CASE STUDY: PILLSBURY INTERNATIONAL LAW FIRM

As a firm that represents corporate customers across multiple industries, Pillsbury must comply with a broad range of governance and regulatory requirements. For each of its clients, validation of its data compliance and security posture needs to be documented and logged to demonstrate the firm’s adherence to industry-specific regulations and best practices. But proving that appropriate controls were in place for each customer was a tedious and time-consuming undertaking.

Pulling together compliance information such as internal controls, acceptable use policies or even something as simple as what version of endpoint antivirus software is being used can take hours if done manually and provides cybersecurity workflow management for improved compliance, visibility, and reporting.

“As a law firm for customers in multiple industries we must meet many compliance standards and we need to be able to easily communicate our controls and processes to the business side to show evidence of our compliance. But providing documentation across multiple departments was an exceptional resource drain.”

– Ray Elquist, Information Assurance Manager, Pillsbury Winthrop Shaw Pittman LLP

With built-in recommendations for multiple industry frameworks – from NIST, HIPAA, and PCI to SOC2, ISO, and SEC – the solution outlines the necessary controls required to be compliant. This helped Pillsbury to quickly identify any security gaps and prioritize what needs the most attention while giving the company deep visibility into their cybersecurity plan so that they can better measure their success.

“We can plug in the industry framework we need to comply with and Apptega will guide us with the steps we need to perform to meet its requirements. It also performs valuable audits of our internal strategy so that not only can we assure regulatory compliance but so that we have a stronger grasp of the budget and resources needed in the future.”- Ray Elquist Information Assurance Manager Pillsbury Winthrop Shaw Pittman LLP

While the solution has helped chart Pillsbury’s cybersecurity road map, it’s also delivered other time-saving features. “At first we thought Apptega would just be a tool to help us chart our cybersecurity strategy, but what we got was so much more. Apptega has also become a core component of our compliance evidentiary process for our clients.”

The Pillsbury team now has put Apptega at the core of its cybersecurity workflow and can run needed reports for clients and prospects to prove compliance where needed. The team plugs in the evidence that it is meeting key controls once and can then run reports based on that data for new client requests or RFP questionnaires. “It saves hours upon hours of legwork.”

-Ray Elquist, Information Assurance Manager Pillsbury Winthrop Shaw Pittman LLP

Not only has it increased the security of its systems and controls, but it has also helped build greater confidence between the firm’s security and line-of-business teams and loyalty with the customers they serve. Going forward, Pillsbury plans to use Apptega to achieve its ISO 27001 certification – a goal they have had for some time. Elquist and his team also plan to begin using Apptega’s prescriptive advice feature as the law firm moves into more complex security frameworks.

“We are very grateful to Veristor’s expertise and guidance in finding this very powerful product for our environment. They spent the time listening carefully to our needs and delivered the exact solution we needed to elevate our cybersecurity posture and demonstrate compliance to our customers.”

-Ray Elquist, Information Assurance Manager Pillsbury Winthrop Shaw Pittman LLP