Security & Trust

Trust Centre

At MHSB, trust is the foundation of every client relationship. This page provides an overview of our security practices, compliance framework, and commitment to safeguarding the data entrusted to us.

Last updated: March 26, 2026

Security Overview

MHSB implements Lawmatics CRM for law firms, which means we routinely handle sensitive client data, firm operations information, and confidential business processes. We take this responsibility seriously. Our security program is designed to protect client information at every stage of our engagement, from initial discovery through ongoing support.

Security is not a one-time effort. We continuously evaluate and improve our practices to address evolving threats and maintain the confidence our clients place in us. Our approach is guided by the principles of confidentiality, integrity, and availability, ensuring that data is protected, accurate, and accessible when needed.

Data Handling Practices

We follow strict data handling practices to minimize risk and protect sensitive information throughout its lifecycle:

  • Data Minimization: We collect and retain only the data necessary to deliver our services. We do not store client data beyond the scope of the engagement unless required by a support agreement.
  • Encryption: Data in transit is protected using TLS encryption. Data at rest is encrypted using industry-standard encryption methods where applicable.
  • Secure Transfer: When transferring client data, such as during migrations, we use encrypted channels and secure file-sharing tools. We never transmit sensitive data via unencrypted email.
  • Data Segregation: Client data is logically separated to prevent unauthorized cross-access between engagements.
  • Secure Disposal: When client data is no longer needed, it is securely deleted using methods that prevent recovery, in accordance with our data retention policies.

Compliance Framework

MHSB's security and privacy practices are aligned with recognized standards and regulatory requirements relevant to our operations and our clients' industries:

  • SOC 2 Alignment: Our internal controls and processes are designed with SOC 2 Trust Service Criteria in mind, focusing on security, availability, and confidentiality.
  • GDPR: We support compliance with the General Data Protection Regulation for clients and contacts in the European Economic Area. For more details, see our GDPR page.
  • CCPA: We respect the privacy rights established by the California Consumer Privacy Act and handle personal information accordingly.
  • ABA Guidelines: As a company serving law firms, we are mindful of the American Bar Association's guidance on technology use and the duty of competence related to safeguarding client information.

We regularly review our practices against these frameworks and update our procedures as regulations evolve.

Infrastructure Security

Our infrastructure is designed to support secure, reliable service delivery:

  • Cloud Hosting: Our website and internal tools are hosted on reputable cloud infrastructure providers that maintain their own rigorous security certifications, including SOC 2 and ISO 27001.
  • Network Security: We employ firewalls, intrusion detection, and network segmentation to protect our systems from unauthorized access.
  • Endpoint Protection: All company devices are equipped with endpoint protection software, disk encryption, and automatic security updates.
  • Backup and Recovery: Critical data and configurations are backed up regularly. We maintain documented recovery procedures to minimize downtime in the event of a disruption.
  • Vulnerability Management: We conduct regular vulnerability assessments and apply patches and updates promptly to address identified risks.

Access Controls

We enforce strict access controls to ensure that only authorized individuals can access client data and internal systems:

  • Least-Privilege Access: Team members are granted only the minimum level of access required to perform their duties. Permissions are reviewed regularly and revoked promptly when no longer needed.
  • Multi-Factor Authentication: MFA is required for access to all critical systems, including client Lawmatics environments, email, and internal tools.
  • Role-Based Access: Access to client data is assigned based on role and engagement, ensuring that team members only see the information relevant to their work.
  • Session Management: Sessions are configured with appropriate timeouts and are terminated when no longer in use.
  • Onboarding and Offboarding: New team members undergo a structured onboarding process that includes security training and access provisioning. When a team member departs, all access is revoked immediately through a documented offboarding procedure.

Incident Response

Despite best efforts, security incidents can occur. MHSB maintains a documented incident response plan to ensure swift, effective action when needed:

  • Detection: We monitor systems and activity signals to identify potential security events as early as possible.
  • Containment: Upon identifying an incident, we immediately work to isolate affected systems and prevent further impact.
  • Assessment: We evaluate the scope and severity of the incident, determine what data may have been affected, and identify the root cause.
  • Notification: If client data is involved, we notify affected clients promptly and provide transparent updates throughout the resolution process. We also comply with any applicable legal notification requirements.
  • Remediation: We implement fixes to address the root cause and prevent recurrence.
  • Post-Incident Review: After resolution, we conduct a thorough review to document lessons learned and update our security practices accordingly.

Third-Party Risk Management

We carefully evaluate and manage the risks associated with third-party tools and service providers that are part of our service delivery:

  • Vendor Assessment: Before adopting a new tool or service, we review the vendor's security practices, certifications, and data handling policies.
  • Contractual Safeguards: We require appropriate data protection terms in our agreements with third-party providers, including confidentiality obligations and data processing agreements where applicable.
  • Ongoing Monitoring: We periodically review our third-party providers to ensure they continue to meet our security expectations.
  • Minimal Access: Third-party tools and vendors are granted only the access necessary to perform their function. We avoid granting broad or standing access to client data.

Key third-party platforms in our operations include Lawmatics (CRM platform), cloud hosting providers, and communication tools. Each is selected for its security posture and reliability.

Related Policies

For more detailed information about specific aspects of our security and privacy practices, please review the following policies:

  • Privacy Policy — How we collect, use, and protect personal information.
  • Security and Data Protection — Technical and operational details of our security program.
  • GDPR — Our commitment to GDPR compliance and data subject rights.
  • Cookies Policy — How we use cookies and similar technologies on our website.
  • Terms of Use — Terms governing the use of our website.

Contact Us

If you have questions about our security practices or would like to discuss your firm's specific requirements, contact us at info@mhsbsolutions.com or call (864) 448-6974. You can also reach us through our contact page.