Shield

Information Security and Data Privacy

The security of your legal related information is critical and we take that responsibility seriously.

As a company founded in part by Information Security and Computer Forensics professionals, BIA is serious about the way our solutions are built from an information security perspective. BIA has always been on the forefront of maintaining data in the most secure manner for legal and regulatory matters – that leadership continues today – whether our customers use BIA Services or our online product, TotalDiscovery.


Data Privacy and Encryption

All data is secured and encrypted, both at rest and during transit. All encryption uses open-source encrypting mechanisms and has been designed and implemented by information system security experts.

  • All information is secured using 256bit AES encryption
  • Cryptographic Key Management is via a trusted PKI system
  • ISO/IEC 27001, NIST SP800-53 and certain DoD Security Directives standards maintained
  • HIPAA, PCI and PII aware and compliant systems
  • All data is stored in systems maintained by BIA and housed in Tier 4 global hosting facilities
  • All data maintained within U.S. border
  • For international customers or projects, secure foreign data facilities available
  • BIA systems and processes meet or exceed E.U. and Asia consumer data protection regulations
  • SSL/TLS used for securing data in transit
  • Use of well-accepted Certificate Authority
  • No key-sharing between production and development systems
  • BIA corporate and operational systems segregated from customer production systems

Development Process and Change Control

BIA has been designing and building tools and software for managing legal related information in a defensible and cost-effective way for over a decade. Part of that success is because of the software development process and strict change control process we follow.

  • Hybrid Agile development process
  • All BIA developers are U.S. based and highly qualified with at least 5+ years of experience
  • Separate development and SDET teams and systems to ensure independent quality control
  • Iterative release cycle to ensure quick updates at a high quality
  • All new versions of BIA technology are staged and tested before release
  • Strict and well documented issue tracking and resolution process

Auditing and Tracking

Because everything we do may find itself as evidence in a legal matter or as part of a legal process, it’s critical that all actions and tasks are audited and tracked. Thus any user action within the TotalDiscovery application and all BIA personnel actions are monitored, tracked and logged for legal auditability purposes.

  • All systems and processes are audited annually as per IT standards (e.g., ISO, NIST)
  • All software development is performed and managed by BIA employees in our Seattle office
  • All BIA employees undergo strict background checks and are all US citizens or equivalent
  • Internal security audits and other process audits occur on a semi-annual basis
  • Formal reporting procedures used for incident tracking and escalation

Access Restriction and Control

Along with ensuring that data is kept private, it is important that all systems are secured from an access and control perspective. All BIA systems, including the BIA product, TotalDiscovery are tightly controlled in several ways to ensure only authorized access.

  • User/Role based user access management
  • All user access related information maintained in an encrypted database
  • Only authorized users can access their data
  • Customer approval required for BIA employees/contractors to access data
  • Chain-of-custody and ACL maintained for all data access processes
  • Strong password policies enforced
  • System time-out enforced for idle browser sessions
  • Access to TotalDiscovery and other BIA systems available via secure (HTTPS) browser sessions
  • Segregation of duties in-place to ensure hierarchical security paradigm
  • Documented security policy acceptance required as part of BIA employment

System Availability and Data Backup

It’s critical that all data and systems are accessible at all times from anywhere around the globe. Thus BIA has invested in the appropriate systems and processes to ensure high-availability to all customer data at all times.

  • All data is backed-up nightly and encrypted
  • Guaranteed 99.95% uptime of all systems and data
  • Hot/warm sites maintained for ensuring quick uptime after natural or other disasters
  • Backup and DR systems and processes tested on a frequent basis