Devices
Work devices use full-disk encryption, with operating systems and software kept up to date.
Security & data handling
The items most often raised in pre-engagement security reviews and vendor assessments, up front. This page describes our standard practice — the terms of each individual contract take precedence.
01 — What the contract says
Information handling is fixed as contract clauses, not best effort. Below are our standard terms — a starting point; the individual contract takes precedence.
| Item | Standard terms (the individual contract takes precedence) |
|---|---|
| NDA | Standard two-party NDA, available before the first conversation. Client-side NDA templates accepted |
| Data handling | Post-engagement retention and destruction rules stated in the contract. At closeout, data is returned or destroyed — with a destruction report on request |
| Subcontracting | Work involving information that could identify you is never subcontracted without your prior consent |
| Incident notice | If an incident on LV3's side ever involves your information, we notify you promptly |
| Other clients' information | We never disclose other clients' engagement details — figures, names, specifics — even after an NDA. Your information is held to the same standard |
For the full contract structure and termination terms, see how we work.
02 — Day-to-day practice
A remote-first operation, run under these rules.
Work devices use full-disk encryption, with operating systems and software kept up to date.
Multi-factor authentication (MFA) is mandatory on work accounts.
Access to client environments is limited to the people who need it, for the period they need it.
We follow the transfer methods and environments you specify — including encrypted channels and access-controlled locations.
Where you provide devices or a designated environment, we work within it. Otherwise, work stays on company-managed devices, kept organized and identifiable per engagement.
We avoid taking paper out, and work where screens and documents are not visible to third parties.
03 — Vendor assessment
We respond to your security checksheets and vendor assessments. Just let us know.
A PDF of this page, ready to attach to your internal security review or approval workflow.
Checksheet response requests, NDA and contract questions — this form is the place.