Digital WarRoom Security Information

security

Security is our top priority. When you join the Digital WarRoom family, we will work tirelessly to keep your trust and protect your valuable client data. Listed below are descriptions of our facilities and protocols which we have perfected over our 20 years of industry experience.

 

Digital WarRoom Hosting Centers

  • DWR owns and manages its servers and infrastructure
  • Our machines are hosted in a US based Colo facility, in a locked cage with biometric physical access
  • Transfer data to your remote virtual environment via our in-house secure data transfer tool (DWR Xfer), or ship us a drive
  • No Third Parties: Client data cannot be accessed by third parties or subcontractors like AWS or Azure
  • Our facility abides by a wide range of data center security standards
    • ISO 27001/27002
    • ISO 9001
    • SOC1/SOC2/SSAE16/ISAE 3402
    • Payment Card Industry (PCI-DSS)
    • Federal Information Security Management Act (FISMA)
  • Our network security system is built out using primarily Cisco Equipment, including the firewall, running in a Microsoft environment

 

Strict Permissions and Limited Access Points

  • Our strict physical access controls and network security give our customers peace of mind with the knowledge that we proactively safeguard their consumer information
  • Required two-factor authentication (2FA) to protect against account takeover
  • Digital WarRoom professionals cannot access your data without direct permission from an authorized customer admin (The only time a consultant would ever access your data is to provide matter specific training or conduct agreed-upon professional services)
  • Permission groups available for each user within a Private Cloud environment to restrict access to the Secure Data Transfer folder
  • Digital WarRoom issues all credentials and manages all permissions
  • “Data at rest” encryption on disk available where required

 

Virus Monitoring and Breach Protocols

  • DWR has multiple monitoring tools that will notify our security team immediately of suspicious activity
  • Malware security software will detect and prevent viruses within your DWR environment
  • Well established, independently audited disaster recovery and breach protocols are in place for instant response
  • Per agreement, DWR will promptly notify customers in the unlikely event of any unauthorized disclosure of customer data

 

Data Backup

  • We employ fully redundant data arrays with high reliability configurations
  • Data is backed up onto separate media every night
  • All databases and work product are backed up on independent, fault tolerant media

 

Archive and Deletion policies

  • Matter completion: at any time, a client can request an archive on external media
  • External media will be sent to and controlled by the DWR customer
  • Data on backup is retained for 30 days after matter closeout unless we are instructed otherwise (30 day window to recover from a mistake)

 

Digital WarRoom Contractual Security Obligations

  • Digital WarRoom is able to offer the strongest contractual security obligations of all cloud eDiscovery vendors due to our internally managed hosting facilities
  • DWR warrants to Customer that DWR will use commercially reasonable efforts to ensure that DWR technology contains no computer virus, Trojan horse, worm, or other similar malicious code

 

Other eDiscovery Vendors That Host With AWS Or Azure Offer Poor Contractual Security Obligations

  • eDiscovery vendors who use AWS or Azure cannot be indemnified and therefore cannot contractually guarantee any level of security
  • Example competitor vendor contract: “The company does not represent or warrant the use of the company services will be secure.”