Strengthening LegalOn’s Cloud Security Commitment with ISO 27001 and 27017

At LegalOn, we take the security of client data very seriously. LegalOn is SOC 2 Type II certified and implements best practices for data privacy that maintain compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

In addition, LegalOn is certified under ISO/IEC 27001:2022 and 27017:2015, the international standard for secure cloud services. These certifications reflect our continued investment in providing secure, reliable, and compliant cloud infrastructure for contract review and legal workflow tools.

What are ISO/IEC 27001 and 27017, and why do they matter?

ISO/IEC 27001 is a widely adopted international standard for applying risk management processes related to information security, cybersecurity, and privacy protection to organizations. 

ISO/IEC 27017 builds on these principles, but goes further. It offers cloud-specific guidance and controls tailored for modern cloud environments, addressing the unique risks and responsibilities that come with multi-tenant infrastructure, virtual machines, dynamic provisioning, and outsourced cloud management.  

Among other things, ISO 27017 helps ensure that cloud service providers and their customers clearly define and adhere to:

• Shared roles and responsibilities around information security in the cloud  
• Secure configuration and isolation of virtual environments, to prevent data leakage or cross-tenant access  
• Safe handling of cloud assets, including secure removal or return of assets when a customer relationship ends  
• Proper monitoring, logging, identity management, and operational controls for cloud-hosted data and infrastructure  

By certifying under ISO 27017, LegalOn demonstrates that we’ve implemented these cloud-specific safeguards, and not just general information-security policies.

What this means for LegalOn customers

ISO 27017 gives customers confidence that LegalOn’s cloud systems meet rigorous security standards. For anyone using LegalOn’s platform, this certification has several concrete benefits:

• Enhanced trust and credibility. You now have formal, third-party-audited assurance that LegalOn follows internationally recognized best practices for cloud security.
• Better protection for your data. Your documents, contracts, and sensitive legal data are stored, processed, and managed under controls designed for cloud environments — including encryption, isolation, access control, and secure deletion.
• Clear accountability and transparency. ISO 27017 clarifies what LegalOn is responsible for, which simplifies compliance, audits, and risk management on your end.
• Reduced risk & liability. By following best practices around virtual infrastructure and cloud operations, LegalOn helps minimize the likelihood of data breaches, misconfigurations, or other cloud-related incidents.

This certification adds cloud-specific rigor to the broader security framework we’ve maintained at LegalOn. By integrating ISO 27017 controls, we ensure our entire stack is configured for maximum security in a cloud world.

LegalOn’s additional security certifications

In addition to ISO/IEC 27001 and 27017 certifications, LegalOn is also SOC 2 Type II certified, demonstrating the effectiveness of our security controls. SOC 2 is a security and compliance standard developed by the American Institute of Certified Public Accountants to ensure organizations protect sensitive data from unauthorized access, security incidents, and other vulnerabilities.

LegalOn implements best practices for data privacy that maintain compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Learn more about LegalOn’s commitment to security and compliance and see why more than 7,500 organizations globally trust LegalOn to negotiate confidently and contract securely.

‍