Trust Center

Start your security review

View & download sensitive information

Ask for information

Overview

Bloomberg Law ("BLAW") is a web-based platform that provides legal content and information content for legal professionals. BLAW combines the latest in legal tech with workflow tools, news, primary and secondary sources, and business intelligence in a web-based platform that provides legal content and information for professionals performing legal research and analysis

BLAW Features
1. Brief Analyzer
Brief Analyzer speeds up the process of reviewing and researching legal briefs and memoranda
2. Draft Analyzer
Draft Analyzer speeds up the process of drafting, reviewing, and negotiating transactional agreements

Additional BLAW Products
Dashboard Legal
Bloomberg Law’s Dashboard Legal is a customizable project management solution that unifies email, docs, tasks, and chat. Dashboard Legal is simple, fast, and intuitive, and it comes with advanced features to help the legal industry’s highest performers.

Compliance

Documents

DOCUMENTSAI Frequently Asked Questions

REPORTSPentest Report

REPORTSSecurity Whitepaper

COMPLIANCESOC 2

COMPLIANCEVPAT

SELF-ASSESSMENTSSIG Lite

LEGALCertificate of Liability

BC/DRBusiness Continuity Management System (BCMS)

Product Security

Audit Logging

Data Security

Role-Based Access Control

Reports

Pentest Report

Security Whitepaper

SOC 2 Report

Self-Assessments

SIG Lite

Data Security

Access Monitoring

Data Backups

Data Erasure

App Security

Code Analysis

Credential Management

Software Development Lifecycle

AI

AI Training Data and Bias

AI Security

AI Monitoring

Legal

Subprocessors

Certificate of Liability

Data Processing Agreement

Data Privacy

Employee Privacy Training

Access Control

Data Access

Least Privilege

Logging

Infrastructure

Anti-DDoS

BC/DR

Data Center

Endpoint Security

Disk Encryption

Endpoint Detection & Response

Threat Detection

Network Security

Allowlist

Firewall

IDS/IPS

Corporate Security

Asset Management Practices

Email Protection

Employee Training

Policies

Acceptable Use Policy

Access Control Policy

Business Continuity/Disaster Recovery (BC/DR) Policy

Security Grades

Qualys SSL Labs

bloombergindustry.com

A+

Security Headers

bloombergindustry.com

BC/DR

Business Continuity Management System (BCMS)

Business Continuity Plan (BCP)

Contingency Plan Testing/Lessons Learned

Training

Employee Privacy Training

Phishing Training

Security Awareness Training

Trust Center Updates

Microsoft SharePoint Zero-Day Vulnerabilities – Not Impacted

Copy link

Vulnerabilities

We are aware of the recently disclosed Microsoft SharePoint zero-day vulnerabilities: CVE-2025-53770 and CVE-2025-53771. After a thorough review, we have confirmed that Bloomberg Industry Group is not impacted. Our products do not rely on Microsoft SharePoint for any customer-facing services, and our internal SharePoint environment is isolated, access-controlled, and closely monitored. We continue to evaluate all third-party services for exposure and apply security patches in alignment with our vulnerability management procedures.

Submission of Discovered Vulnerabilities

Copy link

Vulnerabilities

At Bloomberg Industry Group, we welcome responsible disclosures of security vulnerabilities found within our websites or applications, in accordance with this policy.

Expectations for Responsible Disclosure:

Confidential Reporting: Please report security vulnerabilities confidentially to SecurityCompliance@bloombergindustry.com

Your disclosure should include:

Your name and contact information.
Clear identification of the issue's context, including the name of the vulnerable application, the vulnerable URL, and any exposed parameters.
A description of the vulnerability, including how it can be exploited and the potential consequences.
Where possible, please provide a screenshot of the exploited/executed vulnerability.

Non-Disclosure: Do not publicly disclose the vulnerability without our explicit consent and guidance.

For purposes of clarity, our terms governing access to our products and websites do not permit active scanning or penetration testing.

What You Can Expect from us:

Acknowledgment: The INDG Team will acknowledge receipt and begin investigating the reported vulnerability.
Investigation Outcome: We may inform you of the investigation's outcome upon its conclusion. During the investigation, we may reach out for additional information.