Hemmat Law’s Security

Industry Leading Security

Setting the standard for legal practitioners.

HLG is the beneficiary of a full development and IT infrastructure team. Since our formation in 1994, we have never been the victim of a successful ransomware attack or large scale data breach. We have made this page to educate you about the steps we take to safeguard your confidentiality and private data from black hat cybercriminals.

Dedicated security team

Our dedicated security team brings decades years of combined cybersecurity experience at world-class organizations. Our security team is available 24x7x365 to respond to security incidents.

Staying on top of the latest in cybersecurity

We continuously monitor for potential vulnerabilities and review and update our code and systems configuration to ensure your data is always protected. Regular firmware, hardware, and software updates are mandatory.

Standardizing employee security protocols

HLG enforces a set of administrative, physical, and technical controls such as:

  • Office Access Policies
  • VPN Implementation
  • Password Manager Security
  • Two Factor Authentication for Internal Tools
  • Total Criminal Background Checks for Employees
  • Regular Security Audits
  • … And more

Meeting compliance requirements

Operating in accordance with GDPR legislation

Our CRM Clio is compliant with the terms found in the General Data Protection Regulation (GDPR) guidelines, meeting requirements as both a data controller and data processor. Have confidence knowing your team can collaborate internationally.

Operating in accordance with PCI legislation

Our payment processing system is compliant with all 50 state bar requirements, and is built to ensure all payments are PCI compliant, ensuring your payments are processing efficiently and safely.

SOC2 Compliance

Our technology vendors have completed attestation of SOC2 in accordance with International Standards on Assurance Engagements (ISAES). This further affirms HLG’s commitment to following industry recognized best practices. Our partner’s SOC2 report is available upon request.

Tested in the 21st Century

Regular security tests

Every year, Hemmat Law’s CRM infrastructure is reviewed by leading technology & cybersecurity experts that routinely test for vulnerabilities using the most advanced techniques available. Your data is crucially protected from bad actors.

Built with best practices, on state-of-the art infrastructure

In-transit and at-rest encryption

HLG applies in-transit and at-rest encryption using industry best practices (such as HTTPS and TLS) to ensure your life’s data is stored and transmitted securely.

Automatic backups and redundant servers

To ensure your account data always remains accessible, HLG performs regular automatic system backups and makes use of multi-redundancy for its infrastructure, hosted in AWS’s cloud.

Built with data residency (and physical security) in mind

HLG’s cloud server is hosted in Washington state. Our hosting facilities are audited annually for security certifications (such as SOC 2 and ISO27001) to ensure they employ advanced physical security measures such as biometrics, CCTV cameras, and 24×7 on-site security. We also implement power redundancy to ensure 100% uptime in the case of server center power failure.

Secure development practices

HLG demands high internal standards for code quality, mandatory code reviews, and constant internal security updates on complex technical decisions.

Implementing advanced product features and controls

Role-based permissions

Every HLG staffer is assigned specified permissions, so they can’t access private information that they do not need. Additionally, none of our team has access to more than 4 digits of your payment information, for maximum security.

Two-factor authentication

We verify every login attempt via a mobile device authenticator app, SMS, and email layering across multiple platforms and on our firm-computers directly.

Password policies

We enforce strong passwords by mandating use of Dropbox Password – protecting access ot all of our team’s platforms at all times.

Login safeguards

Should a team member fail a login too many times, their platform accounts or computer is locked for authentication until it can be examined.

Session/Activity tracking

We log every email ever sent by any of our team, and a full activity audit log is maintained across our CRM, ensuring that every action is tracked and reviewed for malfeasance.

Cybersecurity Insurance

Should all of our safeguards and failsafes not be sufficient, HLG maintains comprehensive cyber-liability insurance, ensuring we are prepared to make any client whole should the worst come to pass.

Schedule a no obligation case evaluation

Powered By