Secure Entity Management Software | Industry Leading Security | MinuteBox Cloud Entity Management

MinuteBox Security

MinuteBox is more than
Software as a Service

MinuteBox is Security as a Service.
We create the most secure legal technology on the planet.

Data
Security
Data
Integrity
Data
Accessibility
Beyond
Data
closed lock

Legal technology deserves to be more secure. So we invented it.

At MinuteBox, our philosophy is to build tools and services that exceed industry standards and expectations. To us, security means keeping your data secure and accessible.

Read the MinuteBox
Security White Paper
circles connected by dotted lines

Not all tools are created equal.

We don’t cut corners. Some legal technology companies are okay paying lip service to security. Not us. When we talk about security, we mean much more than preventing unauthorized users from accessing your data. To us, security also means that you can access your data when and where you need it and without concern about data loss or accessibility. To us, security means ensuring the integrity of your data and information throughout the entire life cycle of our end-to-end solution.

Our Secret to Keeping Your Secrets Secure

At a Glance. Every aspect of MinuteBox begins with security in mind.

* Some security features only available with a Service Level Agreement (SLA)

  • END-TO-END SECURITY
  • HTTPS CONTENT SECURITY POLICY
  • MULTI-FACTOR AUTHENTICATION
  • DMARC EMAIL VALIDATION
  • DOMAINKEYS IDENTIFIED MAIL
  • SOC-2 CLOUD HOSTING
  • FIDO/U2F AUTHENTICATION
  • BORING SSL
  • QUANTUM RESISTANT CRYPTOGRAPHY
  • VULNERABILITY DISCLOSURE STIPEND

Data Security

End-to-End. Now for more than just encryption.

Industry leading data security begins long before we ever look at bits and bytes. We’ve created a strong foundation from the moment we first encounter your confidential data. Redundant, independant and arms-length safeguards help keep your data secure on MinuteBox.

Great policy begets great security.

document with security shield and lock

Information Security Policy

Our Information Security Policy creates strong data practices & procedures.

document with user image in top corner

Dedicated Security Professionals

Security professionals with clearance so advanced that we can't say any more.

document with search icon inside

Third-Party Audit Protection

Audited and tested by third-parties to ensure data is protected from threats.

Our service providers meet the highest security standards.

ISO 27001 &
ISO 27017

Managing information risks and controlling cloud-based information security.

Google
Cloud Platform

World class and highly secure data centres that can't be beat.

SOC 2
Compliance

Security, availability, processing integrity, confidentiality and privacy controls.

Advanced. Independent Security Testing.

multiple hexagons touching at edges

Penetration
Testing

Advanced and automated penetration tests on every aspect of our system.

green rectangle with A+

Security
Headers

A Content Security Policy that leaves no HTTPS security header overlooked.

SSL labs red shield logo

Qualys
SSL Labs

Our RSA 2048-bits SSL certificate gets an "A" from SSL Labs.

Perform a Cloud Security Audit

Data Storage & Encryption

intersecting diamonds with data flowing between
End-to-End Security

Don't be fooled. End-to-end security requires more than encryption in transit and at rest. MinuteBox is the cloud-based legal technology solution that offers industry-leading security developed by experienced cybersecurity experts.

map of the world
Multi-Jurisdictional Support

MinuteBox offers a choice of residency for all of the data we safeguard. We help you comply with local bar guidelines and keep your client information in the jurisdiction of your choice.

clock showing one second
Encryption Key Rotation

Get out your stop watch. All of your encryption keys are rotated based on industry standards. It's your data and encryption key rotation keeps it secure.

data waves
Data Logging

Performance at scale and in real time from thousands of virtual machines (VMs). Comprehensive Stackdriver logging to store, search, analyze, monitor and alert on log data and events.

User Security

Great security depends on great user security. At MinuteBox we employ the strongest standards for user identification and verification.

  • MULTI-FACTOR AUTHENTICATION
  • FIDO HARDWARE KEY SUPPORT
  • GRANULAR USER PERMISSIONS

Data Integrity

Great data security necessarily requires great data integrity. At MinuteBox, we take great strides to ensure your data is not only always secure but also always available.

square with smaller sqares inside
image showing fault tolerance
Fault tolerance and high availability

With guaranteed 99.9% uptime, the MinuteBox platform offers industry leading fault tolerance and the highest levels of service availability.

three pieces of stacked paper with title information security policy
Information Security Policy

Our Information Security Policy ensures the security of data at every step of the process. We have detailed every aspect of how MinuteBox interacts with your sensitive data.

mismatching grids of colored rectangles
Automated Audit Logging.

Our advanced Audit Logging features monitor and track every change on our platform in a secure and immutable audit trail. You'll never need to wonder how that last change happened.

Data Accessibility

Accessible Data is Secure Data

There's no point in securing your data if you cannot access it. At MinuteBox, we've developed mechanisms to ensure the highest levels of data accessibility so you can work when and where you want.

24 7 365

Disaster Recovery Policy

When Disaster Strikes. Our comprehensive Disaster Recovery Policy ensures that MinuteBox is up, running and accessible when you need it, even when disaster strikes.

minutebox small logo

At a Glance

Key Facts & Figures

  • 99.9% Service Availability
  • Zero Outages in the last 12 months
  • Documented Disaster Recovery Plan
  • 4-hour emergency recovery time
  • 24-hour disaster recovery time

Security Beyond Technology

You’re in control of your data

MinuteBox’s security goes far beyond the mere protection of your hosted data. Security is paramount from the moment we first engage with your law firm.

checklist
Process & Procedure Security

MinuteBox's processes and procedures maintain the highest levels of security when working with your firm’s information. Our process & procedure security includes scanning that is done entirely on-site with any local data stored on AES-256 encrypted hard drives. MinuteBox maintains documented process & procedure guidelines for employees working with confidential information.

user image
You’re in Control of Your Data

You decide who has access. MinuteBox has no control or knowledge of any data you store on our platform. All data is encrypted before it ever leaves your computer and stays that way until it gets back. Our granular user permissions allow you to add and control users with limited privileges. Our advanced sharing technology lets you securely share any book, document or piece of information with selected individuals.

person with briefcase
Employee Security

Every employee at MinuteBox is screened in advance of employment. Our screening process includes Certified Criminal Records Check, Employment Verification, Education Verification, and Employment Reference Verification.

shaking hands
Support

We're here to help. MinuteBox offers 24/7/365 phone support. MinuteBox support may be contacted by phone at 1-833-4-MNTBOX (1-833-466-8269) or by email. To get support please visit our support centre.

Perform a Cloud Security Audit

Be confident with your cloud provider. Start your Cloud Security Audit by entering the website of your vendor below. Start with MinuteBox.com to see what the results should look like.

  • Look for an A+ Grade on securityheaders.com
    Invalid URL: Please include the domain extension
  • Look for an A Grade on Qualys’ ssllabs.com
    Invalid URL: Please include the domain extension
  • Look for the use of any third party tools that spy on user behaviour
    Invalid URL: Please include the domain extension

Questions about conducting a full Cloud Security Audit and understanding the results? Contact us today.


Vulnerability
Disclosure
Program

MinuteBox employs a Vulnerability Disclosure Program (“VDP”). VDPs are programs designed to encourage and incentivize third-parties to disclose a system vulnerability upon discovery. The program is designed to promote disclosure directly to MinuteBox instead of, or in advance of, public disclosure. Moreover, the program is designed to counter any incentive of a third party to disclose a vulnerability to a malactor.

VDPs are primarily targeted toward security researchers, not bad actors. To show our appreciation to security researchers that disclose vulnerabilities, MinuteBox operates a stipend program to researchers that responsibly disclose vulnerabilities.

If you believe you’ve discovered a bug in MinuteBox’s security, please get in touch via this form. We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by MinuteBox.

MinuteBox provides a stipend for the confidential disclosure of any design or implementation issue that could be used to compromise the confidentiality or integrity of our users’ data (such as by bypassing our login process, injecting code into another user’s session, or instigating action on another user’s behalf).

A minimum stipend may be provided for the disclosure of qualifying bugs discovered. At our discretion, we may increase the stipend amount based on the creativity or severity of the bugs. If you report a vulnerability that does not qualify under the above criteria, we may still provide a minimum stipend if your report causes us to take specific action to improve MinuteBox’s security. The quantum of your stipend, if any, is at the sole discretion of MinuteBox.

As with most security stipend programs, we ask that you use common sense when looking for security bugs. Vulnerabilities must be disclosed to us privately with reasonable time to respond, and avoid compromise of other users and accounts, or loss of funds that are not your own. We do not stipend denial of service, spam, or social engineering vulnerabilities. The scope of this policy is the MinuteBox app and does not include any marketing or product pages. Vulnerabilities in third-party applications that use MinuteBox are not eligible for the program.

As with most security stipend programs, there are some restrictions:

  • We will only provide a stipend to the first person to responsibly disclose a bug to us
  • Any bugs that are publicly disclosed without providing us a reasonable time to respond will not be provided a stipend.
  • Whether to stipend the disclosure of a bug and the amount of the stipend is entirely at our discretion, and we may cancel the program at any time
  • Your testing must not violate any laws
  • We can’t provide you a stipend if it would be illegal for us to do so, such as to residents of countries under current Canadian or U.S. sanctions
  • You will be required to sign a acknowledgment and confirmation in a form provided by MinuteBox at its absolute discretion

Additional terms apply. Please inquire with our security team.

Get Started

Join the minute book revolution

See why leading law firms, legal departments, and accounting firms love using MinuteBox
×

Read the Security White Paper

Complete the form below to receive the Security White Paper to your inbox.

Features

Document Coding Coding Assistant App

Corporate Law Precedents

MinuteBox Corporate Law Precedents 🇨🇦Access a free collection of Canada Corporate Forms.

About

Terms of Service Privacy Policy About MinuteBox Careers MinuteBox Blog Press Support Glossary

Security

Our approach to security

Migrate

Migrate from Alf to MinuteBox Migrate from FastCo to MinuteBox Migrate from GEMS to MinuteBox Migrate from Corplink to MinuteBox Migrate from Corporate Focus to MinuteBox Migrate from Emergent to MinuteBox Migrate from Enact to MinuteBox Scan and digitize existing minute books

Alf, FastCo, GEMS, Corplink, Corporate Focus, Emergent, Enact are not associated with MinuteBox and are each the registered trademarks of their respective owners.

Use Cases

Company Incorporation Company Organization Minute Book Management Subsidiary Management See all uses

Clients

Read client stories

Contact


MinuteBox Inc.
262-1136 Centre Street
Thornhill ON L4J 3M8

+ 1-833-4-MNTBOX info@minutebox.com

Cookie Policy