Confidentiality Policy ManagementThe assessment begins by surveying policy administration practices. It includes a review of frequent drivers mandating confidentiality and identifies key priorities and concerns of internal stakeholders. Expert consultants also examine specific policy definitions (e.g. review of outside counsel guidelines mandating access limitations) and evaluate policy issuance, notification, acknowledgement, and reporting practices.
Given the broad set of confidentiality drivers, growing risks, and escalating industry expectations, prudent organizations are carefully reviewing their current information security capabilities. These firms look to ensure that firm policies are in line with external requirements, that internal practices truly follow defined policies, and that processes and tools used to manage compliance are truly effective.
In cases where shortcomings are identified, firms should invest in training and technology to improve procedures and minimize the risk of error or accident.
Modernizing firm practices can be challenging – many organizations are reluctant to undertake initiatives which may require new investments. But the costs and implications of failing to understand these risks and address new compliance rules are too significant to disregard.
The Intapp Approach – Assess, Analyze and Respond
Through a comprehensive assessment, Intapp works with firms to review current practices, identify areas for improvement and design a response plan. This program also enables risk stakeholders to educate firm management and present a clear business case justification for investing the time and resources necessary to mitigate identified confidentiality risks.
The Intapp confidentiality assessment program has been developed in consultation with leading industry insurance providers, several of which will directly sponsor and bear the complete costs of firm participation.
Confidentiality Assessment Program in Greater Detail
With a more complete picture of existing information security practices and risks, firms are better informed and better able to prioritize response plans. Stakeholders are also better informed – risk stakeholders gain a better understanding of how new technology impacts the firm, and IT stakeholders are educated regarding how various rules of professional responsibility, case law and regulations affect their responsibilities.
Technology: Information Accessibility & Access ControlsThe assessment then investigates and reports on the role technology plays in confidentiality management. This includes identifying software systems where sensitive information is stored and the extent to which client information is internally accessible and accessed. It also evaluates the measures presently taken by the firm to control, limit and track access to client data in response to information security policies.
Firm Analysis & Response PlanningThe process concludes with the design and presentation of potential response plans. Where judged prudent, suggested firm options may include implementing new, or refining existing confidentiality practices, modifying firm processes, adopting technology tools, expanding training, or other measures. Based on firm resources and priorities, response plans can set out an iterative, phased approach and timeline.
The assessment approach and methodology is shaped by input from the broad Intapp customer community and the work of the Risk Roundtable Compliance Consortium.