Company / Security

Security you can count on

When you’re an Opus 2 client, you’re free to concentrate on delivering valuable legal services to clients knowing we’re committed to keeping your solution and data safe and secure.

ISO/IEC/27001:2022 opus 2

Security is our top priority

We’re heavily invested in making certain that you and your clients are protected when using our solutions—and have been since our founding. From information sharing and process management to collaboration and data management, we meet stringent global certifications and industry standards you can trust:

  • ISO/IEC/27001:2022
  • Cyber Essentials +

Our cloud approach is more secure

With industry-standard encryption practises, advanced monitoring capabilities, and strict access controls, we ensure your Opus 2 system and related data are always locked down. A multilayered process continuously scans for potential threats and vulnerabilities—so we can detect and respond to suspicious activities in real time. Far safer and more cost-effective than a traditional on-premises installation, our cloud is trusted by the world’s most successful firms.

State-of-the-art data centres

From network connections to server configurations, we host your solution and data in the most secure environment available—in the geographical location that best fits your needs.

Logical data segregation

With firewalls, encrypted volumes, logical identifiers, ownership tags, and other tight data segregation controls, your information is always self-contained and in the right hands.

24–7 monitoring

Video surveillance, intrusion detection systems, and other electronic monitoring and perimeter controls—even AI—operate continuously to analyse our entire ecosystem.


We build security into everything we create

Security is at the heart of our development process. Whenever we issue a new feature, enhancement, or correction, we use a methodology called STRIDE to identify potential threats. A dedicated risk owner is assigned to eliminate or mitigate that threat if one is discovered.

Opus 2 security

Testing and verification

Our secure development methodology includes regular CREST-accredited penetration testing by external groups to identify potential issues and vulnerabilities. We also use automated and manual testing practises that continually assess our code structure, vulnerabilities, potential threats, and third-party dependencies.

Build consistency

We run our code through a well-structured, continuous integration (CI) pipeline for proper testing as we’re building our programmes. Any issues are verified and fed into a highly organised tracking system, and then we go to work digging into the complete issue class rather than just addressing the one-off problem.

Opus 2 careers

Change management

We follow a strict, formal protocol for making changes to software, applications, and systems before deploying them in a production environment. Our documented assessments evaluate the risk and impact of the changes, and any update is rigorously tested before being implemented.

Ensuring your data is always protected


Opus 2 Services and Agreements meet global legal and regulatory requirements, including but not limited to:

  • General Data Protection Regulation (GDPR)
  • United Kingdom GDPR
  • California Consumer Privacy Act (CCPA)
  • Singapore Personal Data Protection Act
  • Australian Privacy Act
  • Canadian PIPEDA

Authentication and authorisation

Several authentication methods are in place to increase the security of accounts, including a client-defined password policy and several options for multifactor authentication. You also can link to your single sign-on (SSO) provider to centralise account control and authentication policies.

User management

As a client, you have full control over the permissions for each user you register to the platform. You can create, modify, and remove users based on your own internal policies.

Encryption at rest

Data at rest in our production network is encrypted using 256-bit Advanced Encryption Standard (AES-256). We also implement safeguards to protect the creation, storage, retrieval, and disposition of sensitive data.

Encryption in transit

Our cloud supports TLS 1.2 to encrypt network traffic transmitted between users’ browsers and our infrastructure. Internal communications between components also use TLS, and emails are encrypted end-to-end.

Discover how our security approach provides you with a strategic advantage