Our skilled team offers six areas of targeted service.
Cyber Risk Management Program
We can assist you with:
- identifying, assessing and prioritizing cyber risks and selecting the best risk treatments for identified risks
- advising on legal requirements and regulatory guidance
- helping conduct audits and privileged assessments
- advising on risk treatments
- drafting/reviewing program documents
Incident Response Plans
We craft pre-determined, written incident response plans—including various protocols and guidelines—for rapid, lawful and effective responses to various cybersecurity incidents. This includes advising on legal requirements and regulatory guidance and drafting/reviewing incident response plans and related documents, including:
- protocols and guidelines for communications
- record keeping
- evidence collection
- risk assessments
- ·notification/information sharing
- post-incident review
Test, Train and Exercise Program
A testing, training and exercise (TTX) program can help ensure that incident response plans are up-to-date and that relevant personnel and information technology systems are in a state of readiness. We can help you with:
- designing and executing a TTX program by
providing advice on legal requirements and regulatory guidance
- drafting/reviewing TTX program documents
- participating in TTX program activities (e.g. table-top exercises)
- providing privileged assessments and advice
Practices/Procedures and Education/Training
We offer comprehensive practices/procedures and education/training for the use of information technology systems and information, and ongoing education/training of relevant personnel. This includes:
- advice on legal requirements and regulatory guidance, including advice regarding privacy, hiring/engagement/ on-boarding of personnel and monitoring/enforcing compliance
- drafting/reviewing policies and procedures
- assisting with education/training
- providing advice regarding monitoring, verifying and enforcing compliance
Business Partner Risk Management
We also advise on business partner risk management. It is imperative to address cyber risks in contracts with business partners (e.g. vendors, suppliers, service providers and subcontractors). This is especially true for business arrangements involving transfers of regulated information (e.g. personal information) to business partners, including in connection with the use of cloud services and other outsourcing arrangements. This includes:
- providing advice regarding legal requirements and regulatory guidance
- preparing due diligence checklists
- drafting/reviewing standard form procurement documents and standard form contract schedules
- drafting and negotiating contracts with business partners
- drafting/reviewing internal policies and procedures
- assisting with monitoring and verifying business partner compliance with contractual requirements
Board and Senior Management Advice
We offer tailored advice to boards and senior management. As a C-suite issue, directors and officers are responsible for ensuring that their corporation/organization properly manages cyber risks and effectively responds to cyber incidents. We can help educate and advise directors and senior management on how to fulfil their legal duties and establish an appropriate due diligence and business judgment record.