At Spectrum Legal Support Services, we are concerned about your privacy and the security of your work order data. Below are the measures we take to ensure your data is safe:
Our work order forms and all uploaded documents use TLS 1.2/SSL encryption and is always accessed over HTTPS 100% of the time for all users.
Our work order forms are hosted securely on the Microsoft Azure cloud platform, which is PCI (DSS) Level 1 compliant.
Background access to the production environment is limited to select operations security staff, requiring two-factor authentication to deploy updates or access a secure system for troubleshooting.
Our client data is carefully segregated at the lowest architectural level in order to ensure that data for one client cannot be accessed by another.
We use Stripe, to process our client's payment or for credit card processing so that secure payment information is never transmitted or stored by Spectrum Legal Support Services. We also take measures to prevent stealing of this information.
Our work order forms architecture is unique and highly specialized for massive scale while maintaining data isolation. It does not use transitional databases and is not vulnerable to SQL injection attacks.
Production access credentials for storage and encryption tokens used to encrypt sensitive client's data are stored in an Azure credential store and are not stored within our own environment.
All text data stored by our work order forms are sanitized to prevent JavaScript injection attacks, which someone might attempt to leverage by submitting JavaScript as entry data to maliciously access other entry data by compromising our client's browsers while managing entries.
Sensitive data, such as Social Security numbers and other personally identifiable information, is encrypted at rest using 256-bit AES encryption. It is also protected so that it is never emailed or otherwise transmitted in an insecure way. Our entry field's are also encrypted and/or protected, including uploaded files.
