain the priority of our customers, especially when it comes to critical incidents.
Clients can request support through one of the following channels:
Submitting a ticket on the Customer Portal through the Service Desk (signup is required for new customers)
Sending an email to: [email protected]
Type of Request | Priority | Definition | First Time to response | Time to Work-around by Remote Access | Time to Final Resolution by Remote Access |
Incident / Bug | Critical | Your application is degraded. Users aren’t able to perform their job function, and no workarounds are available. | 20 Minutes | 6 Hours | 2 Business Days |
High | A feature is unavailable, application performance is significantly degraded, or users job functions are impaired. | 4 Hours | 2 Business Days | 5 Business Days | |
Medium | The application or specific feature isn’t working as expected, but there is a workaround available. Users’ experience is impacted, but their job function is not impaired. | 4 Hours | 3 Business Days | 20 Business Days | |
Low | Typically, smaller paper cuts such as cosmetic errors, or non-critical functionality not behaving as expected. | 4 Hours | 5 Business Days | 20 Business Days |
Help with troubleshooting problems
Answering support requests related to Lexzur modules and licensing from both technical and functional perspectives
Bug fixing, executing of minor patches remotely on client servers in order to fix Lexzur bugs or getting automatically the fixes when on-cloud
Access to upgrades and new Lexzur versions for Lexzur on-server
Support and maintenance of Lexzur on client premises unless the client purchases on-site man-days
Development requests, including custom code development or support for non-certified third party software
Lexzur on-server, database integrity or server’s/networks performance issues, including tuning and technical optimization
Lexzur on-server, servers and hardware issues not directly related to Lexzur
Client network topology or environment issues
Backups and restore
The backups of Lexzur are done on a regular basis. The backups are done in a timeframe where there is minimal activity on the servers. The backups are a full backup of all the data.
Hosting Provider Backup: the backup of the whole image of the infrastructure server that is holding the customer application.
Manual Backups: regular backups that are done on the server level, which is a more detailed backup of the files and folders of the Application and should act as another backup plan in case the first backup failed to restore.
Our recovery time objectives and recovery point objectives attempt to strike a balance between a few factors, including cost, benefits and risk.
Backup Restoration Tests are periodically conducted to test whether the Backup and Restoration process is working properly. The Sanity Checks of the backups are conducted on local/cloud machines and are done every month after the latest backup is taken.
At Lexzur, we conduct at least 2 yearly security checks on our platform using the most cutting-edge methods available. These tests are conducted by an independent security consultant company.
Lexzur has geographic redundancy in place. This means that we have multiple servers backing up the client data. We backup customers’ data from when they start using Lexzur. In the unlikely event of a server failure or loss, this means that your data will still be accessible to you.
Lexzur adopts a secure development lifecycle approach throughout the different stages of the development. Lexzur secure SDLC involves security testing into the existing development process. This includes writing security requirements alongside functional requirements and performing risk analysis during the design phase of the SDLC.
Lexzur follows development best practices in order to cater to the highest security standards. The below standards and procedures are followed in Lexzur SDLC:
OWASP Top 10 best practices for web applications
Data & Input Validation
Data & Input Sanitization
Peer-To-Peer Code Review
Security training and awareness
Lexzur provides security training sessions for developers, architects, and QA. The focus is on secure design principles, security issues, web security, and encryption.
Lexzur offers hosting options On Cloud (Microsoft Azure UK) – Private SaaS – On Premise. Read more about Microsoft Azure security Trust your cloud | Microsoft Azure
Lexzur uses bank-grade TLS/SSL (Secure Sockets Layer) 256-bit encryption, which protects the data in transit. Any customer data in Lexzur cloud products is encrypted to protect it from unauthorized access. Our implementation of TLS enforces the use of strong ciphers and key-lengths where supported by the browser.
Data drives on servers holding customer data in Lexzur products use full disk encryption, using industry-standard AES-256 algorithm.
Providers of SSL certificates assure the identity of the website you are visiting by checking references and researching the company before the certificate is awarded.
These SSL certificates are used every time you send data between your computer and the hosting server of a website to ensure the identity of the company or entity you are visiting. Once the website is verified by this certificate, an initial connection is made.
During this initial connection, both connections agree to an encryption protocol. This is used to establish a secure connection between the two computers – this is the SSL itself. The data is scrambled in transit in order to protect your information, making it difficult for anyone in the middle to intercept and collect your confidential information.
Lexzur stores passwords using Bcrypt hashing with Salt and utilizes the password strength guidelines to evaluate whether a new password is legitimate.
Login protection will allow up to 3 failed login attempts after which the account will be suspended.
To preserve your privacy and the security of your information, SSL encryption is used to secure all sensitive connections, including those involving credit cards.
Your credentials are shielded from outside sniffing by Lexzur Mobile App’s use of Access Tokens to authenticate with the Core Application.
When adding a new user to your Lexzur account, account permissions are a crucial factor to consider.
It is important to consider how the responsibilities people perform, in your firm or organization, relate to your account with Lexzur.
The Groups feature lets you classify different user types into specific categories or groups. The groupings may be “Partners,” “Attorneys,” “Paralegals,” or “Assistants” for various businesses.
Through Lexzur security settings, you can view which IP addresses your users are using to get into your Lexzur account.
For debugging reasons, Lexzur’s user audit login collects user email, login date, result, IP address, and other data.
We understand that tenant separation is fundamental, therefore we take action to ensure that the data of one customer does not interfere with the data of another customer. We achieve tenant isolation by providing 2 levels of segregation: 1st level, each client has his own database and credentials; 2nd level, every client has his own attachment path.
Lexzur takes every reasonable measure and precaution to protect and secure your personal data. We have dedicated procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction. We have several layers of security measures in place. In no particular order, they follow below.
Customer data is never accessed without direct consent. We understand the importance of treating customer data with absolute privacy. Throughout Lexzur, employees are trained in the importance of handing customer data with the greatest care. Without the client’s consent, the Lexzur Team does not have access to the client’s cloud-based data.
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you.
Lexzur may use Personal Data for the following purposes:
Lexzur will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and only use your Personal Data to the extent necessary to comply with our legal obligations. Lexzur has an obligation to delete customer data 90 days after termination of the subscription regardless of the reason for termination. Lexzur will not store any customer data after such time.
Lexzur is committed to protecting our customers data by ensuring that we are fully compliant with the General Data Protection Regulation (GDPR) and its privacy regulations.
The intention of the GDPR is to ensure that individuals have control over how their personal data us used. Articles 5 of the GDPR sets out the spirit of the legislation. It states that data should be processed with consent of the data subject in a transparent manner. Whenever you share your data with Lexzur, we remain accountable to you for how it is used. We ensure that your personal data receives adequate protection and safeguards, and that it is not accessed or shared without your consent. It also states that data must be collected and used for the purposes given, and only data that is needed should be collected. Lexzur will only use your personal data needed for the purposes set out herein. The GDPR also states that data should be maintained for accuracy and deleted where it is no longer relevant. Lexzur will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and only use your Personal Data to the extent necessary to comply with our legal obligations. Further it states that data should be stored in a way that preserves its integrity and confidentiality. Lexzur takes numerous steps to ensure that our products and services are encrypted and protected to ensure the integrity of your data.
Lexzur has an appointed Data Protection Officer
A gap analysis of all our business processes has been performed where personal data is held or collected
We are continuously improving our privacy policy on our website to incorporate our GDPR compliance
Lexzur has mechanisms to identify potential data breaches where necessary as soon as is reasonably practicable
Lexzur provides training to all our employees and raises awareness of GDPR and its importance to business
Lexzur provides hosting choices. Private SaaS – On-premises – On Cloud (Microsoft Azure UK). The hosting facilities used by Lexzur are inspected yearly for security certifications (such SOC 2 and ISO 27001) to make sure they use cutting-edge physical security features like biometrics, CCTV cameras, and round-the-clock on-site security.
Our hosting provider is SOC 1, SOC 2, SOC 3 and ISO 27001 certified, which ensures that internal controls are in place and effective. For more information refer to https://docs.microsoft.com/en-us/compliance/regulatory/offering-soc-2