Global ediscovery Client Data Security. Managed technology for the global legal profession

Transcription

1 Global ediscovery Client Data Security Managed technology for the global legal profession

2 Epiq Systems is a global leader in providing fully integrated technology products and services for ediscovery and document review. We handle some of our clients most sensitive data, and help you achieve your objectives while maintaining the highest levels of information assurance. Epiq brings value, expertise and service excellence to every matter, from start to finish. We take a holistic approach to operational risk by ensuring data security on multiple levels, and offering the most secure ediscovery and document review data hosting for cases anywhere in the world. Managed technology for the global legal profession 2

3 Creating Epiq Value Highly secure, geographically dispersed data centers that meet or exceed Tier III standards reduce exposure to risk Secure management of electronically stored information protects assets World-class architecture and redundant equipment provide high availability The highest levels of availability mean you can meet important deadlines A full-time, professionally certified information security team means peace of mind 3

4 Global ediscovery associate security All Epiq associates receive information security awareness training annually, and must read and acknowledge information security and acceptable-use policies detailing their roles in protecting critical information assets. All associates are vetted through extensive preemployment screening, background checks and in-person interviews, including: Complete background checks in all countries, including social security number or equivalent validation and trace Criminal conviction search Employment and professional reference verifications Education level confirmation Prohibited parties database review (including OFAC, terrorist watch list and sex offender registry) Preemployment drug screening, credit and driving record checks for select positions 4

5 client data security access controls To protect clients, employees, and client data, we utilize multiple levels of access control procedures. Physical security controls include biometrics, card keys, security cameras, professional supervision and 24/7/365 security personnel with military and law enforcement backgrounds. And, security personnel are full-time data center employees, never outsourced to third-party providers. Access and service levels are monitored, managed and revoked immediately where appropriate. And we employ multiple levels of database and application controls. Unique IDs and passwords System lockouts after three invalid login attempts Mandatory 90-day password churn Password complexity rules, including 15-character minimum and three out of four character sets, ensure password cracking is extremely difficult Default system accounts and access methods are disabled or renamed Remote network access is authorized only through a VPN connection with two-factor authentication on company assets Rigorous, audited and security-minded procedures for on- and offboarding of clients and associates including Prompt access removal upon user termination Immediate company asset collection Constant monitoring of access removal and service levels Emergency, immediate-removal processes in place Nonpublic personal information transmission encryption 5

6 Global ediscovery System and Network Security Controls To ensure client data is protected, Epiq employs numerous layers of workstation protection. Controls include but are not limited to: Endpoint encryption Host-based intrusion detection at all endpoints and firewalls to prohibit unexpected intruders Endpoint policy compliance auditing and reporting 24/7/365 advanced endpoint monitoring, which continually sweeps for potential security concern indicators so scanning can begin within hours of new threat detections Application control and whitelisting solutions prevent unauthorized application executions Advanced data loss prevention protection including logging and auditing, and removable media control to prevent information removal Advanced malware prevention, detection and remediation 6

7 client data security Incident Response and Monitoring Epiq s leading security event information management (SEIM) and logging solutions integrate security logs from: Firewalls Logins Security devices Retains information for a minimum of one year Dedicated professional security staff conducts daily reviews of suspicious activity and responds to SEIM alerts 24/7/365 Third-party monitoring service ensures round-the-clock scalable coverage for security event monitoring and incident response 7

8 Global ediscovery epiq security reference architecture Dedicated Firewall Security Logging & Analysis Vulnerability Assessment Intrusion Prevention/Detection System Flexible Authentication Web Application Firewall Web DMZ Intrusion Prevention/Detection System Network Segmentation & Monitoring Application Servers Database Clusters Shared Services High Performance SAN & Replicated Disk Backup 8

9 client data security Dedicated high-availability firewalls are the first line of defense for critical infrastructure. Intrusion detection and prevention enable rapid response to potential threats, minimizing the risk of data loss or compromise. Vulnerability assessments guard against potential system weaknesses. Support for multi-factor and risk-based authentication prior to exposing applications ensures only authorized users gain access to sensitive systems. Web application firewalls enable rapid mitigation of threats such as SQL Injection, XML-RPC and other Web-based attacks. Network segmentation ensures only valid data paths are used and activity is monitored for potential threats inside the protected environment. High-performance storage area networks supporting encryption at rest and encrypted disk-based backups are geographically dispersed to ensure data is secured and available. Daily review of global threat intelligence subscriptions ensures risk mitigation. 9

10 Global ediscovery Common Controls Endpoint protection suite including host-based intrusion and anomaly detection Continuous vulnerability, configuration, compliance monitoring and reporting Advanced correlation, monitoring and response of security events 24/7/365 MSSP advanced threat detection and incident handling Advanced Capabilities Advanced multi-factor authentication solutions available Encryption at rest solutions available Multiple-threat intelligence feeds and DDOS protections Replicated disk-based backup solution Data Centers Highly secure data centers on five continents SSAE 16 SOC II Meet or exceed Tier III standards Multi-factor access controls, including biometrics 10

11 client data security epiq data centers Hong kong Kansas City Las Vegas London Shanghai Tokyo Toronto epiq locations Chicago Dallas Hong Kong Kansas City London Los Angeles Miami New York Phoenix tokyo toronto Washington, D.C. 11

12 usa +44 (0) UK +(852) HK