Elevate the power of your work
Get a FREE consultation today!
Supply chain risk management in law firms: getting started and practical guidance
Whitepaper
Law firms are no stranger to attacks on their supply chain where the intended target is often a lawyer, staff member or client. If businesses, including law firms, suffer a data breach due to their own, or that of their sub-contractors, mishandling of data, it can result in significant client / business loss, reputational damage and significant financial impact.
Executive summary
Law firms are no stranger to attacks on their supply chain where the intended target is often a lawyer, staff member or client. If businesses, including law firms, suffer a data breach due to their own, or that of their sub-contractors, mishandling of data, it can result in significant client / business loss, reputational damage and significant financial impact. According to the Ponemon Institute’s “Cost of a Data Breach Report” published by IBM Security, the average cost of a breach in 2020 was $3.86 million. This is not insignificant even for the largest law firms. In addition to security, as well as risk and reputational brand management, law firms are now subject to various supply chain requirements from clients, including equity, resiliency and social responsibility.
The primary factors driving law firms to adopt Supply Chain Management programs included in this paper are: 1) Client Information Governance Requirements “CIGRs” (outside counsel guidelines “OCGs”, master service agreements “MSA”, collectively “Agreements”) that not only require the firm to adhere to the client’s security standards, but require the firm to pass those provisions down to any third or fourth parties engaged, 2) domestic and international data privacy laws and regulations, including GDPR and CCPA/CPRA, 3) industry regulatory requirements if your firm is considered a governmental, health care or other specialized industry contractor, and 4) insurer requirements relating to your Supply Chain Management as part of the underwriting questionnaire for cybersecurity coverage.
We also address key areas of Supply Chain Management with a particular focus on risk management related to information governance. We look at who in your firm can serve critical roles aligned with risk operations, and finally, we address contracting points, tools and processes to best protect you, your clients and the industries involved.
To read other reports written by the law firm Information Governance Symposium, please visit: symposium.ironmountain.com
Featured services & solutions
Information Governance Advisory services
More than 100 information governance experts are ready to help grow your program with a comprehensive approach
Law Firms
Stay on top of your practice—and ahead of your competition—with the Iron Mountain advantage
Law Firm Information Governance Symposium
Iron Mountain established the Law Firm Information Governance Symposium (Symposium) in 2012, as a platform for the legal industry to create an information governance (IG) roadmap unique to law firms.
Related resources
View More ResourcesView More Resources
