publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/503802
ILTA WHITE PAPER: APRIL 2015 WWW.ILTANET.ORG SIMPLIFY CLIENT AUDITS WITH PROACTIVE COMPLIANCE Management of Outside Council Guidelines A law firm representing clients in multiple industries is now likely more regulated than any one of its clients. Many corporations have created separate information security guidelines for outside counsel that document the minimum data security requirements law firms must meet before being considered. Some of the most common requirements include secure office space, computer and network password standards, prohibition on password sharing, proper disposal of damaged media, procedures for terminated employees and client-approved data encryption. These policies and procedures change often, and taking on additional clients means more rules to follow. Vendor Awareness, Assessments and Tracking Law firms frequently receive vendor assessments. Many of these questionnaires ask similar questions that require firmwide input. Completing each form individually means a firm ends up performing a lot of redundant work. Avoiding that requires a method of streamlining the completion and management of multiple vendor assessments. A GRC approach allows firms to: • Store inquiries in a reusable question bank • Track previous responses and changes over time to streamline the third-party audit process • Provide clients and potential clients with a limited-access account to review the firm's finished questionnaires and the associated controls Audit Preparation and Readiness Law firms are constantly audited by their clients for confidentiality, data security and privacy. Firms need a way to perform internal audits and document compliance efforts so that they are prepared for their client audits. For example, a law firm with a portfolio of financial services clients has audits ranging from questionnaires to evidence requests to weeklong audits onsite. Due to the unique nature of each request, the monthly audit schedule makes big A GRC program helps firms manage the various guidelines by creating a centralized database for all requirements. By better managing compliance data, firms can: • Avoid duplicating efforts when multiple clients have overlapping regulations • Better clarify which governing laws, regulations and contractual guidelines drive business • Consolidate the volumes of policies and procedures related to information security • Map security programs to best practice guidelines, client requirements and internal best practices for risk analysis • Connect disparate data, provide immediate efficiency to strained resources and scale with their practice 40