Legisys supports audit logs (metadata only, no content) and a Workspaces query history (including content).
Legisys employs rigorous security measures to ensure the confidentiality, the integrity, and the availability of customer data.
All of our employees use phishing-resistant multi-factor authentication (where feasible) and identities are centrally managed.
We follow the principle of ‘Least Privilege’ and only grant users the minimum number of permissions required.
Legisys supports SAML 2.0 for Single Sign-On. Please contact us for setup instructions.
Legisys includes team management features that allow for granular control over what each user can access and perform within the application.
All customer data and content is securely deleted within 30 days of contract termination or upon request.
Data is encrypted at-rest using AES 256 encryption.
We use TLS 1.2 or TLS 1.3 to encrypt data in-transit.
All our cloud providers have their servers within the EU.
We are 100% cloud-based and we use Microsoft Azure and Google Cloud Platform as cloud providers. Their data centers offer best in class physical security protocols.
We rotate encryption keys and important secret keys at least annually and utilize hardware security modules to safeguard critical encryption keys. Legisys logically separates encryption keys from customer data.
Our networks are segmented and utilize firewalls at strategic positions. We also utilize Web Application Firewalls (WAFs).
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are used to monitor for and prevent unauthorized access to the Legisys network.
Legisys maintains a Zero Trust network architecture. That architecture is used to protect our organization’s resources by using a combination of signals, such as IP addresses, multi-factor authentication, user behavior, and more to determine whether a user should be allowed access to an application or a server.
Legisys uses widely trusted NTP servers, such as those operated by NIST.
Formal business continuity procedures are developed and documented by Legisys. The purpose of these procedures is to prepare the organization in the event of service outages caused by factors beyond our control, and to restore services to the widest extent possible in a minimum time frame. The policy is reviewed and updated periodically to reflect relevant organizational changes, threats, risks, laws, regulations, and contractual requirements. The policy is also tested on an annual basis to ensure its effectiveness and alignment with our business objectives.
Legisys has deployed a solution to protect against denial of service attacks.
Provider of cloud infrastructure
Provider of cloud infrastructure, MLOps services and infrastructure management
AI service provider
