The security of your legal related information is critical and we take that responsibility seriously.
As a company founded in part by Information Security and Computer Forensics professionals, BIA is serious about the way our solutions are built from an information security perspective. BIA has always been on the forefront of maintaining data in the most secure manner for legal and regulatory matters – that leadership continues today – whether our customers use BIA Services or our online product, TotalDiscovery.
Data Privacy and Encryption
All data is secured and encrypted, both at rest and during transit. All encryption uses open-source encrypting mechanisms and has been designed and implemented by information system security experts.
All information is secured using 256bit AES encryption
Cryptographic Key Management is via a trusted PKI system
ISO/IEC 27001, NIST SP800-53 and certain DoD Security Directives standards maintained
HIPAA, PCI and PII aware and compliant systems
All data is stored in systems maintained by BIA and housed in Tier 4 global hosting facilities
All data maintained within U.S. border
For international customers or projects, secure foreign data facilities available
BIA systems and processes meet or exceed E.U. and Asia consumer data protection regulations
SSL/TLS used for securing data in transit
Use of well-accepted Certificate Authority
No key-sharing between production and development systems
BIA corporate and operational systems segregated from customer production systems
Development Process and Change Control
BIA has been designing and building tools and software for managing legal related information in a defensible and cost-effective way for over a decade. Part of that success is because of the software development process and strict change control process we follow.
Hybrid Agile development process
All BIA developers are U.S. based and highly qualified with at least 5+ years of experience
Separate development and SDET teams and systems to ensure independent quality control
Iterative release cycle to ensure quick updates at a high quality
All new versions of BIA technology are staged and tested before release
Strict and well documented issue tracking and resolution process
Auditing and Tracking
Because everything we do may find itself as evidence in a legal matter or as part of a legal process, it’s critical that all actions and tasks are audited and tracked. Thus any user action within the TotalDiscovery application and all BIA personnel actions are monitored, tracked and logged for legal auditability purposes.
All systems and processes are audited annually as per IT standards (e.g., ISO, NIST)
All software development is performed and managed by BIA employees in our Seattle office
All BIA employees undergo strict background checks and are all US citizens or equivalent
Internal security audits and other process audits occur on a semi-annual basis
Formal reporting procedures used for incident tracking and escalation
Access Restriction and Control
Along with ensuring that data is kept private, it is important that all systems are secured from an access and control perspective. All BIA systems, including the BIA product, TotalDiscovery are tightly controlled in several ways to ensure only authorized access.
User/Role based user access management
All user access related information maintained in an encrypted database
Only authorized users can access their data
Customer approval required for BIA employees/contractors to access data
Chain-of-custody and ACL maintained for all data access processes
Strong password policies enforced
System time-out enforced for idle browser sessions
Access to TotalDiscovery and other BIA systems available via secure (HTTPS) browser sessions
Segregation of duties in-place to ensure hierarchical security paradigm
Documented security policy acceptance required as part of BIA employment
System Availability and Data Backup
It’s critical that all data and systems are accessible at all times from anywhere around the globe. Thus BIA has invested in the appropriate systems and processes to ensure high-availability to all customer data at all times.
All data is backed-up nightly and encrypted
Guaranteed 99.95% uptime of all systems and data
Hot/warm sites maintained for ensuring quick uptime after natural or other disasters
Backup and DR systems and processes tested on a frequent basis