FAQs

Internet requirements

What type of Internet access is required?

As ActionStep is an online application and so you will need a reliable Internet connection.   The key word here is “Reliable”.  ActionStep does not require an unusual amount of bandwidth, however since it is the heart of your firm’s operations you need it to be responsive.  Some Internet connections are shared by businesses and homes in your neighborhood (like ADSL).   Shared connection can run slowly at peak times.

Most standard business-grade Internet connections are suitable for use with ActionStep, so chances are you’re all set to go.

However if you experience speed issues then you may want to talk to your Internet Service Provider (ISP) and ask for a Committed Information Rate (CIR) which will guarantee a certain minimum bandwidth for your connection at all times.

Implementation

How long does implementation take?

This all depends on your your specific circumstances.  You can start using ActionStep right away by entering your active matters and contacts directly.  However if you have a large contact database or matter history that you would like to import then this could take a little longer depending on what system you are migrating from.  Importing clean data typically only takes a few hours if you can extract the data to a spreadsheet.

If you are transitioning to ActionStep accounting then you will need to plan your cutover from your current system to ActionStep on a schedule that will suit you.

Accounting

What accounting systems does ActionStep support?

ActionStep includes its own fully-integrated accounting system that has everything you would expect in an accounting system, and then some.  The beauty of ActionStep’s accounting system is that nearly all transactions are entered within the matter workflow and hence are automatically linked to the matter, client, staff member, and step in the workflow.

However you don’t have to give up your accounting system if you prefer not to.  ActionStep can run along side other accounting systems and offers direct integration to Xero.  Direct integration with other online accounting systems is also possible.  Talk to us to find out more.

Data security and ownership

Is my data encrypted?

All data transmitted between you and ActionStep is encrypted using SSL.

Can full backups of data be provided as an automatic download?

Yes. You can extract your data to vendor-neutral spreadsheet and HTML formats upon request.  Documents are provided in their original formats (DOC, XLS, JPEG, etc).

Who owns the intellectual property?

Anything you enter into ActionStep belongs to you. ActionStep owns the core system and any modules or extensions we develop.

Security

ActionStep takes data security very seriously and follows generally-accepted best practices to ensure that clients’ data is backed-up and protected against unauthorized access.

Hosting Environments

New Zealand/Australia

In New Zealand the servers are located in purpose-built high-availability data centres with a Tier II or higher classification.  The data centres have 7×24 video surveillance, sophisticated access control policies (for example biometrics and photo ID), fire protection, and power backup.

Client data is maintained in pairs of geographically separated data centres with one acting as a primary and the second as a remote data repository.  Data is replicated from primary to secondary sites at regular intervals throughout the day.

United States/Canada

For customers in the Unites States or Canada we use the secure Amazon Web Services (AWS) infrastructure.  Security specifications can be found on http://aws.amazon.com/security/.

Data Sovereignty

New Zealand and Australia clients are hosted at primary and secondary data centres in New Zealand and no hosted information is stored outside of New Zealand.  Clients in other countries can choose to have their data hosted in Europe or the United States.

Password Policies

ActionStep allows clients to implement password policies by system role.  The password policies include the following settings:

  • Minimum length
  • Inclusion of special characters
  • Forced mixed case or numeric content
  • Expiry time
  • Password rotation minimum
  • Time of day and day of week access windows
  • Source IP address restrictions

User Permissions

Clients can control who has access to the system by adding and removing logins as required.  Each login is associated with a specific system role which governs the access rights to all aspects of the application such as which pages or menu items they can see and whether they can create, view, edit or delete data.

Audit Trails

Audit trails and session logs record user activity and changes made to the data by each user.

Intrusion Detection

The servers run perimeter protection software and log unauthorized attempts to access the systems and add these to blacklists.

Network Layer Security

The networks are split into private (non-routable) and public subnets with a firewall between them.  Access to the private subnets can only be achieve over encrypted Virtual Private Network (VPN) links.  The public subnets restrict access to ports 443/80 only and all other ports are disabled.  Password access is disabled for all servers and the only access is via encrypted keys over SSH.

Application Layer Security

All data transmitted between the application and the user is encrypted via HTTPS.

System Administration Procedures

Systems administrators monitor the systems in real-time for any errors or unusual activity and record the events and action taken in an electronic log.