Data Security and Our Legal Tracking Software



Legal Tracker is committed to our clients’ complete and unquestionable security. We have the track record, best practices, certifications, and audits to prove it.

A focus on data security


  • Legal Tracker is the first and only legal matter management and e-billing provider to be SOC 2 Type II and SOC 3 audited. This review is an independent confirmation of the quality and effectiveness of our overall practices in safeguarding the data of our law department customers.
  • Legal Tracker subscribes to the principle of defense-in-depth. The network is protected on several levels through the combined use of firewalls, multiple layered networks, authentication requirements, intrusion detection systems (IDS), and encryption.
  • Annual third party vulnerability threat assessments are performed on both the network and application
  • To ensure against co-mingling of client data, Tracker provisions each client into physically separated databases and file structures. Data stored in the databases is encrypted at-rest to further protect customer data against loss.
  • Tracker has partnered with state-of-the-art colocation facilities in Seattle and Chicago to provide primary and disaster recovery sites. Both facilities are SOC 2-audited for their physical and environmental controls.
  • Tracker uses a multi-phased approach to enable the recovery of customer data in the event of a disaster
  • Tracker delivered 99.9% uptime in the preceding 12 months

Data residency options

  • Legal Tracker provides options for organizations with data residency or data sovereignty requirements stipulating the specific country or region where their public cloud data must reside. Today, Legal Tracker clients can select from data centers in the United States, Canada, or the United Kingdom.
  • The Canadian instance of Legal Tracker is hosted in Microsoft® Azure® regions located in Canada. Microsoft Azure has received an impressive set of certifications and attestations, including but not limited to ISO 27001, SOC 2, FedRamp, FISMA, Canadian Privacy Laws and more. For a full listing, visit this page  and filter on “Azure” under “compliance by service.” Additionally, Thomson Reuters Vendor Assurance Management has reviewed the Azure security controls to ensure they are in alignment with the Thomson Reuters information security policies.
  • The United Kingdom instance of Legal Tracker is hosted in Thomson Reuters-owned data centers located in the United Kingdom. These data centers maintain an ISO 27001 certification.
  • Regardless of where your data is hosted, your experience within Legal Tracker will be identical.