Please scroll down to see an interactive display of how the Data Steward Program works.
1. Law firm subscribes to the ACC Data Steward Program
Law firm or legal service provider subscribes to the Base License at $1495 annually, entitling the firm to share assessment results with three (3) clients. Each additional client sharing license is $495, with unlimited sharing capped at $9995.
ACC Data Steward Program is free and available to any law firm client, not just ACC members.
The program is designed and maintained through the collaborative industry-wide consortium and has received wide-spread support from law firms, legal services providers and corporations.
2. Law firm completes an information security self-assessment
Law firm completes an information security Core Assessment Questionnaire.
Controls are based on NIST and mapped to other open, global security standards including ISO.
— Addresses 160 security controls spanning 42 security outcomes
— Applicable to large and small law firms across the world
Assessments conducted and stored on the highly secure ACC DSP Exchange platform, based on the leading audit management SaaS platform.
Assessment typically take .5 to 2 days to complete the first time.
3. Immediate assessment results
Firm receives an overall score from
0 to 100. Dashboard also displays scope, ratings for each security domain, issues and exceptions.
Scoring is fully transparent.
Firm sees exactly how their score was derived, and how any additional security measures will impact their score.
Firm has the option of uploading proof of compliance in Evidence Repository.
4. OPTIONAL: Firm engages ACC-approved independent assessor
As an option (funded by the firms), an independent ACC Assessor will validate the law firm’s or service provider’s evidence of compliance.
Independently assessed firms that also meet minimum security requirements achieve ACC Accreditation.
Accreditation is valid for three years.
5. Law firm shares scores with clients
Clients no longer need to send detailed security questionnaires to their firms, or spend significant resources clarifying and evaluating the responses.
Firm shares assessment results with clients and prospects. Firm has complete control on who can see their scores, as well as level of detail to share with any given client from a high-level dashboard through responses on individual controls to access to proof of compliance.
6. Clients can easily assess security across multiple firms
Companies can easily assess and benchmark the security capabilities of multiple firms. Companies request firms to share their assessment.
Companies can send bids to potential firms, confident of the security capabilities of that firm.
7. Assessments are always up to date
Law firms update their assessments when they update their security capabilities. This always-up-to-date score eliminates snapshots and annual refresh process.
As new risks emerge, ACC updates the security controls to reflect these risks.
Firms must update their capabilities to meet these new risks, otherwise their scores will decline.
