Data Security at Fenwick & West
We understand that we need to keep our clients’ confidential information confidential. We have built systems that are secure, encrypted and monitored, working with outside security professionals in their design.
Our data security system includes:
- Constant monitoring of all servers and network equipment with an intrusion detection system, including a vulnerability assessment/scanning appliance and host-based intrusion prevention agents, six layers of virus protection and two layers of anti-spam protection
- Software on all firm computers that provides real time automated firewall, anti-spam and anti-virus protection, including regular patch updates via automated patch management systems
- Dedicated IT Security team led by an experienced Chief Security Officer, who reports to the firm’s senior management
- Rigorous security systems testing performed twice a year by outside consultants and auditors
- Ongoing security training for all attorneys and staff
- Easy-to-apply encryption for all email communications to and from clients
- Firm end-user computer and server storage is encrypted at rest
- Encrypted, secure extranets for sharing matter files with clients and third parties
- 2-factor authentication required for remote access by lawyers, staff and vendors
- Active participation in several IT security information sharing organizations, including InfraGard, FS-ISAC/LS-ISAO and LegalSec
- All client data is stored in a continuously monitored computer data center with electronic access control, 24-hour video monitoring and on-site security
Fenwick’s Approach to Keeping Data Secure
Comprehensive and global protection
Our systems and controls cover our physical and virtual handling of confidential client information, including records management, electronic communications, forensic data collection and analysis, IT data handling, and IT physical and virtual security. We have also designed specific protocols for our work in geographic regions around the world where security issues carry greater risk and unpredictability.
A focus on business continuity and disaster recovery planning
Our formal business continuity and network security plans cover normal operating parameters as well as emergency response procedures. We conduct drills on our business continuity plan and computer incident response plan. Our security team and network teams meet regularly to review security procedures, patch status and security protocols for all computers on the firm’s network.
Our data continuity protocols also feature the following:
- All users are trained to keep firm data on server-based systems so client information is captured and maintained through our multi-layer, disk-based back-up system
- Real-time failover for server systems and Internet connections
- Service Level Agreements (SLAs) that provide for no more than a minimal number of hours of data entry loss in the event of a disaster
- All business critical data is simultaneously stored in two different physical locations with multiple levels of backup at a secure, managed, off-site data storage facility
- Continuous data backup to an offsite facility—used by some of the largest high-tech companies in the world—which means firm data and client information is available via VPN in the event of a disaster
A nationally recognized team of IT professionals
We have invested heavily in technology to protect our clients’ information and have assembled a team of IT professionals that are not only leaders among law firms, but leaders in their field. Members of our IT staff are regular speakers at national and international security and records management conferences, and the firm and our IT staff have won numerous awards for their innovative approach to IT infrastructure.
Our Data Security team meets regularly with our clients’ legal and IT teams to ensure best practices in data security. Contact our Chief Security Officer Kevin Moore at (650) 428-4455 or email@example.com to learn how we can help ensure your data is secure, wherever it resides.