Plexus Gateway IT Security

Security Overview

Plexus is the world’s most advanced Legal Automation Platform helping organisations around the globe increase productivity, reduce workloads and simply their legal processes. We are dedicated to safeguarding your personal and company data, and as our top priority is to ensure the availability and integrity of your data, we continue to invest in the security of our services to exceed industry standards.

Information Security Governance Committee (ISGC)

The ISGC actively support security at Plexus through clear direction and demonstrated commitment. The ISGC who provide security leadership and guidance is a cross functional team including, but not limited to, our; Chief Operating Officer, Chief Technology Officer, Head of Product and Software Engineers.

ISO 27001

Plexus is certified as compliant with ISO/IEC 27001:2013 which is globally recognized as the premier information security management system (ISMS) standard. Plexus achieved and maintains certification by developing and implementing a robust security management program, including a comprehensive Information Security Management System (ISMS).

Your Data Is Secure

Application Security Process

An in-depth Security Application Lifecycle process is fully integrated into Plexus’ Software Development Lifecycle, including ongoing security review of architecture, design features, and solutions; and code review for security weaknesses, vulnerabilities, and code quality. Third-party security testing of Plexus Gateway is performed by independent and reputable security consulting firms. Findings from each assessment are reviewed with assessors, risk-ranked, and assigned to the responsible team for immediate resolution. Gateway’s SaaS services are based on proven and secure Open Source solutions and customer applications.

User Authentication

Each user in Gateway has a unique, password-protected account with a verified email address. Our authentication platform also has in build brute-force protection and scans for known breached passwords.

For additional security measures we offer the following authentication features:

• Two-factor authentication via your mobile device;
• Delegated authentication via a customer’s single sign on or identity and authorization provider (Active Directory, etc)
• Alternate Identity Authentication using trusted providers such as Google, Microsoft, and Salesforce.

The Plexus Support Team is always happy to assist in discussing any additional user authentication approaches you may wish to use.

Data Encryption

Plexus encrypts all data that goes between you and our platform using industry-standard TLS (Transport Layer Security). Your data is also encrypted at rest when it is stored on our servers using AES-256 block-level storage encryption.

Network Protection

Plexus employs a “defence in depth” approach to protecting our systems and your data. Multiple layers of security controls protect access to and within our environment, including firewalls, intrusion detection systems and network segregation. Plexus security services are configured, monitored and maintained according to industry best practice.

In addition, all incoming network requests are processed through Cloudfare’s web application firewall (WAF) and DDOS protection platforms.

To ensure the integrity of our system is maintained, all documents uploaded to the platform are scanned for virus and malware infection before being accepted into the platform.

Secure Data Centres

Plexus’ partners with Amazon Web Services (AWS) to provide our cloud hosted environments. AWS provides industry leading enterprise grade secure data centre environments. For further details please refer to https://aws.amazon.com/compliance/data-center/data-centers/

Regular Updates and Patch Management

Ongoing internal network security audits and scanning gives us an overview for quick identification of impacted systems and services. According to our in-house patch management policy, operating systems, software, frameworks, and libraries used in Wrike infrastructure are updated to the latest versions on a regular basis. Whenever a vulnerability in a product used by plexus or a high or critical vulnerability is publicly reported, prompt actions are taken to mitigate any potential risks for our customers — we apply hotfixes and patches promptly when available and/or implement pro-active mechanisms like configuration of firewalls or IDS/IPS.

Need-to-Know and Least Privilege

Only a limited set of employees have access to Gateway and the data stored in our databases. There are strict security policies for employee access, all security events are logged and monitored, and our authentication methods and data are strictly regulated. We limit access to customer data to employees with a job-related need and require all these staff members to sign a confidentiality agreement. Accessing customer data is only done on an as-needed basis, and only when approved by the customer (i.e. as part of a support incident), or under authorization from senior management and security for the purposes of providing support, maintenance, or improving service quality.

Always Available

Uptime Over 99.9%

Plexus Gateway has designed and built our platform to ensure scalability and availability, consistently meeting or exceeding a 99.9% uptime, ensuring customers can always access the Platform when needed without interruption.

Continuous Data Backup

Plexus Gateway data backup model provides real-time database backup whereby customer data is backed up continuously to allow for recovery to any point in the previous seven days. Backups are stored remotely from the source system and are encrypted using AES-256 block-level storage encryption.

Disaster recovery and readiness

Plexus has a comprehensive and regularly tested disaster recovery process to ensure in the event of a catastrophe your environment will still be available.

Constant updates and innovation

Plexus is constantly enhancing our product offering, delivering new features and improvements. Updates are delivered frequently, with the majority of being delivered without interruptions to our service.

Further Information

If you have any further security questions or concerns, please contact us at [email protected], and they will provide you with additional security artefacts.

LAST REVIEWED: JULY 2023