Security

We use 256 SSL technology to secure all data transferred between your computer and our servers. SSL protocol is the web standard for encrypting communications between users and web sites to prevent eavesdropping and tampering with any transmitted data. SSL certificates also provide non-forgeable proof of a web site's identity. When sending data between our servers and other locations for processing or delivery we use an SSL connection. If we use an FTP connection, we encrypt files before transfer.

Fully scalable, the Modus virtual environment ensures that we can push and pull data as fast as it can be provided to us. Our total storage capacity is completely scalable to whatever capacity we require at any given time.

User Account Security

Authorized users are given a secure login name and password to connect to their cases. After login, users see only their assigned cases. Password resets are sent only to the registered email address of the user. All data transfers concerning case documents are encrypted.

Our operational facility in Washington DC is used for all data processing. All equipment has redundant power with redundant fiber connections through dual path ports and redundant routers with automatic failover. Firewalls, bandwidth monitoring, VLAN monitoring, security patches, and virus protection are all part of our general maintenance and our power system is manually tested on a regular basis. Modus servers are maintained in full redundancy from power supplies to RAID 5’s, and we also stream replication data to 10 TB NAS devices at our VA data center.

We maintain two primary off-site locations as part of contingency planning and backup data is stored offsite, where we house all our network diagrams, policies/procedures, network schedules, etc. We maintain multiple internet service providers in the event of an outage.

We maintain our client data on web-connected servers on multiple hosted servers. This means we are serving our hosted legal document repository services 'in the cloud'. We host from Tier-1 data centers combining more than 20 x 10 GBPs connections to create one of the industry’s fastest networks. Our centers also maintain redundant power, premium network connectivity, fire suppression, security and advanced monitoring systems. Our network is operational 24 hours a day, 7 days a week, and 365 days a year.

The facility uses an IP connectivity solution that provides direct access via an online portal to the industry’s top bandwidth providers with no bandwidth minimums. The robust power infrastructure has the highest level of reliability, providing a minimum N+1 redundancy.

Uninterruptible power supply systems prevent power spikes, surges, and brownouts while redundant backup diesel generators provide additional fuel to keep the data center powered up in the event that public utility fails. The entire electrical system has built-in redundancy to ensure continuous operation.

Fire detection and suppression systems limit the potential for damage in the event of a fire. Structural systems at the data center meet or exceed seismic design requirements of local building codes for lateral seismic design forces.

Equipment and nonstructural components, including cabinets, are anchored and braced. There is a redundant and robust HVAC system to provide stable air flow, temperature and humidity for equipment operation. All major equipment in the HVAC system is designed with a minimum of N+1 redundancy and back-up generators provide additional protection.

Guaranteeing Business:

The data center uses the latest in virtualization and storage replication technologies to keep the DR and production data centers in sync and provide the ability to execute the disaster recovery plan from start to finish in minutes. By leveraging site-to-site near real-time data replication, Modus ensures robust disaster recovery and business continuity for our customers.

The Modus DR plan is tested once a year overall and as often as deemed necessary for key components of our infrastructure, such as email. We use server virtualization as a practical and effective means to achieve disaster recovery.

In the event of a significant disaster, whereby all systems and/or power redundancy in the Center fail and a recovery is not expected within a reasonable timeframe, the following disaster recovery steps will be taken: Modus will expedite servers, storage arrays and communications lines to adequately address the customer’s requirements.

Upon successful completion of repairs to failed items, Modus will then begin to restore the system to its normal operation. As part of the standard restoration process, the staff will ensure that all data that had been processed via the backup site will also be available.

Physical security features of our data centers include:

• Data centers are physically isolated from everyone but authorized technicians
• Public access is forbidden to data centers
• Proximity access cards restrict entry into each datacenter
• Redundant access check points
• Electronic logging of entry and exit
• 24/7 security camera surveillance from the network operating center (NOC) and 24/7 security guards
• Dual firewall protection including packet filtering capability to address attacks
• Unnecessary server ports closed
• Servers stripped to needed software only to limit vulnerabilities
• Direct server access filtered to specified IP addresses
• Ongoing operating system patches applied and anti-virus scanning on a regular basis
• Continuous system watch and network monitoring

The safety measures start with access control and without an authorized access badge no one can enter the building. All employees have an access badge with a personal authorization profile with which they can only get access to the rooms where they need to be for their work. Our access control policy includes role-based access to all resources (applications, OS, network devices, etc.) with usernames that combine alpha characters, numbers and symbols and accounts are disabled after a certain number of unsuccessful login attempts. We also perform frequent reviews of access rights to systems, applications and network devices.

ISO certification

The data center is ISO 27001 and ISO 9001 certified. The ISO 27001 certification concerns the whole business process of a company. Some of the issues that are assessed are the company s assets, the physical safety, access control and continuity. ISO 9001 is a standard that describes the demands for a company’s quality management system. Thanks to the extensive possibilities and flexibility, Modus can fully comply with international standards for quality, security and service.

Modus has information security policies and procedures in place that are communicated to staff, have provisions for disciplinary actions for noncompliance and are reviewed annually. Employees are required to sign an agreement that requires non-disclosure and preservation of confidentiality after standard background that includes criminal checks, references and drug screening.

Active data is stored in our operational facility in Washington DC for instant accessibility and after 90 days inactive data is compressed and encrypted onto backup tapes. Backup data is held securely for a further three months, until we receive a request from the customer to return or destroy the data.

Confidentiality/NDA Commitments

We understand that all communications between us and a client regarding a case are intended to be confidential and may also include protected attorney work product and attorney client information. We agree to not disclose any information we receive from a client to any persons other than those a client designates, subject to court order.

Attorney Ethical Standards in Using Litigation Support Services

The American Bar Association in Formal Opinion 08-451 stated that it supports as ethical and as potentially in the clients best interests; the outsourcing of legal document management and other litigation support activities. It also states that non-legal support providers may be able to bring a degree of expertise to a representation that an attorney would have a hard time duplicating, at least at a reasonable cost. This opinion also goes on to say that the outsourcing lawyer conduct his activities with legal knowledge, skill, thoroughness and that he retains supervisory control of any outsourcing arrangements. We support and adhere to this standard.