Skip to Content

IDS • Cyber Security


1. Introduction

This Cybersecurity Policy outlines the approach of IDS • Legal Technology Services (IDS) to safeguarding information assets and systems from cyber threats. It complements our Business Continuity Plan (BCP) and ensures proactive protection of client data, systems and services. The policy provides a framework for secure operations, regulatory compliance and the continual availability of mission-critical services.

2. Objectives

  • Protect IDS's digital assets, systems and networks from unauthorised access, disclosure, alteration and destruction.
  • Ensure confidentiality, integrity and availability of data and infrastructure.
  • Prevent, detect and respond to cyber incidents in a timely and effective manner.
  • Promote awareness and accountability among staff regarding cybersecurity practices.
  • Meet applicable regulatory and contractual requirements, including GDPR, CCPA, AML/KYC obligations.

3. Scope

This policy applies to all IDS employees, contractors and third-party service providers who access or manage IDS systems, infrastructure, or data. It covers:

  • Internal systems (e.g., servers, endpoints, networks)
  • Software platforms (e.g., Clio, Odoo, Microsoft, SmartSearch, etc.)
  • Cloud-hosted services and infrastructure
  • Client and partner data assets

4. Governance and Responsibilities

  • Cybersecurity Oversight: The Incident Response Team, under the leadership of the IT Lead and Legal/Compliance Lead, governs cybersecurity oversight.
  • Staff Responsibilities: All staff must adhere to this policy and attend mandatory training.
  • IT Team Responsibilities: Implement and maintain technical safeguards, conduct audits, manage system access, and monitor threats.

5. Security Measures

5.1 Access Control

  • Role-based access controls (RBAC) applied across systems.
  • Multi-factor authentication (MFA) required for cloud platforms and administrative access.
  • Periodic access reviews conducted every quarter.

5.2 Data Protection

  • All data is encrypted at rest and in transit using industry-standard encryption protocols.
  • Daily automated cloud backups with geographically redundant storage.
  • Backup retention period: 30 days; full recovery tested quarterly.

5.3 Network Security

  • Firewall, intrusion detection/prevention systems (IDS/IPS), and endpoint protection implemented.
  • VPN required for remote access to internal systems.
  • Secure network segmentation enforced between internal systems and public-facing applications.

5.4 Software Security and Patching

  • All systems are patched monthly or as urgent updates are released.
  • Penetration tests and vulnerability scans conducted biannually.
  • Only approved software and plugins are allowed.

5.5 Vendor and Third-Party Risk Management

  • Vendors must meet minimum cybersecurity requirements.
  • Contracts with vendors include data protection and breach notification clauses.
  • Vendor risk assessments conducted annually.

6. Incident Response

  • Cybersecurity incidents will be handled in accordance with the BCP Incident Response section.
  • Real-time threat monitoring with alerting protocols in place.
  • Immediate isolation of compromised systems.
  • Post-incident review and root cause analysis performed after each incident.

7. Staff Training and Awareness

  • All staff undergo annual cybersecurity training.
  • Phishing simulations and awareness campaigns conducted quarterly.
  • Employees are required to report suspicious activities immediately.

8. Compliance and Legal Requirements

  • IDS complies with GDPR, CCPA, and applicable national data protection laws.
  • Sector-specific compliance standards (e.g., AML/KYC for legal compliance systems) are monitored by the Legal/Compliance Lead.
  • Data subject requests are managed via automated workflows to ensure timely response.

9. Monitoring and Review

  • The Cybersecurity Policy is reviewed biannually and updated as necessary.
  • Audits of security controls are conducted annually by internal or external assessors.
  • Compliance reports are reviewed by senior management and shared with stakeholders as required.

10. Enforcement

Any breach of this policy may result in disciplinary action up to and including termination of employment or contract. IDS reserves the right to take legal action against parties that compromise the organisation’s security posture.

Approved by: Giorgi Kvetenadze, CEO

Last Reviewed: 15/06/2025

Next Review Due: 15/06/2027