The Sedona Conference On Questions to Ask Law Firms About Data Security

The Sedona Conference On Questions to Ask Law Firms About Data Security

April 9, 2020

The public comment version of the Sedona Conference's Commentary on Law Firm Data Security was released this month.  It includes a questionnaire that clients can use to assess a law firm's ability to keep data secure.


The six sections of the questionnaire focus on:


1. General - an information security program; security certifications; document retention and destruction policies; and third party assessments. 


2. Risk Assessment - information segregation; business continuity; disaster recovery; event reporting; incident response plan;  and network updates & security patches.  


3. Asset Security - device and software inventory; internal vulnerability assessments; physical security; malware defenses; and firewall configurations.


4. Communications - data encryption; monitoring of audit logs; protection of wifi; use of transport layer security for email; restricted access to websites that can be used to exfiltrate data; use of intrusion detection systems. 


5. Identity and Access Management - user access control.


6. Security Operations - confidentiality agreements; training programs. 





Please reload

Some elements on this page did not load. Refresh your site & try again.

Contact Me With Your Litigation Support Questions:

  • Twitter Long Shadow

© 2015 by Sean O'Shea . Proudly created with