Over the past couple of years, the legal industry has seen a growing trend of corporate counsel and their outside law firms choosing to contract with managed services providers for handling litigation data.
Managed service providers provide an environment for securely hosting the client’s data, take responsibility for providing 24/7 access to all software applications and the litigation data itself, and hosts any application you use, regardless of the product or software vendor. This trend toward managed services providers is being driven by the need for state-of-the-art data security, specialized expertise in data management, better cost controls and risk management.
If you choose to contract with a managed services provider, it’s important that you make sure you’re working with an organization that is compliant with the highest industry standards at their data centers. Here are four certifications your managed services provider should have:
1. SOC 1. Service Organization Control (SOC) reports, overseen by the American Institute of CPAs, are internal control reports on the services provided by service organizations. SOC 1 is a certification that provides assurances to customers about the provider’s control environment that may be relevant to the customer’s internal controls over financial reporting. Formerly known in the U.S. as SSAE 16 certification, the SOC 1 report is especially important if you’re organization is concerned with Sarbanes-Oxley Act (SOX) compliance or similar laws and regulations.
2. SOC 2. SOC 2 is a certification that provides customers with an independent assessment of the provider’s control environment relevant to system security. This validation requires specific controls relevant to security, availability, processing integrity, confidentiality or privacy. The SOC 2 report is used to gain confidence in your customers or stakeholders of the service organization’s systems that you choose to use.
3. ISO 27001. The Switzerland-based International Organization for Standardization (English acronym is ISO) develops standards for a number of global certifications. The ISO 27001 certification for information security management systems specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented data security management system within an organization.
4. ISO 9001. For a service provider to be considered for ISO 9001 certification, it must demonstrate the ability to consistently provide services that both meet customer specifications and comply with regulatory requirements. In addition, the company must aim to enhance customer satisfaction through the effective application of its systems.
Global industry standards such as these provide important third-party validations that your data is being hosted in secure, highly available, certified data centers. Make sure your managed services provider can produce these certifications.
If you enjoyed this post, you might also like:
4 Cyber Threats Confronting Law Firms and Corporate Legal