NZ law firm IT risk check.

For partners, practice managers, and operations leads at small-to-mid Australian law firms. It is the same control set we work through with our own legal clients before AML audits, trust account reviews, NZLS practice inspections, and cyber insurance renewals. Each area is grounded in a specific NZ obligation, a specific NZLS rule, or a specific failure mode we see in legal practices.

• ✓
  AML/CFT obligations for the legal sector DIA supervision of captured activities, and the IT evidence that stands up at an on-site review.
• ✓
  Privacy Act 2020 for client data Mandatory breach notification and the Information Privacy Principles applied to legal files and trust records.
• ✓
  NZLS rules of conduct as they intersect with technology The technology side of confidentiality (Rule 8) and competence (Rule 3) under the Conduct and Client Care Rules.
• ✓
  E-discovery and document management Handling large volumes of opposing-party data and keeping your DMS defensible.
• ✓
  Trust account audit-readiness Access control and audit trails on the ledgers an inspector or auditor will ask to see.
• ✓
  Secure file sharing with clients and courts Moving sensitive documents without email attachments leaking privilege.
• ✓
  Confidentiality and privilege in the cloud Where your data lives, who can reach it, and how privilege survives a cloud migration.
• ✓
  Encrypted email and secure messaging Practical encryption for partner mail and the out-of-band verification that stops settlement fraud.
• ✓
  Staff onboarding and offboarding controls Disabling identity, revoking tokens, and removing access in dependency order when people move on.
• ✓
  BYOD risk for legal staff Personal devices holding cached client files, and the controls that contain them.
• ✓
  Ransomware impact on litigation deadlines Continuity planning when an attack is timed to a court deadline.
• ✓
  Cyber insurance for legal practices The underwriter questions, and the evidence to keep so a claim is paid rather than disputed.