Information Security at Fenwick

We understand that we need to keep our clients’ confidential information confidential. We have built systems that are secure, encrypted and monitored, working with outside security professionals in their design.

Our information security system includes:

  • Constant monitoring of all servers and network equipment with an intrusion detection system, including a vulnerability assessment/scanning appliance and host-based intrusion prevention agents, six layers of virus protection and two layers of anti-spam protection
  • Software on all firm computers that provides real time automated firewall, anti-spam and anti-virus protection, including regular patch updates via automated patch management systems
  • Dedicated IT Security team led by an experienced Chief Security Officer, who reports to the firm’s senior management
  • Rigorous security systems testing performed twice a year by outside consultants and auditors
  • Ongoing security training for all attorneys and staff
  • Easy-to-apply encryption for all email communications to and from clients
  • Firm end-user computer and server storage is encrypted at rest
  • Encrypted, secure extranets for sharing matter files with clients and third parties
  • 2-factor authentication required for remote access by lawyers, staff and vendors
  • Active participation in several IT security information sharing organizations, including InfraGard, FS-ISAC/LS-ISAO and LegalSec
  • All client information is stored in a continuously monitored computer data center with electronic access control, 24-hour video monitoring and on-site security

Fenwick has been awarded information security certification under the prestigious ISO 27001:2013 standard, the world’s highest accreditation for information protection and security.

The leading security rating service currently assigns Fenwick one of the highest security ratings in the legal industry, which also places Fenwick’s security approach and performance in the top 10% of all businesses globally.

Fenwick’s Approach to Keeping Information Secure

Our systems and controls cover our physical and virtual handling of confidential client information, including records management, electronic communications, forensic data collection and analysis, IT data handling, and IT physical and virtual security. We have also designed specific protocols for our work in geographic regions around the world where security issues carry greater risk and unpredictability.

Our systems and controls cover our physical and virtual handling of confidential client information, including records management, electronic communications, forensic data collection and analysis, IT data handling, and IT physical and virtual security. We have also designed specific protocols for our work in geographic regions around the world where security issues carry greater risk and unpredictability.

Our formal business continuity and network security plans cover normal operating parameters as well as emergency response procedures. We conduct drills on our business continuity plan and computer incident response plan. Our security team and network teams meet regularly to review security procedures, patch status and security protocols for all computers on the firm’s network.

Our data continuity protocols also feature the following:

  • All users are trained to keep firm data on server-based systems so client information is captured and maintained through our multi-layer, disk-based back-up system
  • Real-time failover for server systems and Internet connections
  • Service Level Agreements (SLAs) that provide for no more than a minimal number of hours of data entry loss in the event of a disaster
  • All business critical data is simultaneously stored in two different physical locations with multiple levels of backup at a secure, managed, off-site data storage facility
  • Continuous data backup to an offsite facility—used by some of the largest high-tech companies in the world—which means firm data and client information is available via VPN in the event of a disaster

Our formal business continuity and network security plans cover normal operating parameters as well as emergency response procedures. We conduct drills on our business continuity plan and computer incident response plan. Our security team and network teams meet regularly to review security procedures, patch status and security protocols for all computers on the firm’s network.

Our data continuity protocols also feature the following:

  • All users are trained to keep firm data on server-based systems so client information is captured and maintained through our multi-layer, disk-based back-up system
  • Real-time failover for server systems and Internet connections
  • Service Level Agreements (SLAs) that provide for no more than a minimal number of hours of data entry loss in the event of a disaster
  • All business critical data is simultaneously stored in two different physical locations with multiple levels of backup at a secure, managed, off-site data storage facility
  • Continuous data backup to an offsite facility—used by some of the largest high-tech companies in the world—which means firm data and client information is available via VPN in the event of a disaster

We have invested heavily in technology to protect our clients’ information and have assembled a team of IT professionals that are not only leaders among law firms, but leaders in their field. Members of our IT staff are regular speakers at national and international security and records management conferences, and the firm and our IT staff have won numerous awards for their innovative approach to IT infrastructure.

We have invested heavily in technology to protect our clients’ information and have assembled a team of IT professionals that are not only leaders among law firms, but leaders in their field. Members of our IT staff are regular speakers at national and international security and records management conferences, and the firm and our IT staff have won numerous awards for their innovative approach to IT infrastructure.

Our Information Security team meets regularly with our clients’ legal and IT teams to ensure best practices. Contact our Chief Security Officer Kevin Moore at (650) 428-4455 or kmoore@fenwick.com to learn how we can help ensure your information is secure, wherever it resides.​​​​​​​​​​​​​​

Our Information Security team meets regularly with our clients’ legal and IT teams to ensure best practices. Contact our Chief Security Officer Kevin Moore at (650) 428-4455 or kmoore@fenwick.com to learn how we can help ensure your information is secure, wherever it resides.​​​​​​​​​​​​​​