# Reviewing Our People & Process Security ### Summary Review the **vLex security policy** for our people and processes. This guide explains our robust **legal tech access control** framework, our formal change management procedures, and our prepared **Vincent incident response** plan, ensuring your data is protected by more than just technology. ### Why This is Important A world-class security program goes beyond firewalls and encryption. It requires mature, documented, and audited processes managed by trained professionals. This article provides transparency into our operational security, giving you the confidence that your data is protected by a comprehensive framework of policies and human oversight. ### Our Operational Security Framework Our operational security is built on three key pillars: strict access control, disciplined change management, and a prepared incident response. #### 1. Access Control & Personnel Security We adhere to the principle of "least privilege" to ensure that access to customer data is strictly limited and controlled. * **Role-Based Access Control (RBAC):** Access to all systems is granted based on an employee's specific role and responsibilities. Team members can only access the information and tools absolutely necessary to perform their jobs. * **Mandatory Multi-Factor Authentication (MFA):** All employees and contractors are required to use MFA for any remote access to production systems, adding a critical layer of security. * **Security Training & Confidentiality:** All employees undergo regular security awareness training and are bound by strict confidentiality agreements. We have documented disciplinary procedures for any violation of our security policies. * **Background Checks:** We perform background checks on all employees in alignment with local labor laws before they are granted access to any sensitive systems. #### 2. Formal Change Management All changes to our production systems follow a formal, documented process to ensure stability and security. * **Review and Approval:** Any change that could impact the service or customer data must be formally reviewed and approved by a Change Advisory Board before implementation. * **Testing in Isolation:** All changes are first deployed and rigorously tested in a separate, non-production environment. This includes user acceptance testing, regression testing, and security testing to ensure changes are safe and effective. * **Documentation:** We document all approved changes and their potential security impacts to maintain a clear and auditable history of our system's evolution. #### 3. Incident Response & Communication We have a documented Incident Response program to ensure we can address any potential security event quickly and effectively. * **24/7 Monitoring:** We use active security monitoring tools across our systems to detect and alert our team to any unusual or unauthorized activity. * **Documented Plan:** Our Incident Response Plan includes predefined roles, responsibilities, and procedures to rapidly identify, contain, and remediate any security incident. * **Clear Communication:** We have a formal process to ensure that customers are notified in a timely manner of any changes or incidents that may impact their service. {% hint style="info" %} **Our Commitment to Transparency:** For more detailed documentation on our policies, including our Information Security Policy and our Business Continuity Plan, please visit our official [vLex Trust Center](https://trust.vlex.com/). {% endhint %} ### Related Articles * [Viewing Vincent coverage by jurisdiction](/vincent-by-vlex/vincent/getting-started-with-vincent/viewing-vincent-coverage-by-jurisdiction.md) * [Integrating your firm's data with Vincent](/vincent-by-vlex/vincent/core-workflows/integrating-your-firms-data-with-vincent.md) **What's Your Next Step?** | **New to Vincent?** | **Already a Vincent Customer?** | | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | | [See how Vincent can transform your practice. **Request a personalized demo**.](https://vlex.com/book-a-demo?utm_source=website\&utm_medium=organic\&utm_campaign=web_trial_homepage\&campaign_id=4270741) | [If you still have questions or need help with a specific feature, our team is here to assist. **Contact our Support team**.](https://vlex.com/contact-us) | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://support.vlex.com/vincent-by-vlex/vincent/security-privacy-and-compliance/reviewing-our-people-and-process-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.