Primerus Board of Directors Approved Cyber Security Standards:
Phase 1 - Cyber Security Standards:
Multi-Factor Authentication for law firm network login (code sent upon login attempt to a different device that must be entered for access to network), for remote access or any access to cloud systems.
Privileged Access Management and Identification Policy (establishment and termination of law firm network access), with Access Logs and Processes for Audits of Access Logs.
Data Security Policy with Security Patch Management
Security Incident Plan and Breach Notification Policy and Processes.
Internal Risk Assessment and Security Monitoring Policy.
Disaster Recovery and Business Continuity Plan.
Phase 2 - Cyber Security Standards:
Offer of encryption of client and sensitive information in motion (email and text) and at rest (storage and backup).
Third‐party risk assessment and engagement procedures (i.e., vendors and consultants).