Canada-based legal AI pioneer, Kira Systems, has completed its SOC2 Type II reporting certification to help remove any fears customers may have over data security.
The move underlines just how seriously legal AI companies take data security, especially given that many are handling not just law firm clients’ data in general – but often M&A deal details involving public companies that are worth millions of dollars to crafty hackers looking to conduct illicit trades on the stock market. Not to mention the fact that a major data breach by a legal AI company would likely spell its rapid demise.
Hence….this stuff really matters and firms will often put an AI company through the wringer to get all the assurances they need, especially where cloud services are involved, i.e. all that lovely data is going out of the firm and being processed by the AI company.
Kira Systems announced a SOC2 Type I (initial) certification in October 2017, and the achievement of Type II indicates ‘confidence from auditors that controls are being applied consistently and on an ongoing basis’, said the company.
It is ‘a testament to Kira Systems’ commitment to maintaining stringent and effective operation controls and processes for the security, availability and confidentiality of its customer services and systems’ they added.
The independent security audit of Kira Systems was conducted by Richter LLP, one of the largest independent consulting firms in Canada.
And for those of you who want to know what this means: ‘A SOC2 Type II Certification consists of a rigorous examination by an independent accounting and auditing firm of Kira Systems’ internal control policies, practices, procedures and operations over a specified period of time (at least 6 months).
‘Attaining this high-level certification ensures Kira Systems meets the stringent requirements set forth by the American Institute of CPAs and the Canadian Institute CPAs to protect the confidentiality and security of the information analyzed by Kira.’
Michael Raw, VP Technology at Kira Systems, said: ‘Ensuring data security and confidentiality for our customers is one of our highest priorities here at Kira Systems. With our SOC2 Type II certification, we can continue to demonstrate to our customers our commitment to the highest level of security practices and how Kira Systems can be trusted to adhere to meticulous compliance standards internally.’
And it’s worth pointing out that as the battle for market share among the now many legal AI doc review companies heats up, security will clearly be marketed as a competitive advantage.
Do the clients understand the difference between the quite complex and varied security standards and what that means in real terms for data security? Some will, and some may not. But, given that in most cases a law firm’s tendency is to maximise risk reduction, then having the best possible security standards is not going to hurt.