Legal AI pioneer, Kira Systems, announced today that the company has completed its SOC2, Type 1 reporting certification ‘attesting to the security of Kira and providing customers with assurance about the security, availability, and confidentiality of the systems used to process their data’.
Now, while some may be not that surprised by the news that a company that handles very, very sensitive data about corporate M&A transactions is super secure and that its cloud-based services are compliant with global security protocols, the reality is that law firms really do care about this one. So, this could prove to be a valuable BD aspect in terms of proof of security.
In fact, if there is one question, other than ‘Is an AI tech vendor liable for a cock-up?’, that exercises lawyers when dealing with AI companies it is the issue of cloud security.
In which case, getting a nice, bona fide stamp of approval from a reputable assessor will be an important step in Kira Systems’ discussions with any client that may be on the paranoid side of cautious.
The independent audit was conducted by Richter LLP, which is described as ‘one of the largest and most recognised independent consulting firms in Canada’.
Kira Systems goes on to underline the importance of this security ‘clean bill of health’.
‘As more organisations adopt cloud-based technology, third-party certifications provide assurances that the service providers are well-equipped, from management policies to technical competency, to be trusted with handling secure information,’ they say.
‘Designed from the ground up with security in mind, Kira has been trusted on hundreds of billions of dollars of transactions, both small and large, to identify critical information hidden in unstructured contract data,’ the Toronto-based AI company added.
Michael Raw, Vice President of Technology at Kira Systems, concluded: ‘Customers trust us with the security and confidentiality of their data. This is a responsibility we take very seriously. We are incredibly pleased that, with our SOC2 certification, we can provide our customers with assurance and visibility into the extensive procedures we have implemented to ensure their information is safeguarded.’
But, one big question remains. What does an SOC2 report cover? Artificial Lawyer scoured Google and found this definition on Onlinetech.com, which says:
What does a SOC 2 report measure?
- Security – Physical and logical protection against unauthorized access.
- Availability – The system is operationally available for use as committed or agreed.
- Processing Integrity – System processing is complete, accurate, timely and authorized.
- Confidentiality – All information is classified and protected as committed or agreed.
- Privacy – Personal information is collected, used, retained and transferred as committed or agreed.
(Many thanks to OnlineTech.com for the useful info.)