For Lawyers More in this section
  • For Lawyers
  • Your Membership
  • Fastcase Legal Research
  • Managing Your Law Practice
  • Directory
  • Sections, Committees & Divisions
  • Member Benefits & Assistance
  • SC Bar Convention
  • Event Calendar
  • Bar Programs
  • Legal Resources & Info

    • Questions to Ask Vendors Providing Online Services  

    In order to comply with the South Carolina Rules of Professional Conduct, including Rule 1.1 (Competence), Rule 1.4 (Communication), Rule 1.6 (Confidentiality), and Rule 1.15 (Safekeeping Property) lawyers should conduct due diligence before entrusting client data to third parties. Many lawyers rely on cloud or online services for apps (such as practice management), data storage, backups, email, and telecommunications. Depending on the answers to these questions, lawyers may need to ask follow-up questions or request additional information from the vendor. 

    General Questions 
    Price?
    Is there a trial period?  
    Is there a discount for Bar members or for switching from competing product? 
    How long can you guarantee my price and what notice will I receive if you raise prices? 
    Do you have references from other law firms? 
    Contract terms and conditions? (Read carefully.) 
    Tech support (description and cost) 
    - Training  
    - Data migration and setup  
    - Tech support  
    - Response time 
    - Location of support staff (time zone) 
    If contract or trial period is terminated by user 
    -What will happen to data on your servers?  
    -What data retrieval assistance will be provided to me? Method? Cost? 
    Notification by vendor in case of issues, lost data, data breach, etc.?  
    Vendor incorporation (where, date of incorporation or founding, CEO, etc.)? 
    Location of HQ and employees? 
    Describe any federal, state, or industry security and privacy compliance certifications (such as HIPAA) 

    Security 
    Is my data encrypted both in transit and at rest? 
    What happens to my data if I cancel or fail to pay? 
    What is your internal security policy for your employees, facilities, and data? 
    Who has access to my data and does anyone have access to my encryption key? 
    Do you own your servers and where are they (are they in a U.S. jurisdiction)? 
    Do you lease server space from AWS, Azure, or other? 
    How are your servers backed up and where? 
    Do you allow third party access to client data? 
    - If so, to whom and under what circumstances? 
    - Will you notify me first? 
    What are your business continuity plans? 
    What happens to my data if your company ceases to exist, either through sale, bankruptcy, or other means?