Top 6 Immigration Software Security Questions to Nail in an RFP

Picture this: Your immigration firm has been aggressively pursuing an opportunity to represent a large international company with frequent visa needs.  Acquiring this client would be both prestigious and profitable for your firm. In every interaction, it is clear that you have the right combination of legal knowledge and expertise to serve the client well. More importantly, your team is even connecting on a personal level with the company decision-makers.  You’re clearly the front runner and it seems that it is just a matter of time until the agreement is signed. Fast-forward a week or so, and your prospective client invites you to attend a “security review” meeting where some members of the corporate IT team will be attending. Your main contact assures you this is all routine and just a formality before the deal is sealed. You figure they probably want to know about the security at your office, privacy policy – the usual mundane sort of stuff. The day of the meeting arrives and 45 minutes before the start time you receive an e-mail from the company containing a 12-page questionnaire entitled “IT Security Audit Review.” As you begin to read the document, you chuckle, thinking this clearly must be a mistake. You’re an immigration attorney, not an IT specialist. Sure, you know what a firewall is, but you haven’t the foggiest idea of whether it has egress and ingress filters (or even why you would want that). To make matters worse, you learn that there will be 3 members of the IT Security team in attendance as well as the decision makers and they are all expecting to hear the right responses from your group about system security. Do you have what you need? What questions might be asked? And most importantly, who can provide you with the correct answers to these questions? The secure management of employee and client information is a growing concern for companies of all sizes. Large corporations frequently have a deep investment in staff and technology to insure that employee data is carefully guarded. IT teams regularly audit their own internal software partners as well as external providers such as law firms that use software to manage cases for the employees of the company.  Security audits will focus on a few key areas of concern. Here are the questions you should be prepared for: 1. Encryption of Personally Identifiable Information (PII)

  • Will your case management system encrypt PII information both in transit and at rest? Is the information contained in employee files encrypted at the database level to further protect it from unauthorized access?

2. Data Center Security Certification

  • Do the data center locations have SAS 70 Type II certification? Is this documented and can it be provided upon request?

3. Intrusion Prevention Systems

  • Does the case management system employ intrusion prevention systems? Are these tested on a regular basis?

4. Documented Security Programs

  • Does the case management system have documented security policies and programs in place including the regular education and testing of software vendor staff on security practices?

5. Disaster Recover and Cyber Insurance policies

  • Does the case management system have a documented disaster recovery plan and appropriate cyber Insurance policies in place?

6. Secure Communication Systems

  • Does the system provide a secure method of communicating with employees that does not rely on e-mail? (To protect against the sharing of sensitive client information via e-mail).

While it’s tempting to just say “yes” to all of these questions, a sophisticated client will want more in terms of details, documents, and even security references. To answer these properly and confidently, you need a case management partner with the deep investment in security infrastructure, expertise in security measures and experience in working with corporate client Security Auditors. This combination of attributes is a phone call away if you are using the EDGE system by LawLogix. Assistance with RFPs and written or phone security audits are part of our daily service to law firm clients.  If you are preparing for an upcoming RFP or you have received a security audit questionnaire from one of your existing or prospective clients, make sure you reach out to your EDGE contact for assistance. At LawLogix, your success is our number one priority!