Trust Center
LexisNexis® Legal & Professional is a data and analytics company serving customers in more than 150 countries. Our mission is to bring the percentage of people living outside the umbrella protection of the rule of law down to zero through our day-to-day business operations, products and services, and actions as a corporate citizen.
We deliver powerful, new decision tools and analytics to customers by applying machine learning, natural language processing, visualization, and artificial intelligence to our global legal and news database.
We pride ourselves on never using customer data to train our models.
Information Security Commitment
The LexisNexis® Information Security team continually enhances our data protection practices to uphold the availability, confidentiality, and integrity of the data and systems under our care. Our vision is to safeguard customer data with unwavering commitment—treating it as our own and maintaining the gold standard of security controls.
Our Security Measures Include:
- Defense in Depth Controls:
We deploy multiple layers of network security capabilities. - Data Encryption:
Data is encrypted both in transit and at rest. - Logging & Detection Systems:
We utilize detailed logging and advanced detection systems.
These controls and safeguards are implemented while consistently delivering best-in-class solutions and services to our customers.
Commitment to Evolving Security Practices
In light of the dynamic nature of the information security space—and to reflect the evolving nature of relevant procedures, regulations, and threats—LexisNexis updates this site regularly.
- What is the privacy team email address for customers to use?
- Can LexisNexis provide confirmation that none of Lexis' LLM providers has human reviewers (for functions other than abuse monitoring) who would be able to read our prompts, or the LLMs' responses (“completions”), whether in real time or at some future time?
- Does LexisNexis use customer data to train their LLM models?
2026 Lexis, Lexis+ AI, Lexis+ with Protege SOC2 Type 2, SOC3 and HIPAA/HITECH Reports Published
We are pleased to announce the publication of our latest compliance and attestation reports. These updates reflect our ongoing commitment to maintaining the highest standards for security, availability, and confidentiality.
Newly Published Reports
Our trusted solutions, including Lexis, Lexis+ AI, and Lexis+ with Protege, continue to meet industry and regulatory standards.
SOC2 Type 2 Report
This report, which focuses on security, availability, and confidentiality service controls, is now available for secure download.
Access the report here.
SOC3 Type 2 Report
Verify our compliance with industry standards by reviewing the report.
Read the report here.
HIPAA/HITECH Attestation Report
Our adherence to HIPAA and HITECH requirements is available for secure download.
Access the attestation here.
Commitment
We remain dedicated to transparency and compliance as part of our commitment to providing secure, reliable, and compliant solutions for our valued customers.
LexisNexis Security Matter
LexisNexis Legal & Professional has investigated a security matter and based on the investigation and testing we have done to date, we believe the matter is contained. We have no evidence of compromise of or impact to our products and services. We engaged a preeminent cybersecurity forensic firm to assist in our investigation and response and have reported this issue to law enforcement.
Our investigation has confirmed that an unauthorized party accessed a limited number of servers. These servers contained mostly legacy, deprecated data from prior to 2020, including information such as customer names, user IDs, business contact information, products used, customer surveys with respondent IP addresses, and support tickets.
The impacted information did not contain Social Security numbers, driver’s license numbers, or any other sensitive personally identifiable information; credit card, bank accounts, or any other financial information; active passwords; customer client or matter information, or customer contracts.
We take our responsibility to safeguard customer information extremely seriously and have informed impacted current and previous customers of this matter. We are continuing to investigate and have implemented containment and remediation steps, in coordination with our expert cybersecurity forensic firm.
LexisNexis releases new SOC 1 Type 2 Report
LexisNexis is pleased to announce the successful update of its SOC 1 Type 2 report for Digital Content Management and Information Technology Services. This update reflects our continued commitment to maintaining strong controls, ensuring reliability, and upholding the highest standards of security, compliance, and operational integrity. To review the detailed SOC 1 Type 2 report and gain further insight into our control environment and practices, we invite you to register through our Trust Center, where authorized users can securely access this information.
LexisNexis updates its BCM/DR program statements
LexisNexis is pleased to confirm the annual review and update of its Business Continuity Management (BCM) and Disaster Recovery (DR) program statements. This annual update demonstrates our ongoing commitment to operational resilience and our ability to maintain service continuity in the event of a disruption. Our BCM and DR programs are designed to support the availability, integrity, and recovery of critical systems and services.
LexisNexis releases new SOC2 Type 2
LexisNexis is pleased to announce the successful completion of an independent audit of its CounselLink and CounselLink+ Matter Management and E-Billing Services. This achievement demonstrates our ongoing commitment to maintaining the highest standards of security, compliance, and operational integrity. To review the detailed audit report and gain further insights into our controls and practices, we invite you to register through our Trust Center, where authorized users can securely access this information.