How SDS Helped a Legal Firm Safeguard Client Records with a Privacy and Security Framework

Secure Digital Solutions understands the legal industry and its multiple regulations, which can include FISMA, HIPAA, PCA DSS and NIST controls. Changing laws and policies introduce complexities into business models.

14135683605_a5650500d5_bIn this case, a legal claims corporation was required to comply with FISMA (Federal Information Security Management Act) to continue to grow its business with federal government entities. The company engaged Secure Digital Solutions (SDS) to deliver FISMA compliance requirements and accomplish all related tasks within an aggressive timeline. Adding to the challenge, a Unified Control framework mapped with PCI DSS, HIPAA and NIST controls was also requested within the time frame. Meeting both goals would position the company for new business opportunities, while satisfying existing clients.

Multiple assessment dimensions requiring experience

“SDS assesses your overall program—the leadership, policies and technical mechanisms to keep an eye on things,” says Mike Edlund, Practice Manager for SDS who keeps all engagements on track with client expectations. “A person who doesn’t have much experience related to all these areas would have a really hard time addressing them.”

“Questions we ask are: Is there an information security counsel—the upper leadership and strategic element? Do you comply with various regulations that impact you? How are your operations—your day-to-day activities and are you doing them effectively?” says Edlund. “And then there’s the element of architecture—building your systems property with the right technology and tools. “

Deliverables: On time, under budget

SDS delivered the Unified Control Framework on time and under budget, and the client received acceptance from governing entities. To inform and obtain top-level executive buy-in, SDS presented compliance status for all three regulations. SDS also delivered a remediation plan for the client to meet controls identified in the Unified Control framework.

“There is a lot of heavy lifting during engagements with our clients—gathering data, writing up findings, and prioritizing what we suggest they do to improve on their findings,” says Edlund. “My job is to deliver quality in that interaction process with communication and status updates.”

The legal claims firm won additional business and further positioned itself for larger market share and greater competitive advantage.

The experience and certification SDS has in multiple levels of security management enables us to develop a successful Unified Control Framework for organizations. Most importantly, the framework we build directly serves your business objectives.