Information security is a growing concern across industries. The prevalence of data grants greater access to information – but also poses additional security risks,data braches and including hacking, and identity theft.Finding ways to ensure the security and privacy of information is essential – particularly in the legal services industry, due to the large volume of sensitive client information inherently involved.
Tech-savvy legal firms maintain strict internal protocols. However, to guarantee complete security for their clients, firms must examine the practices of the vendors, partners, and subcontractors they work with. Assessing those third parties and partners is difficult, requiring a large resource investment and technical expertise. The scrutiny and knowledge the process requires often goes above and beyond the capacity of a standard law firm.
Increasing Compliance Through Careful Evaluations
To certify vendor and subcontractor compliance with industry standards, law firms can now rely on the Subcontractor Oversight Program to conduct information security audits instead of struggling to perform their own. The Subcontractor Oversight Program is an assessment of the quality of vendors’ security and internal control environments – created by the National Creditors Bar Association< (NBCA), a trade association dedicated to law firms who specialize in creditors’ rights law.
The NCBA Subcontractor Oversight Program demands the most rigorous of information security systems and procedures in the industry. Areas assessed include human resources security and integrity, information security, incident reporting, business continuity and disaster recovery, physical security, insurance, vendor contracts, and customer contact. The audit covers every aspect of information security from employee background checks and role-based access to antivirus software and incident reporting.
Vendors and subcontractors who pass the assessment receive the NCBA Subcontractor Oversight Assessment Certification. Last week, Docketly and ABC Legal became two of the first six subcontractors to pass the audit and obtain a certification.
Advantages of Choosing NCBA Assessed Subcontractors
There are several key benefits to using a subcontractor certified by the NCBA including:
Certainty: Law firms are experts in law, not information security systems. As such, they lack the means to conduct thorough audits of their subcontractors. The NCBA Subcontractor Oversight Program’s collaboration with an auditor – , a public accounting, consulting, and technology firm, solves this problem. By combining subject matter expertise and functional specialization with technological innovation, Crowe LLP ensures the audits are state of the art. With Crowe LLP assessing vendors, law firms can be certain their subcontractors are safeguarding client data.
Comparison: Given the cost of conducting audits, both in terms of time and resources, law firms are unable to assess every subcontractor. This prevents firms from comparing vendors and exposes them to risk. However, under the NCBA Subcontractor Oversight Program, accessing a vendor’s detailed assessment costs only $100. Since the assessment measures all vendors on a consistent criterion, firms can easily compare vendors and see how they stack up against each other.
In an interview with the director of the NCBA, Scott Morris of Tromberg, Morris & Pollin, PLLC acknowledges the ability of the assessment to act as true comparison for vendors allowing a firm to “compare apples to apples” during an evaluation.
Confidence: Information security is not a domain wherein law firms can afford to cut corners. The risks of lawsuits and reputational damage that arise from working with reckless subcontractors who fail to adequately protect client information are a major stressor for law firms. The NCBA, by leveraging both its trusted status in the industry and its partnership with Crowe LLP, relieves that stress. Firms who work with NCBA-certified subcontractors can be confident that their vendors use information security systems and protocols that are in line with industry standards and their clients’ data is safe.
Pushing the Industry Forward on Compliance and Information Security
Information breaches pose a high risk to legal services providers. They can cause the suspension of normal business operations, presenting a major challenge when court dates are already set, or enable bad actors to seize sensitive client data. Failure to prevent such information leaks can open the door to lawsuits and, worse still, diminish customer trust. A loss of trust is tantamount to ruin in the legal industry, where reputation is everything.
By demanding the most exhaustive audit of security and internal control environments in the industry, the NCBA Subcontractor Oversight Program forces subcontractors to reevaluate their information security practices. Vendors and subcontractors who complete the assessment prove their commitment to compliance and client data protection, as well as their dedication to upholding a trustworthy partnership with the law firms they work with. So far, Docketly is one of only six subcontractors to receive the NCBA Subcontractor Oversight Assessment Certificate.
Docketly, as the leading appearance counsel provider in the United States, is constantly striving to increase compliance and ensure customer confidence. Previously, Docketly demonstrated their commitment to compliance by seeking an annual AICPA Service Organization Control 2 (SOC 2) Report and imploring network attorneys to become . Embracing the NCBA Subcontractor Oversight Assessment Certificate is just the most recent measure Docketly is taking to protect client information and push the industry forward.
To learn more about how Docketly is leading the legal services industry in compliance, subscribe to the Docketly Blog or follow us on social media.