At Legale, the protection of our clients’ information is a core pillar of our operations. To uphold the highest standards of cybersecurity, we implement a robust Ethical Hacking & Continuous Monitoring program that is directly aligned with our ISO/IEC 27001 Information Security Management System (ISMS).
What is Ethical Hacking?
Ethical hacking—also known as penetration testing—is the practice of simulating cyberattacks on our systems, applications, and infrastructure to identify and fix vulnerabilities before they can be exploited by malicious actors.
These controlled tests are conducted under strict protocols, using industry-standard methodologies such as OWASP Top 10, NIST, and MITRE ATT&CK. The goal is to assess our defenses in real-world scenarios, such as:
• Attempted access to unauthorized data
• Exploitation of outdated or misconfigured services
• Identity spoofing or session hijacking
• API-level security breaches
All findings are triaged and prioritized, and remediation actions are tracked through our internal incident management process.
Why Continuous Monitoring Matters
Security threats evolve daily. That’s why continuous monitoring is critical—not just scheduled audits. Our systems are under 24/7 surveillance, detecting:
• Unauthorized access attempts
• Anomalous login behavior
• Misconfigurations or open ports
• Emerging vulnerabilities in third-party dependencies
This monitoring is done through both automated tools and human oversight, ensuring rapid detection and response to any incident.
Our Partner: Intruder.io
To maintain an unbiased and high-quality security posture, Legale partners with Intruder.io, a globally recognized cybersecurity platform specialized in proactive threat detection and vulnerability management.
Intruder.io provides:
• Continuous vulnerability scanning across all our assets
• External and internal network assessments
• Immediate alerting on new CVEs and zero-day vulnerabilities
• Integration with DevOps pipelines for secure development practices
By outsourcing this function to a specialized third party, we ensure our security is evaluated independently, with no blind spots or internal bias. This approach also demonstrates transparency and accountability to our clients and auditors.
Alignment with ISO/IEC 27001
All our ethical hacking and monitoring practices are fully aligned with the controls outlined in ISO/IEC 27001, including but not limited to:
• A.12.6.1: Management of technical vulnerabilities
• A.16.1.4: Assessment of and decision on information security events
• A.14.2.8: System security testing
• A.15.1.1: Information security policy for supplier relationships
Our ongoing ISO 27001 compliance ensures that risks are not only identified and mitigated, but also documented, reviewed, and continuously improved through our ISMS framework.
By combining advanced internal controls with the independent oversight of Intruder.io, Legale delivers a security-first environment for managing electronic signatures, legal documents, and highly sensitive data—all in full compliance with international standards.