triConvey Security

Whether it comes to your data or sharing information with your clients, we’re serious about security at triSearch.  

practice management system offering security.

Data Security

Data Storage

The triConvey Software is powered by SMOKEBALL. Due to this relationship, the two softwares share a lot of security features. Being a cloud solution, the software and all client data is stored on SMOKEBALL Servers, which are built on the Amazon Web Services (AWS) platform.

AWS is a leading cloud services platform, providing database storage, content delivery and a range of other functions. It is one of the largest and most successful cloud platform provider in the world. AWS makes security its top priority, providing a data centre and network architecture built to meet the requirements of the most security-sensitive organisations such as NASA, Atlassian and Dow Jones. AWS is constantly evolving its core security services such as identity and access management, logging and monitoring, encryption and key management, network segmentation and Denial of Service (DDoS) protection.

triConvey stores data in the jurisdiction of origin, located in Sydney. triSearch actively works to take advantage of AWS services, following Information Security best practices. triSearch also makes continuous backups, so your triConvey data will be up to date to the time you last connected to the Internet.

‍We keep your triConvey data safe by adhering to industry best practices.

‍AWS has an extensive and constant Cyber Security presence (its reputation depends on it) and triConvey too has its own dedicated Information Security Team. We continually monitor the AWS environment, implementing updates and patches in line with best practices prescribed by AWS. You can find out more about AWS security in the AWS Security & Compliance Quick Reference Guide.

Your Data Security Responsibilities

If you provide triSearch any personal or sensitive data relating to other individuals, either directly, through our websites, through our software, or otherwise, you represent that you have the authority to do so and permit us to use, access, or host that data in accordance with this policy.

triSearch employs industry standard security measures to ensure the security of information. However, the security of information transmitted through the Internet can never be guaranteed. triSearch is not responsible for any interception or interruption of any communications through the Internet or for changes to or losses of information. Site users are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access to password protected or secure areas of any triSearch websites.

In order to protect you and your information, triSearch may suspend your use of a website if any breach of security is suspected, without notice pending an investigation. Access to and use of password protected and/or secure area of any unauthorised access to such areas is prohibited and may lead to criminal prosecution. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contact Us” section herein.

We may use your information as we believe to be necessary or appropriate:

  1. under applicable law, including laws outside your country of residence;
  2. to comply with legal process;
  3. to respond to requests from public and government authorities including public and government authorities outside your country of residence;
  4. to service providers which act for us or provide services for us, such as for marketing or for the processing of payments, and as to such service providers their use of Personal Information is subject to our agreements with them and any applicable laws;
     to enforce our terms and conditions;
  5. to protect our operations or those of any of our affiliates;
  6. to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others;
  7. and  to allow us to pursue available remedies or limit the damages that we may sustain.  
Data Breach Notification

triSearch will notify the subscriber without undue delay and in writing on becoming aware of any Data Breach in respect to our client’s data. If a vulnerability is identified or data is available publicly outside of the triConvey Software, please contact triSearch immediately via support@triconvey.com.au.

Backup Policy

‍triConvey servers are backed up multiple times daily, weekly and monthly. It is also monitored 24 hours a day, 7 days a week, 365 days a year.

Data Encryption

Each triConvey application is accessed via HTTPS using Transport Layer Security (TLS). TLS is a cryptographic protocol designed to protect information transmitted over the internet against eavesdropping, tampering, and message forgery. Once client data reaches the triConvey cloud infrastructure, all information is then encrypted at rest, using AES-256, military-grade encryption.

Security Measures

triConvey uses multiple layers of security controls (software, physical and process based) to protect our client data.

This includes, but is not limited to:

  • Local & Network Firewalls
  • Web Application Firewalls
  • Intrusion Detection Systems (IDS)
  • Multi-vendor Anti-Virus
  • DDoS Throttling Services
  • Access Control Lists
  • Security Patch Management
  • Identity and Access Management
  • Centralised Log Management
  • Symmetric and Asymmetric Encryption systems
  • Separation of Duties
  • Vulnerability Assessment
  • Anomaly Detection
  • Remote Monitoring & Alerting

triSearch understands security is of foremost importance to firms. These are some security measures you can implement, alongside systems triSearch has developed to strengthen security for your firm. 

Document & Information sharing

When it comes to sharing documents and sensitive information with your clients, you have a few options through triConvey to replace emails. Email is an ubiquitous but high-risk communication method, vulnerable to infiltration and hacking. You should never send highly confidential, private or security-related information or documents by email.

Your sharing options within triConvey:

triSign

triSign utilises the functionality of DocuSign, which maintains around-the-clock onsite security with strict physical access control that complies with industry-recognised standards, such as SOC 1, SOC 2, and ISO 27001.

We also use world-class security software and hardware to protect the physical integrity of DocuSign eSignature and all associated computer systems and networks that process customer data. We do this through a centralised management system that controls access to the production environment through a global two-factor authentication process.

This isolated production environment is protected by industry-leading network management systems, anti-virus software, and malware detectors. The anti-virus software is integrated with processes that automatically generate alerts to DocuSign’s cyber incident response team if potentially harmful code is detected.

Storage, encryption, and disposal

To ensure your data stays protected, DocuSign follows industry best practices to:

  • Logically separate individual customer data
  • Encrypt customer data—all data access and transfer activities use HTTPS and other secure protocols, such as SSL, SSH, IPsec, SFTP, or secure channel signing and sealing
  • Support only recognised cipher suites
  • Encrypt all documents with AES 256-bit encryption or the most recent FIPS-approved methods
  • Provide non-repudiation for all documents generated and signed using DocuSign via a Certificate of Completion
  • Maintain a data disposal and re-use policy for managing data assets
  • Implement processes for equipment management and secure media disposal
Communicate

To enable triConvey clients to communicate safely and securely, we utilise Communicate for document sharing. When a document is shared through Communicate, it is not transported. It remains in the communications application, and anyone with the right credentials can interact with it. An email or notification is sent to the other party to allow them to view and comment on the document in Communicate. The document itself is not sent.

Securexchange

Another option you have to share sensitive documents and bank information is Securexchange. This tool allows you to create a portal where documents and information can be uploaded. Once created you can invite parties to the portal. To access the portal, they will require a two-factor authentication process to ensure there are no unwanted parties in the portal. 

When using Securexchange, funds transferred are guaranteed by Securexchange, up to $1,000,000 AUD.

Verification of identity

triSearch complies with the ISO27001 Certification for storing data.

Documents entered into triSearch’s Verification of Identity (VOI) platform are transmitted and stored securely in a write-only, ISO27001 certified private cloud provided database. This database is only accessible for read access via a private VPC, to a few highly privileged triSearch administrators.

All data at rest is secured using the industry certified AES256 encryption, all data in transit is secured end-to-end, using the industry certified TLSv1, TLSv1.1 and TLSv1.2 standards, and offers the highest level of protection possible. All documents ordered as part of the report are encrypted on the server using AES256. All transport between the VOI platform and servers is secured using SSL.

State-based security & compliance

Legislation surrounding VOI differs in each state of Australia. In NSW, SA, QLD, WA and VIC, there are VOI requirements set in place that apply to solicitors and conveyancers. Under these requirements, the identity of an individual should be verified in all conveyancing transactions, so that lawyers and conveyancers know that the individual has authority to deal with the land.

In NT, TAS and ACT, these states don’t currently have any legislation requirements in place.

NSW Requirements
VIC Requirements
QLD Requirements
SA Requirements
WA Requirements

Trust Accounting Compliance

The triConvey Trust Accounting function is available to all users. See more information below on specific state legislation.

New South Wales

The NSW Law Society’s Trust Accounts Department, at the request of the software supplier, carefully examines software packages to ensure compliance with the Legal Profession Uniform Law (NSW) and the Legal Profession Uniform General Rules 2015 (the Uniform Law).

TA software packages that have been examined and certified by The Law Society of New South Wales as complying systems under general trust accounts as defined in S128 of the Uniform Law, are provided identifying certificate numbers.

triSearch conveyancing practice management software triConvey, is currently obtaining the compliance certification from the NSW Law Society’s Trust Accounts Department.

Victoria

According to the Victorian Legal Services Board + Commissioner, property lawyers and conveyancers can outsource trust accounting to an external TA software as examined and certified by the Trust Accounts Department of the NSW Law Society.

There is currently no formal certification for trust account compliance in Victoria. 

Queensland

When the assessment of computerised trust accounting systems changed responsibilities from the Department of Justice & Attorney-General to the Queensland Law Society in 1994, approval for the use of systems by solicitors has discontinued.

The official QLS computerised trust accounting systems states: “The Queensland Law Society does not assess computerised accounting systems. Sections 28 to 32 of the Legal Profession Regulation 2007 set out the requirements for a complying computerised trust accounting system.”

There is currently no formal certification for trust account compliance in Queensland. 

Have a question about security?

We would be delighted to hear from you.