THE AUTHORS:
Yohan Daddou, Head of Infrastructure and Security at Jus Mundi
Thomas Latterner, Chief Technology Officer at Jus Mundi
Securing Trust in Legal Tech: Jus Mundi’s Journey to ISO 27001 Certification
In the high-stakes world of international arbitration, where billion-dollar disputes and the sensitive nature of legal proceedings demand the utmost discretion, security isn’t just a technical requirement—it’s a fundamental necessity.
At Jus Mundi, our mission to democratize access to legal information goes hand in hand with our commitment to maintaining the highest standards of security. In December 2024, we proudly announced our achievement of ISO 27001 certification, a milestone that reinforces our position as a trusted partner in the arbitration community and the entire legal technology space. We recently sat down with two of Jus Mundi’s co-founders, Yohan Daddou, Head of Infrastructure and Security, and Thomas Latterner, Chief Technology Officer, to discuss this significant achievement and what it means for Jus Mundi, Jus Connect, and Jus AI users.
Before diving into our journey, let’s understand what ISO 27001 is. ISO 27001 is the global gold standard for data security. For legal professionals like you, this certification means your sensitive data is protected by independently verified security protocols that meet the highest international standards.
The Significance of ISO 27001 Certification
“Achieving ISO 27001 certification is highly significant for Jus Mundi as it demonstrates our commitment to aligning our security measures with internationally recognized standards,” explains Yohan Daddou. “What makes this certification particularly significant is the regular review by independent auditors, ensuring our security controls are consistently monitored and validated.”
The ISO 27001 certification process has enabled us to further strengthen our established security infrastructure to support your data security needs. By implementing additional controls, enhancing our existing protocols, and advancing our response capabilities, we’ve elevated our security framework to meet some of the most stringent international standards. This achievement reflects our ongoing commitment to safeguarding confidential information you entrust us with—from sensitive arbitration documents and privileged communications to strategic legal positions that can impact global business decisions.
As William Kirtley, Managing Partner at Aceris Law said,
“We’re aware that Jus AI is ISO-certified and that it uses encrypted software, and this allows us to have much greater confidence in terms of uploading documents to the platforms and asking questions to it than we can with other platforms.“
This real-world validation reinforces the practical significance of our certification in ensuring your legal practice remains secure and innovative.
Our success in achieving this certification stems from our advanced data encryption practices, comprehensive network security measures, reliable data sovereignty[i] and backup systems, and well-defined internal security measures. This framework ensures that security isn’t just a checkbox exercise but is deeply embedded in our organizational DNA.
Building Trust Through Enhanced Security
At Jus Mundi, we maintain strong security measures that build upon standard requirements, including robust access control protocols and encryption systems that protect your data throughout its lifecycle. As Yohan Daddou emphasizes, “Our ISO 27001 certification complements these existing safeguards by validating that our overall information security management system aligns with internationally recognized best practices.“
This dual approach – combining our security infrastructure with certified management practices – gives you multiple layers of assurance that your sensitive information is in trusted hands.
Standing Out in the Age of Gen-AI
In today’s rapidly evolving legal tech landscape, particularly with our advancement in generative AI capabilities, security certifications have become crucial differentiators. “Jus Mundi is built on trust, both in the data we provide and in the data we process,” Yohan Daddou notes. “Our ISO 27001 certification demonstrates that our capacity for innovation, especially with the new opportunities Gen-AI offers, compliments our commitment to delivering the best possible service to our clients.”
This certification underscores the bank-like security infrastructure and practices we have in place, ensuring that organizations choosing Jus Mundi can confidently leverage our cutting-edge technology without compromising on data protection or compliance.
The Road Ahead: Enhancing Our Security Framework
Looking towards the future, we’re committed to further strengthening our security posture. Yohan Daddou outlines our focus areas: “We’re committed to continuous improvement through bug bounty programs[ii], recurrent audits, and enhanced employee training. We’re also expanding our security team.”
Yohan Daddou adds depth to our vision: “We’re exploring additional certifications like SOC 2[iii] or ISO 42001[iv] to complement our existing ISO 27001 certification. Additionally, we’re growing our community of dedicated security researchers involved in our private bug bounty program. By engaging a diverse group of experts to proactively test and evaluate our platform, we can detect and address potential vulnerabilities before they become issues.“
Addressing Emerging Security Challenges
Staying ahead of emerging threats is our top priority when handling sensitive arbitration data. “We’re seeing the rise of more sophisticated attacks that leverage AI, building on familiar threat vectors[v],” Yohan Daddou explains. Our team recognizes that the democratization of hacking knowledge through AI tools presents new challenges that require innovative solutions.
Thomas Latterner, our CTO emphasizes our focus on addressing new attack vectors, particularly those linked to LLM applications. Under their leadership, we’re strengthening our defenses both through enhanced employee training and by continually reinforcing product-level security measures.
Our security strategy extends to cloud security and managing our interconnected vendor ecosystem[vi], maintaining consistent security standards across our integrated network of partners and suppliers. With Data Loss Prevention (DLP)[vii] growing in importance, we’re exploring ways to enhance these capabilities, ensuring thorough protection of your sensitive data at every stage of its lifecycle.
Conclusion
Jus Mundi’s ISO 27001 certification represents more than just a technical milestone—it’s a testament to our dedication to protecting the confidential information that powers international arbitration and your legal practice. By choosing Jus Mundi, you gain a partner that combines cutting-edge technology with world-class data protection. As we continue to raise the bar, you can confidently rely on secure, forward-thinking solutions tailored to the demands of modern legal practice.
[i] Data Sovereignty: This means the data you share with us is stored and handled according to the laws of the country where it’s kept. It ensures data is protected and processed securely within legal frameworks.
[ii] Bug Bounty Program: A program where trusted security experts are invited to find and report vulnerabilities before they can be exploited.
[iii] SOC 2 Certification: A certification focused on verifying that a company’s systems ensure data privacy, security, and confidentiality.
[iv] ISO 42001 Certification: A potential additional certification we’re considering, related to privacy protection and data privacy management.
[v] Threat Vectors: Different ways cyberattacks can occur, such as through emails with malicious links or software vulnerabilities.
[vi] Vendor Ecosystem: A network of external service providers and partners that help run our platform.
[vii] Data Loss Prevention (DLP): Tools and processes to prevent sensitive data from being accidentally or intentionally lost or stolen.
About Jus Mundi
Founded in 2019 and recognized as a mission-led company, Jus Mundi is a pioneer in the legal technology industry dedicated to powering global justice through artificial intelligence. Headquartered in Paris, with additional offices in New York, London and Singapore. Jus Mundi serves over 150,000 users from law firms, multinational corporations, governmental bodies, and academic institutions in more than 80 countries. Through its proprietary AI technology, Jus Mundi provides global legal intelligence, data-driven arbitration professional selection, and business development services.
Press Contact
Helene Maïo, Senior Digital Marketing Manager, Jus Mundi – h.maio@jusmundi.com
