Security

Filevine's dedicated compliance team conducts audits year-round to assess our company's security program effectiveness and to vet trusted partners. Audits include HIPAA, CJIS and ISO 27001 security controls in addition to NIST 800-53 controls. 

Filevine utilizes industry-recognized security experts to annually test the Filevine platform to ensure our websites, web applications, APIs, and related services are safe and secure.

Filevine endeavors to comply with state, federal, and international privacy requirements. Filevine has appointed a Data Privacy/Data Protection Officer (DPO) to lead privacy efforts. Filevine has also established a Privacy Program including privacy by design initiatives.

Filevine utilizes best-in-class enterprise grade vulnerability management tools to continuously detect code defects, missing patches, misconfiguration, and other system vulnerabilities.

Filevine provides ongoing security awareness training to its workforce to keep pace with evolving cyber threats. We have implemented a best-in-class security awareness training platform, awareness programs, and monthly phishing campaigns for our employees.

Filevine's Security Team members hold numerous industry-recognized security certifications for cloud, network, and wireless security, penetration testing, auditing, privacy, security program development, project management, compliance, and other related disciplines.

Filevine’s AWS infrastructure automatically backs up client data. These backups are redundant and performed in multiple availability zones and data centers in multiple AWS regions at least every 15 minutes. To provide an added layer of security, backup data is encrypted using AES 256 (which is FIPS 140-2 compliant) to protect it at rest.

A fire, flood or ransomware event can damage files or servers and may lead to lost productivity and billables. Regardless of what happens to your physical office, with an internet connection, you should be able to access your Filevine files and operate your practice remotely.

Filevine’s Security Team performs Incident Response (IR) and Security Operations Center (SOC) functions to identify and quickly respond to security incidents often preventing them from becoming serious security threats.

Filevine performs third-party vendor risk assessments whenever Filevine contracts with a third party. This process includes input from business stakeholders from the Legal, Finance, and Information Security teams. Vendor and supplier risk is managed with a best-in-class third-party risk management platform as well as using industry-standard security questionnaires, audit report reviews, and in-depth technical interviews.

Filevine products and services are built on best-in-class cloud environments leveraging the security and stability of AWS (security and compliance), GCP (security and compliance), and Microsoft Azure (security and compliance).

Filevine encrypts customer data in transit and at rest. Filevine uses the AWS Key Management Service (KMS) to create and manage cryptographic keys for Filevine. AWS KMS is a secure and resilient service that uses hardware security modules that have been validated as FIPS 140-2 compliant. More information here.

Filevine administrative accounts utilize 2FA to provide an additional level of authentication, dramatically reducing the risk of hacking and data theft. 2FA is a combination of something you know, such as a password, and something you have, such as a soft token, hard token, or some other one-time password (OTP) technology such as Google authenticator.

RBAC allows Filevine administrators and firm administrators to easily manage access to their confidential information. Access is granted or restricted based on predefined job roles inside the organization. If an individual changes roles, their access changes as well. This makes it easier to authenticate, authorize, and audit access to systems and case data.

Filevine uses web application firewalls (WAF) and distributed denial of service (DDoS) protection to keep the platform safe and available.

Learn more about these services here AWS WAF and here AWS Shield