Search Results

November 13, 2019 Regulators expect diligent oversight, which costs time, which is well… money. A good vendor management plan can be a worthwhile investment, considering the devastating consequences of a data breach, but it should be made proactively and thoroughly as possible. Vendor monitoring should include reviews of quality of service, risk management practices, financial condition, and applicable security/IT controls, policies, and reports. Take a look at this quick one-page to learn the 5 most effective vendor monitoring methods.

October 23, 2019 Cyber hacks and data leaks have become commonplace in digital business, but the past few years have seen a surge in reported breaches across the legal industry. Even though law firm data breaches tend to slip under the wire, the number of cases, and their impact, keeps increasing. From corporate-scale law firms to offices with just a few partners, the data is too valuable and hackers spare no personally identifiable information (PII). In the last couple of years, reports from firms and attorneys who have reported data breach incidents to state authorities, paint a wide picture of how ruthless cyber criminals are when it comes to stealing legal data. Here are just a couple of examples from hundreds of reports, that range across firm size, practice area, and breach method: Conn Maciel Carey, in 2018, CMC learned that the email account of one of its employees had been accessed without authorization by an unknown individual, exposing medical historical information. Aaron J Butler, Attorney at Law: in 2017, this one-man firm in Indiana had customer data exposed after his laptop was stolen and password was hacked. Jenner and Block Law Firm – In 2017, the firm reported that employees’ W-2 forms were “mistakenly transmitted to an unauthorized recipient,” exposing Social Security numbers, salaries and other personal information for 859 people across 6 states. Proskauer Rose – Similarly, one year prior, in 2016, Proskauer also reported a breach of W-2 information, when a payroll employee responded to what was believed to be an email request from a senior executive. More than 1,500 across 5 states people were affected. Lando Law Firm – In 2015, the firm became the victim of a targeted phishing attack which exposed the firm’s emails and client and employee information across 6 states. …The list goes on. Whether it’s a boutique firm, solo practitioner, nonprofit organization, even government law offices, everyone is at risk. Just like the ABA Journal’s report above, most cybersecurity studies show rising trends in risk and exposure. For instance, in 2018, there were about eight cases of high-profile data breaches in New York alone, with a conservative estimate of a widespread impact of over 1,500 individuals. Unfortunately, this is only the number of reported cases. We believe that the majority of data breach cases go unreported, especially in the legal industry, where the reputation for discretion is paramount. Law firms may choose not to report data breach incidents because they do not want their clients to know about the exposure- a data breach is also a breach of trust. Any vendor fears the loss of clients, but particularly in the legal industry, a data breach is a breach of trust. Plus, there are so many attacks now, happening at every minute, that if anything is reported at all, it’s only going to be the huge attacks – the breaches that get out to public knowledge. Former head of the FBI’s cyber breach unit, Austin Berglas, confirms that “Law firms are only going to make those reports when they’ve confirmed through a forensic investigation that reportable information has been touched. They’re not going to report every event—they see it every day.” Why Are Firms Being Targeted? If it’s not clear yet, let’s take a look at why firms are so heavily targeted. First, and most clearly, lawyers are guardians of their clients’ important and sensitive information. From mergers to IPOs, confidentiality is one of the essential facets of attorney-client relationships. Cyber criminals know that they stand to win big if they land their hands on any attorney’s, much less a whole law firm’s, data. Equally, the reputation of the law firm lies in its ability to protect and preserve the client's information. To protect client information, in some cases, law firms may be willing to pay off hackers rather than report the hacking incident to relevant authorities, meaning hackers have a higher chance of unanimous and undetected success. Is There a Solution? So what to do? Let’ work together to keep you, your firms, and your information safe. We are here to help you keep data secure by holding yourself and your firms accountable. Using Counself Risk, firms will respond thoroughly to client due diligence and information security questionnaires, requests, and audits, and legal departments can measure and manage third-party risk conveniently with a secure platform and audit history. We, ourselves, are dedicated to safeguarding your data, and hold active ISO 27001 certification for our secure cloud platform stocked with templates, features, and policies that will help you organize your risk documentation, so you can focus on helping clients with their legal issues. Check out more about our security here, and contact us here to learn more about us.

September 24, 2019 InfiniGlobe LLC, announced today that it has again passed ISO/IEC 27001:2013 certification. This is the second year InfiniGlobe has undergone a thorough third-party audit and passed evaluation to achieve certification to The Standards. In order to maintain active certification, InfiniGlobe must undergo an audit every year. NEWPORT BEACH, CA - Schellman & Company, an ANAB and UKAS Accredited Certification Body, certified InfiniGlobe LLC as compliant with all of the ISO/IEC 27001:2013 certification requirements – an information security standard from the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The scope of the certification extends to every level of InfiniGlobe’s operations included in the Information Security Management System (ISMS), from cloud-based computing and IT to asset management, access control, human resources security, vendor management, and application security. ISO 27001 is a globally recognized standard for the establishment and certification of a secure and enduring ISMS. The standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization’s overall business risks. It sets forth a risk-based approach that focuses on adequate and proportionate security controls that protect information assets and give confidence to interested parties. “The advent of newer technologies and increasing adoption of Cloud Computing systems introduces new risks and cyber threats such as data breaches. By committing to a world class security standard, we plan to keep ahead of evolving data security threats and ensure our clients’ data is safe” said Mori Kabiri, President and CEO of InfiniGlobe LLC.“Achieving and maintaining ISO 27001 certification is important to us because it gives our clients and prospects confidence that when they entrust us with their information, we are independently accredited to keep that information safe and secure. In addition, our employees and operations greatly benefit from the systematic ISMS framework, helping us run our organization according to best practices.” Obtaining ISO 27001 certification required a comprehensive and thorough external audit carried out by Schellman, joining InfiniGlobe to the select group of just over 1500 Companies in the US actively carrying this certificate. “Achieving ISO 27001 certification is a great achievement for any organization. InfiniGlobe was able to demonstrate an effective Information Security Management System with the assistance and support of a solid management team and consistent processes. Their accomplishment speaks to the commitment they have to addressing information security risk throughout their services.” said Ryan Mackie, Principal of Schellman & Company, LLC. About Schellman & Co Schellman & Company, LLC is a leading national provider of attestation and compliance services – and the only company in the world that is a CPA firm, an ISO Certification Body, a globally licensed be PCI Qualified Security Assessor Company, a HITRUST assessor, and a FedRAMP 3PAO. Renowned for expertise tempered by practical experience, our professionals provide superior client service balanced by steadfast independence. Schellman’s approach builds successful, long-term relationships and allows our clients to achieve multiple compliance objectives using a single third-party assessor. The above is an excerpt from InfiniGlobe's press release announcing the initial certification. InfiniGlobe's up to date certificate can be viewed on Schellman & Co's website. View the official press release here.

September 3, 2019 Exposure to risk doesn’t begin and end with a project or a client or an email. Thorough due diligence is essential to effective risk management, and risk management is essential to tracking, finding, and mitigating threats that increase your vulnerabilities (and your insurance premiums). The Ponemon Institute’s 2018 Report for security leaders found that 68% of respondents reported that their business leaders did not have a complete understanding of the impact potential threats could have. Risk management is no longer a luxury, it is a business priority, and requires resources to help you navigate the data collection, security, assessment, and approval process. Quick and easy, here are 5 streamlining benefits of Third-Party Risk Management: 1. Control your Communication Spreadsheets and email chains are no longer innovative tools for information collection and communication. Don’t get us wrong, spreadsheets can be powerful, and no one loves a quick email more than we do, but combine the two and a big project with confidential information? Cue the headache. The hassle of emailing back and forth, of file versioning, of compatibility issues and updates, of always having to double check the recipients to make sure your files are “safe”... There’s hardly a central record of who has or has had access to what, and even worse, just like with a piece of paper that is uncontrolled once printed, a file is usually uncontrolled once emailed. The legal industry in particular has become a plentiful target for hackers, which is alarming due to the high risk and confidentiality of the information being communicated. Uncontrolled and decentralized file share through unencrypted or monitored email makes it difficult to identify, assess, and address potential vulnerabilities and risks, the least of which can be a phishing attack, and the most severe of which could be an arbitrary code execution resulting in a massive data breach. 2. Keep Information Current Granted, due diligence collection, review, and approval takes time and requires collaboration across departments. To best assess risk when performing due diligence, you’ll have to collect records from HR, Legal, and Accounting and coordinating that collection effort when people span across time zones is a lot of work. By using a centralized third-party risk and compliance platform, approved assignees and collaborators can be in-the-know on the latest happenings with requests, risk assessments/profiles, and projects. Securely collect, review, request clarifications, and update information to keep risk assessments current and relevant. Don’t worry about missed meetings and stop asking to be sent the call recording or meeting notes. Instead of reading the minutes or asking others to fill you in, keep up to date on the status of your Requests, your vendors’ responses, your colleagues’ comments, and the status of risk management actions. 3. Create Organizational Memory Known business processes, procedures, and information can be referred to collectively as 'organizational memory.' Data science is increasingly making it possible to digitize, store, and analyze this information so it can be easily retrieved even when there is personnel turnover, promotion, or retirement. This means the knowledge your colleagues have gathered and developed is being captured and made available to the other staff members so that it is not taken out of the business when they’re not available. Companies that run similar initiatives will benefit more from the investments they make in their personnel by using organizational memory to make better risk and business decisions. By performing full and thorough risk assessments through due diligence requests in Counself, clients can inquire, collect, and maintain frequently used documentation, notes, and procedures in a private but secure Company Library. Levy your colleague’s experience and knowledge, centralizing that know-how and storing everything about past projects and lessons learned in one location. 4. Make Sharing Less Tedious Effective and efficient collaboration is the foundation of any team endeavor, but with the use of only a spreadsheet, it is difficult to transparently and productively collaborate. Edits and versions can get crossed as all involved parties try to access and update the information in the spreadsheet or pdf or file. The risk management process is an integral part of communication through project management, which makes it easy to join forces and work together as a team to handle all the risks that your business faces. By using a centralized, accessible, cloud-based platform as your request, assessment, and agreement repository, you and your colleagues will be able to work together with a full audit history and timeline to track changes and keep risk assessments up to date. 5. Improve Security Spreadsheets are not the most secure tools for information collection transfer. For instance, there is no guarantee that someone won't mistakenly edit a formula or alter a sensitive pivot table. Even if all secure cells are locked or configured, there is no strong conviction that spreadsheets have the backup functions and the configuration management options that a certified and secure platform will offer you. You don’t have to get rid of every tool you’ve found useful, but you have to recognize that your information is as secure as its weakest link. If you secure your spreadsheet but send it in an unencrypted email, the password can be hacked. If you share your spreadsheet in a secure, ISO 27001 certified platform, your only concern should be whether the data is accurate, not whether it is safe. This is where the importance of vendor cloud security comes in, and why you should absolutely perform due diligence requests to your IT vendors as well. Third Party Risk Management software can be a great tool to leverage, but you have to make sure the software you’re using to keep safe is safe for you to use. Risk Management Should be Your Priority With compliance and risk management software, you are ensuring your company and your business greater longevity. You can monitor your commitments, vendors, assess and identify potential risks and involve your team in your compliance processes. Maintain the documentation you most often have to share, such as company approved information security policies or template agreements for all of your personnel to use while securing it all on a safe and centralized platform. The Counself platform has been specifically designed with these considerations in mind to bolster your third party risk and due diligence processes. Use Counself Risk to send Due Diligence Requests, create and circulate intelligent Forms that streamline the data collection process for you and your vendors, and maintain full audit histories and access security restrictions for ease of monitoring like something you want to explore for your department? Contact us here for more information.

July 18, 2019 Cybersecurity strength is determined by its weakest component. With the growing amount of digital business and cloud-based products, cyber-crime is rampant and no one in the legal industry can afford to take any risks. Take a moment to think about all of your vendors, all of their vendors, and so on. Consider the number of access points within your various supply chains to your data and systems. Even if your company or business unit has taken the time to develop and implement thorough internal security policies, all it takes is one overlooked vendor and one data breach to render your security preparation useless. Think of it this way: in the case of the Death Star, the strongest galactic weapon, all it took was one overlooked thermal exhaust chute; in the case of the Titanic, the “unsinkable ship,” all it took was one disregarded iceburg. We have a long history of overestimating our preparation and underestimating risk, but we don’t have any excuses. Corporations have long been at the top of hacker hit lists, with the Legal Department a veritable goldmine of valuable information. As cyberattacks and security regulations continue to increase in number and complexity, companies are focused on developing preventative countermeasures. Not surprisingly, cybercriminals have adapted and are working smarter, not harder, by shifting their focus to easier targets with fewer information security resources. As custodians of their clients’ confidential information, firms have access to the same sensitive data, but typically have far fewer cybersecurity preventions in place. Data security, and specifically Vendor Compliance Management, is no longer just an IT issue, it’s a Legal and Compliance responsibility. Risk is Contextual Most companies have cybersecurity measures in place, but the flux of regulatory requirements embroil them in a never-ending cycle of evaluation, best-practices review, and implementation. From state specific regulations, such as the New York DFS Risk Based Monitoring System Requirements to international ones such as the GDPR, every industry has been touched by expanding cybersecurity regulations. With a growing marketplace of cloud-based solutions, wise companies know they’re not only responsible for the security of their own systems, they’re also responsible for their vendors’ systems. A company’s risk assessment must include the full network of systems and information – it is dependent on the context that surrounds each element. Take a simple, low-risk task: ordering business cards. The company that has been approved to print your business cards requires only your name and shipping information, and a cursory risk assessment turns up certifications ensuring transactions are secure. However, if the same company required you to provide specific PII (personally identifiable information) such as your SSN, or didn’t display any certifications of secure exchange of information, the low-risk action of ordering business cards suddenly becomes high risk. Risk is contextual, not isolated. You take on the risk of your vendors. Now imagine a complex, high-risk project, such as litigating a multi-million dollar corporate lawsuit. The firm that is approved to serve as Outside Counsel must be thoroughly vetted, both for their compliance with your policies and for their compatibility with your practices. Security must have an equal, if not more significant, weight in the decision-making process. Take the "Man" out of Manual Legal Departments are adapting, running competitive procurement processes and developing thorough Compliance programs for their Legal Service Providers to undergo before granting access to systems, networks, and data. Given the potential exposure a cloud-based vendor can open your system up to, it’s critical to dig deep, do your due diligence, and understand your vendors’ security controls. From assessing the physical security of their data center to knowing who will have access to your data and how that access will be granted, it is your responsibility to confirm the security of your data. Your vendors may not be immediately familiar with the intricacies of the kinds of data you handle and how you handle it. That’s why it’s crucial to define your security concerns and requirements in your Agreements and to take the time to discuss the specific needs of your business before the engagement begins. Use this article for suggestions of questions to ask your vendors during your compliance risk assessment, and use Counself Risk to automate your risk assessment, due diligence, and onboarding processes. Built specifically for compliance and due diligence workflows in the legal industry, Counself Risk is powerful not only in onboarding vendor compliance, but also in the continuous monitoring tools it offers, which are critical to the assessment process. Keep in mind that although managing risk presented by Outside Counsel is simply the cost of doing business today, it doesn’t have to be a frustrating one. Escape endless email chains and excel sheets by designing custom, collaborative forms that can capture all of the documentation and information you need. Automate event notifications so you can keep track of expiration, renewal, and reassessment dates. Tap into your team’s knowledge and optimize your working relationships by evaluating Outside Counsel. Tailor your assessments to each of your vendors, collaborate internally and externally, and centralize your data in an auditable repository of risk information. All on a fully secured, ISO 27001:2013 certified private-cloud platform. Take the "man" out of manual, and make better use of his time (and yours), by optimizing your vendor compliance and management process with Counself Risk. Please contact us here for more information.

April 13, 2019 What is the FRB SR 13-19 really, and what do you need to know? We sat down, tore into it, and put together this series to explain exactly what it means for your Legal Department and for your Law Firms. Not long ago we heard of two foreign hackers who stole about 60GB of data pertaining to the impending mergers of public companies from two major New York Firms. They successfully obtained Inside Information by hacking into a user account, installing malware on the server, and monitoring/exfiltrating targeted email accounts of firm partners who worked on high-profile M&A transactions They subsequently traded on the stolen information and made more than $4 mil in profits before being caught. It turned out that in addition to attacking the two named firms, they had hacked into or were trying to hack into the networks and servers of five other Law Firms using the exact same method. The legal industry has seen a stark increase in data breaches as cyber criminals realize the value of information they can tap into and how easy it can be to steal. The industry has even been labeled "the latest gold mine for hackers" This is not just because of the value of information circulated, but because of the ease of third-party access with growing cases of hackers seeking and accessing client networks through firm networks. Manhattan US Attorney Preet Bharara couldn’t make it clearer: “This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking, because you have information valuable to would-be criminals.” In the digital age these stories of needlessly putting clients, vendors, and legal information at risk are increasingly prevalent, but there are some business sectors that have embraced risk management and are blazing the path for better information security. The financial industry is one of the frontier industries in risk management, and in particular managing Outsourcing Risk. “you are and will be targets of cyber hacking because you have information valuable to would-be criminals” As hackers increasingly target law firms, auditors especially expect Legal Departments to develop Third Party Risk Management programs that provide oversight and controls for their Legal Service Providers and Law Firms. Let's look into the above data breach example from the client’s perspective (the companies acquiring or being acquired) and see how the SR 13-19 would categorize the kinds of risk they were exposed to in the law firm data breach: Compliance Risk When the services, products, or activities of a service provider fail to comply with applicable U.S. laws and regulations. Example: Regulators don’t care why it happened, just that it did. You can be sure based on applicable regulations, mandates, membership agreements and other industry-specific requirements, you and your Outside Counsel firm will be facing heavy fines. Concentration Risk When outsourced services or products are provided by a limited number of service providers or are concentrated in limited geographic locations. Example: Since you also relied on this firm to handle all of your M&A cases (even the ones in Europe!), you’re left scrambling to find new Outside Counsel with little time to conduct the due diligence required to keep this from happening again. Reputational Risk When actions or poor performance of a service provider causes the public to form a negative opinion about a financial institution. Example: The leak gains publicity and your stock price plummets. The Manhattan Attorney General makes an example out of you. It also becomes a key selling point for competitors who claim to have more stable systems. Customers close their accounts. Country Risk When a financial institution engages a foreign-based service provider, exposing the institution to possible economic, social, and political conditions and events from the country where the provider is located. Example: Let’s imagine for a second that one of the firms breached was headquartered in the UK and not in New York and that they are involved with all of your M&A transactions. It’s already difficult enough getting in touch across the pond, but now with the confusion over Brexit, their foreign transactions work has been increasingly affected, causing financial and operational issues. Now, just throw a data breach in the mix. Operational Risk When a service provider exposes a financial institution to losses due to inadequate or failed internal processes or systems or from external events and human error. Example: You find out that although your firm provided you with internal Security Policies, they were not following/enforcing them in practice, exposing their system (and your information) to this attack. Legal Risk When a service provider exposes a financial institution to legal expenses and possible lawsuits. Example: Various interested parties to the breach file lawsuits against your vendor and against your company for damages to reputation and operation, fraud, and relevant costs for damage control. This list is both compact & comprehensive, although of course, there are always specialized risks that may not fall under one of these umbrella categories. It is are a great place to start when considering the types of services your Legal Service Providers and Law Firms provide and where their systems can be vulnerable. Ultimately, you know your Law Firms and Outside Counsel best and should tailor your assessments of their risk to their operations. How can you do that? Make sure to keep up with us to learn more about the SR-13-19 in the context of your Legal Department, Legal Vendors, and Outside Counsel by reading more in our series here or reaching out to us here.

March 15, 2019 In 2013, the Board of Governors of the Federal Reserve System (FRB) issued the Supervisory Letter SR 13-19: Guidance on Managing Outsourcing Risk, which in conjunction with the FFIEC’s Outsourcing and Technology Services Booklet, aims at assisting financial institutions in developing secure Vendor Risk Management programs to mitigate risks associated with third-party service providers. What is the SR 13-19 really, and what do you need to know? We sat down, tore into it, and put together this series to explain exactly what it means for your Legal Department and your Law Firms. As the use and prevalence of technology have expanded, so have the quantity and specificity of data security regulations. The Financial (and Legal!) industry has seen a particular spike in regulatory attention over the past decade, as it’s particularly prone to both internal data fraud and external cybercrime threats, incidents which often result in significant losses to customers and investors, as well as potential shocks to markets. Stories of data breaches where clients, vendors, and legal information were put at risk are increasingly prevalent, but there are some business sectors that have embraced risk management and are blazing the path for better information security. The financial industry is one of the frontier industries in risk management, particularly Outsourcing Risk. The FRB SR 13-19 was developed in part as a supplement to the FFIEC’s Outsourcing and Technology Services Booklet, and beyond providing definitions, clarifications, and requirements for effective vendor risk management, it is known for its extensive list of Risk Considerations (introducing Concentration Risk), and its thorough breakdown of Contract Provisions. We'll explore these later in our series, but for now, here are some fast facts: Who Issued it? United States Board of Governors of the Federal Reserve System (FRB) When? December 5, 2013 What Did they Issue? Supervision/Regulation Letter (SR): Guidance on Managing Outsourcing Risk. (It is also referred to as CA 13-21 in California). Why? To assist financial institutions in understanding and managing the risks associated with outsourcing a bank activity to a service provider to perform that activity. Who Does it Apply To? All financial institutions supervised by the Federal Reserve, including those with $10 billion or less in consolidated assets. Mandatory? Yes. When is it Required? This is dependent on the size and type of financial institution you are! Contact the FRB for more details. Any Cross References? FFIEC Outsourcing and Technology Services Booklet FRB SR 11-7: Guidance on Model Risk Management If you have some time, we recommend giving it a read, but make sure to keep up with us to learn more about the SR-13-19 in the context of your Legal Department, Legal Vendors, and Outside Counsel by reading our series or reaching out to us here.

February 27, 2019 Six months ago, we wrote about the prevalence and cost of data breaches and looked at some expensive examples of cyber-crime in the legal sector. We cited The World Economic Forum’s 2018 Global Risks Report which reported that in terms of likelihood, CyberAattacks and Data Fraud or Theft fell 3rd and 4th in international risks facing businesses, both rating at around 4 out of 5. This was alarming, although not particularly surprising, particularly within Corporate Legal Departments and Legal Operations. In 2018 Information Security stopped being a suggestion. Many companies are still adjusting to the compliance requirements and subsequent international impact of the General Data Protection Regulation (GDPR) which became enforceable on May 25th of this year, as well as the wave of data transparency and breach legislation across the US. In 2018, Information Security stopped being a suggestion. 16 years after California enacted the first mandatory breach notification law, all 50 U.S. states have now enacted their own breach notification laws. In addition, 2018 was a big year for regulatory oversight of Outsourcing Risk Management programs. From California’s Consumer Privacy Act (CCPA) and Colorado’s HB18-1128 to Nebraska’s LB 757 and Alabama’s SB 318v, regulators and legislators made it clear that not only were companies required to maintain reasonable security practices and procedures, but that they must also flow down those obligations to their vendors and third parties. And it seems to have worked! The 2019 Global Risks Report (GRR) reported that in terms of likelihood, Cyber attacks and Data Fraud or Theft fell to 4rd and 5th in international risks facing businesses, both rating under 4, at about 3.75 out of 5 (a 25% reduction!). It’s encouraging to see progress, and we can expect data security will continue to improve as long as we continue to as well. One thing the GRR does not consider in detail is third-party contribution to risk, and when we look at a more third-party risk focused survey, the results are far less complimentary. 59% of respondents reported a third party data breach in 2018, a steady increase from past years (56% in 2017, 49% in 2016). So why is third party risk increasing? The problem isn’t that companies are just ignoring third party risk, it’s that many expect a one-size-fits-all solution to vendor assessment, selection, onboarding, and management. This leaves compliance managers and department leads with 400 question assessments that neither their vendors want to spend time completing nor do they want to spend time reviewing. As more regulations are passed and pressure on companies to show proof of third-party oversight, generalized solutions won’t work anymore. Clients and vendors are both quickly getting overwhelmed and as manpower is delegated away to deal with the management demands, things slip through the cracks. Wise companies recognize the costly inefficiency of this method and have recognized the value of delegating specialized Vendor and Third Party Risk Management resources to departments such as Legal Operations. And others are catching on - almost 60% of institutions said they expect to increase their enterprise risk management budgets during the next three years. How to select the risk third party risk management platform? We wrote a quick piece on what to look for in your IT and software vendors and what 6 questions to ask to ensure that your data will be secure. Find out more about Counself Risk here and about how Counself handles security internally here. To see a demo or for more information, contact us here.

January 28, 2019 Financial Industry Leader Chooses Counself to Perform and Manage Outside Counsel and Third-Party Vendor Risk Assessments Necessary for Complying with FRB SR 13-19 Guidance. NEWPORT BEACH, CA - Counself Inc. announced that it has partnered with one of the top 15 banks in the US to set best practices in legal vendor risk management. The deal provides an exciting opportunity for Counself’s ISO 27001 certified, cloud-based platform to be used in securely performing, maintaining, and renewing due diligence and ongoing evaluations of outside counsel and other legal service providers. Counself will be rolled out to assist this Legal Department’s in-house counsel organize and access a list of approved vendors and outside counsel in one centralized compliance hub. With growing reliance on cloud-based applications, the financial industry in particular is facing a maze of evolving regulatory oversight. Regulations such as FRB SR 13-19, OCC Bulletins 2013-29 and 2017-21, and FDIC-FIL-44-2008 require risk assessments for all vendors (including law firms), standardized engagement letter/contract provisions, and ongoing monitoring and accountability. "We are proud to have been chosen by one of the largest financial institutions in the US to optimize their vendor and outside counsel management program," said Mori Kabiri, the founder and CEO of Counself. “Our client is relieved to see their arduous and manual process will be streamlined, transforming the compliance evaluation process with our secure, collaborative, and automated solution.” Designed intelligently for Legal Operations, users can take advantage of Counself’s library of best practice forms, questionnaires, documents, and request templates to expedite their compliance gathering process, as well as automated event notifications, collaboration tools, and reporting to better manage their vendor relationships. For further productivity, Counself is fully integrated with many other applications such as DocuSign, Office 365, Box, Dropbox, OneDrive, Google Drive, and ELM solutions such as TeamConnect. “We listen carefully to our clients, identifying and developing tools on our platform that not only help them with present problems, but will inform and shape future best practices,” Mori shared. “Our goal is to offer standardized approaches to perform due diligence and ongoing monitoring of outside counsel and vendors by providing a tool for both sides to collaborate on security, privacy, and business resiliency control assessment questionnaires.” “We work for the moments our clients breathe out relief and breathe in excitement at discovering what Counself enables them do," explained Mori. ABOUT COUNSELF Counself, a highly secure platform, intelligently designed to help corporate counsel and Legal Operations teams manage relationships with their outside counsel and legal vendors. It is a unique two-sided solution that optimizes the RFx process for both clients and vendors. The Counself Risk Module streamlines due diligence collection, review, ranking, and monitoring processes using ready-to-use risk assessment questionnaires, engagement contracts, and other tools. Counself empowers legal departments to beat the maze of evolving financial and regulatory mandates and mitigate risk with external suppliers and enables law firms to respond more efficiently to client requests using best practice templates and iterative collaboration. Counself is under the scope of ISO/IEC 27001 certification, achieved by InfiniGlobe LLC. Visit us to learn more or contact us for a demonstration. Read the official press release here.

January 24, 2019 We’re super excited for the Legalweek New York event. Stop by our booth 2303 and let’s talk about how Counself can help you with your Outside Counsel Risk and Relationship Management challenges.