Audit and Certification

FromCounsel is fully ISO/IEC 27001:2022 certified. ISO 27001 is considered to be the 'gold standard' internationally for information security management systems (ISMS).

To ensure the compliance and constant improvement of the ISMS, we regularly undergo independent external audits.

We are proud that our ISO 27001 conformity demonstrates that we have an ISMS in place to manage risks related to the security of the data we manage, which respects all best practices and principles of the International Standard.

ISO 27001 promotes a holistic approach to information security: people, policies and technology. Our ISMS is implemented as a tool for risk management, cyber-resilience and operational excellence.

ISO Logo

Application Security

Our applications are developed with security built into every stage of the software development lifecycle (SDLC).

  • Secure Coding Practices: Developers follow OWASP guidelines and undergo security training.
  • Automated Testing: Code is scanned for vulnerabilities before deployment.

 

Organisational Security

Security is a shared responsibility across our entire organisation.

  • Access Controls: Employees have role-based access, following the principle of least privilege.
  • Security Awareness Training: Regular training ensures employees remain alert to threats like phishing and social engineering.

 

Architectural Security

Our platform is built on a secure and resilient architecture.

  • Segmentation: Critical systems are isolated to limit risk.
  • Redundancy and Failover: Designed for high availability and disaster recovery.
  • Threat Modelling: We evaluate potential risks at the design stage to prevent vulnerabilities.

 

Data Encryption

We protect data both in transit and at rest using strong encryption standards.

  • In Transit: TLS 1.2+ encrypts all network communications.
  • At Rest: AES-256 is used to protect stored data.
  • Key Management: Encryption keys are managed securely and rotated regularly.

 

Network Security

We employ multiple layers of defence to protect our network infrastructure.

  • Firewalls and Intrusion Detection: Prevent, detect, and respond to unauthorised access attempts.
  • DDoS Protection: Mitigation systems ensure service availability.
  • Network Monitoring: Continuous monitoring detects suspicious activity in real time.
Data security-2

Your Security is our Commitment

We believe that trust is earned through transparency and proactive protection. Our teams continually adapt our defences to emerging threats, ensuring that your data remains secure with FromCounsel.