Hemmat Law’s Security
Industry Leading Security
Setting the standard for legal practitioners.
HLG is the beneficiary of a full development and IT infrastructure team. Since our formation in 1994, we have never been the victim of a successful ransomware attack or large scale data breach. We have made this page to educate you about the steps we take to safeguard your confidentiality and private data from black hat cybercriminals.
Dedicated security team
Our dedicated security team brings decades years of combined cybersecurity experience at world-class organizations. Our security team is available 24x7x365 to respond to security incidents.
Staying on top of the latest in cybersecurity
We continuously monitor for potential vulnerabilities and review and update our code and systems configuration to ensure your data is always protected. Regular firmware, hardware, and software updates are mandatory.
Standardizing employee security protocols
HLG enforces a set of administrative, physical, and technical controls such as:
- Office Access Policies
- VPN Implementation
- Password Manager Security
- Two Factor Authentication for Internal Tools
- Total Criminal Background Checks for Employees
- Regular Security Audits
- … And more
Meeting compliance requirements
Operating in accordance with GDPR legislation
Our CRM Clio is compliant with the terms found in the General Data Protection Regulation (GDPR) guidelines, meeting requirements as both a data controller and data processor. Have confidence knowing your team can collaborate internationally.
Operating in accordance with PCI legislation
Our payment processing system is compliant with all 50 state bar requirements, and is built to ensure all payments are PCI compliant, ensuring your payments are processing efficiently and safely.
SOC2 Compliance
Our technology vendors have completed attestation of SOC2 in accordance with International Standards on Assurance Engagements (ISAES). This further affirms HLG’s commitment to following industry recognized best practices. Our partner’s SOC2 report is available upon request.
Tested in the 21st Century
Regular security tests
Every year, Hemmat Law’s CRM infrastructure is reviewed by leading technology & cybersecurity experts that routinely test for vulnerabilities using the most advanced techniques available. Your data is crucially protected from bad actors.
Built with best practices, on state-of-the art infrastructure
In-transit and at-rest encryption
HLG applies in-transit and at-rest encryption using industry best practices (such as HTTPS and TLS) to ensure your life’s data is stored and transmitted securely.
Automatic backups and redundant servers
To ensure your account data always remains accessible, HLG performs regular automatic system backups and makes use of multi-redundancy for its infrastructure, hosted in AWS’s cloud.
Built with data residency (and physical security) in mind
HLG’s cloud server is hosted in Washington state. Our hosting facilities are audited annually for security certifications (such as SOC 2 and ISO27001) to ensure they employ advanced physical security measures such as biometrics, CCTV cameras, and 24×7 on-site security. We also implement power redundancy to ensure 100% uptime in the case of server center power failure.
Secure development practices
HLG demands high internal standards for code quality, mandatory code reviews, and constant internal security updates on complex technical decisions.
Implementing advanced product features and controls
Role-based permissions
Every HLG staffer is assigned specified permissions, so they can’t access private information that they do not need. Additionally, none of our team has access to more than 4 digits of your payment information, for maximum security.
Two-factor authentication
We verify every login attempt via a mobile device authenticator app, SMS, and email layering across multiple platforms and on our firm-computers directly.
Password policies
We enforce strong passwords by mandating use of Dropbox Password – protecting access ot all of our team’s platforms at all times.
Login safeguards
Should a team member fail a login too many times, their platform accounts or computer is locked for authentication until it can be examined.
Session/Activity tracking
We log every email ever sent by any of our team, and a full activity audit log is maintained across our CRM, ensuring that every action is tracked and reviewed for malfeasance.
Cybersecurity Insurance
Should all of our safeguards and failsafes not be sufficient, HLG maintains comprehensive cyber-liability insurance, ensuring we are prepared to make any client whole should the worst come to pass.
If you would like to know more about The Hemmat Law Group, or legal case norms, visit our Knowledge Center pages for more information.
