Data Security Audits: Shining a Light on Law Firm Security

by | Sep 29, 2016

Data Security Audits Shining a Light on Law Firm Security -

When it comes to data security audits, one size doesn’t fit all. The metrics of one industry don’t necessarily translate to other industries – and this is particularly true when it comes to the document-intensive legal industry, where confidentiality in communications between client and attorney is a central value to the entire profession.

“As a legal service provider, we’re seeing the full spectrum of data security audits, from simple vendor assessments to 100-question audits followed by in-person visits,” said Jeff Norris, CISSP, senior director of data security for LexisNexis Managed Technology Services. “They seem to be more pronounced in industries such as financial services, health care and others that handle a lot of regulatory data. The good news is that law firms are getting much better at dealing with these audits.”

To help law firms understand their responsibilities, LexisNexis recently partnered with Lewis Brisbois to host a CLE panel event in Los Angeles: “How to Interpret and Meaningfully Comply with Audits?” The panelists included: Gordon Calhoun, chair of electronic discovery, information management and compliance, Lewis Brisbois Bisgaard & Smith LLP; David L. Hansen, director of compliance, NetDocuments; Aaron Laderman, regional underwriting manager, AIG; and Norris.

The panelists were asked to share their thoughts on trends in data security audits. We’ve captured some of the highlights from this event and will be summarizing them in a series of blog posts in the weeks ahead. Some of their overview comments included:

  • Number and intensity rising
    More clients are requiring data security audits than in previous years. In addition, the level of audit intensity has increased, with some audits now including multi-tiered questionnaires that require narrative responses and are followed-up with telephone interviews.
  • Vendors under scrutiny as well
    Law firm vendors face even greater pressure from data security audits. First, they must certify themselves as qualified vendors by passing audits for ISO, SOC 2 and other standards. Second, they most be re-audited by law firms and other clients to validate the results of their compliance audits.
  • Insurers look for benchmarks
    Insurance companies tend to use data security audits as a benchmarking tool to evaluate law firms and other insured businesses. One of the ways they analyze risk exposure is by determining the data security framework the firm has in place.
  • Law firms are businesses too
    Law firms are expected to be protectors of their clients’ data, but many of them are also large commercial enterprises in their own right and have the same data security challenges as any other company. This includes departments such as HR, Finance and Employee Benefits that are in possession of sensitive personal information and must be protected as rigorously as client data.

In the weeks ahead, we’ll share more highlights from this all-star panel discussion and will make available free video clips you can view with each post.


This post is by Daryn Teague, who provides support to the litigation software product line based in the LexisNexis Raleigh Technology Center.


    Contact Us

    To learn more or schedule a free demo of CounselLink, simply fill out the form below.

    First Name *

    Last Name *

    Work Phone *

    Work Email: *

    Company *

    Country *

    Zip Code * ( USA Only )

    Inquiry *

    LexisNexis, a division of RELX Inc. and our LexisNexis Legal & Professional affiliates may further contact you in your professional capacity about related products, services and events. You will be able to opt-out at any time via the unsubscribe link provided within our communications or manage your communication preferences via our Preference Center. For more information, see our Privacy Policy.