Secure Contract Review AI: LegalOn Achieves SOC 2 Type II Compliance

At LegalOn, we take the security of client data very seriously, and we’re excited to share our new SOC 2 Type II certification. For our clients, this means peace of mind. This certification follows a rigorous, third-party audit, and validates the strong protections we’ve designed to secure client data. 

What is SOC 2 and what does it mean for LegalOn users?

SOC 2 is an auditing procedure developed by the American Institute of Certified Public Accountants (AICPA), which ensures that organizations like LegalOn manage your data with the highest standard of security and compliance. Unlike one-time evaluations, the SOC 2 Type II audit assesses the effectiveness of a company's controls over time, providing a more comprehensive overview of its security practices. 

An organization with SOC certification undergoes an audit by an independent entity that scrutinizes the measures and procedures it employs for securely storing, managing, and transferring data. Our audit was conducted by Prescient Assurance. 

These standards consist of a set of criteria aimed at evaluating the effectiveness of how service organizations, like SaaS providers, manage their information. They are intended to reassure users about the security, availability, and confidentiality of their data when engaging with third-party vendors, ensuring these vendors meet specific requirements to achieve certification.

Knowing that LegalOn adheres to high security and confidentiality standards, our users can trust us with their workflows. It reflects our proactive approach to data protection and our commitment to operational excellence.

Our approach to security

We know that contracts are among our customers’ most sensitive business documents. That’s why security is our top priority. Here's how we keep your contracts and data secure:

• External Audit and Certifications: We’re committed to not only meet, but exceed, established data security best practices. Our SOC 2 certification and compliance with data protection standards such as GDPR are testament to this.
• Infrastructure Security & Encryption: LegalOn is hosted in the US on Amazon Web Services (AWS) and Google Cloud Platform (GCP), which provide state-of-the-art physical data center security and environmental controls. Sensitive data is encrypted both in rest and in transit over public networks.
• Data Privacy: Data is kept secure and confidential through rigorous technical safeguards and security measures, including segregated environments for each customer account and strict access controls.
• Platform and Network Security: LegalOn conducts annual penetration testing and regular vulnerability testing to proactively detect and remediate vulnerabilities. 

Click here to learn more about LegalOn’s commitment to security and compliance, and see why 4,500 organizations globally trust LegalOn to negotiate confidently and contract securely.