The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/80353
We recently completed a two-day onsite security requirements assessment from our largest client. We've been through quite a few of these in the past, but this was by far the most extensive audit to-date. The security requirements document was 112 pages long and took us weeks to review. We are being asked much more frequently by our clients to comply with their security requirements, and I don't see that stopping or slowing down due to increasing governmental regulations related to information security. We are generally being told that requested security controls apply to all of the client's matters. We fared very well in the assessment, but there were some findings we must remediate that will require major cultural shifts in the firm. We're in the planning and implementation stages of two-factor authentication, data leakage auditing and controls, and increased security awareness training. Making these changes to the environment, though difficult, will ultimately be in the best interest of the firm and our clients from a security standpoint. We feel these requirements aren't going away and that we'll be asked more and more about our security procedures, processes and controls. Making the changes now will bring us into compliance for future requests. Danny Rhinehart Chief Technology Officer Akerman Senterfitt __________________________________________________________ I can't give you a specific number but it is more than a few. If we are talking about financial services clients in the U.S., then it's just about all of them (whether they've contacted you yet or not) due to the current regulatory environment. I suggest reaching out to your general counsel (if you haven't already) to get their assessment, so you can focus your efforts. Based on the outside counsel guidelines and other agreements I've seen, they all seem to be singing from the same hymnal. Most state that all client records must be secured on a need-to-know basis. We have aligned our security plans around ISO 27001 and have been moving steadily in that direction for the last few years. Tim Golden Manager of Enterprise Architecture & IT Governance McGuireWoods LLP LIT-CON 2012 THE LEGAL IT CONFERENCE AT ARMA SEPTEMBER 21, 2012 IN CHICAGO Information Governance – Strategic ARMA International and ILTA are once again hosting the premier event on legal technology and information policy and governance — LIT-Con 2012. In just one interactive, action-packed day, you'll receive the education needed to continue the transformation of your firm's information governance — and maintain a Transformation through Collaboration competitive edge. General Session Moderators of the six breakout sessions will participate in a TED-style presentation of the topics that will be covered during the day. Breakout Sessions: • Social Media + ECM + KM = Redefinition of "Record" • Mobility vs. Information Governance: Is There a Yellow Brick Road to Oz? • Information Governance and Information Security: Risky Business • Using GARP To Build an Information Governance Framework for Law Firms • The Final Frontier: Re-Engineering Your Records Staff and Function to Make the Voyage to a Bold New World • Predictive Coding/Analytics/Email Management: Leveraging Technology for Risk Mitigation and Efficiency www.arma.org/conference/2012/LitCon.aspx ILTA members enjoy a discount to LIT-Con and the ARMA conference. Peer to Peer 99