FAQs - Family Law Software

FAQs

Click on a question to see the answer.


Question: How do you keep the client data on your web site secure?

Answer: Family Law Software web data entry follows current best practices for secure communications, including the following:

  • All data files are maintained on our Amazon S3 cloud storage servers.

  • Access to our Web Sites and to our cloud storage servers at Amazon S3 have "in-transit" TLS protection. (TLS stands for "Transport Layer Security," and it is the current industry standard protocol for secure communication between PC and server, replacing legacy SSL protocols).

  • Every client user account is password protected and accessible only with e-mail and password.

  • Passwords must be of a secure nature (including both uppercase and lowercase letters, and numbers).

  • When files are uploading to and downloading from the desktop software to Cloud storage, or, when saving and retrieving from the web server to Cloud storage, we use Transport Layer Security (TLS). We use RSA 2048 bit (SHA256 with RSA) certificates.

  • Each client registers on our site and establishes his or her own password. This password is encrypted at the moment of creation and no one is ever able to view it. Passwords may not be viewed by anyone (not even by the people at Family Law Software).

  • Passwords may be changed only by someone who can log in to the client's email (GMail, Yahoo, MSN, etc.) corresponding to their user account.

  • Every client data file is internally encrypted by our software with AES 256 bit encryption.

  • When files are "at rest" on Amazon S3 servers, the files are encrypted a second time, again with AES 256 bit encryption and a second key.

  • We have removed from our data entry any fields asking for full social security number. We ask only for "last 4 digits." Attorneys who file forms that require full SSN now have to write that information by hand on their forms.

  • When a client file is transmitted to the professional, we make a copy of the file and store it in a location that is accessible only by that professional's firm, with the same security parameters that apply to clients (TLS, encryption, password protection, and so on).

  • Client's data and Professional's data are stored in separate locations on Amazon's S3 servers.

  • Clients are not able to create, delete, copy, download, email, send, or share their data file with anyone other than the Attorney or Professional who registered the client.

  • Data center: Amazon's data center.

  • Subcontractors: No subcontractors or third parties are working on the software.

  • Data Loss Security: All data stores are non-public and protected by AWS.

  • Intrusion detection and prevention: Provided by AWS.

  • PCI Data: No PCI data is entered into our system.


Policies that we have in place, copies of which are available upon request, include:

  • Acceptable Encryption Policy
  • Acceptable use policy
  • Asset management policy
  • Business continuity plan
  • Change management policy
  • Clean desk policy
  • Configuration management policy
  • Critical elements of information security program
  • Data breach response policy
  • Digital signature acceptance policy
  • Disaster recovery plan
  • End user encryption key protection policy
  • Ethics policyIncident response plan
  • Information security program
  • Mobile device policy
  • Nondisclosure agreement policy
  • Pandemic response planning policy
  • Password construction guidelines
  • Password protection policy
  • Physical security policy
  • Privacy policy
  • Removable media policy
  • Risk management policy
  • Security response plan policy
  • Software development policy