Fri, May 17, 2019

Case Study: Global Software Leader Leverages CyberClarity360™ For GDPR Compliance

A global software company facing a short deadline to comply with privacy regulations in their multinational portfolio of intellectual property law firms engaged CyberClarity360TM, to tackle the challenge. CyberClarity360 is designed for velocity and depth, allowing the client to complete the assessment of its outside law firm’s posture relative to not only the General Data Protection Regulation (GDPR), but also the NIST Cybersecurity Framework and the client’s own internal security and privacy controls.

In combination with strong leadership and communication support from our client, the CyberClarity360 team was able to assess more than 75 intellectual property firms across the globe in less than two months, successfully meeting regulatory deadlines and gaining critical insight into additional cyber risk areas of this firm’s portfolio.

The Situation

With the GDPR compliance deadline looming, a global software company needed to evaluate its portfolio of approximately 75 intellectual property law firms in North America, Europe and Asia in a short timeframe. Assessment processes had not previously been performed on these firms, and no internal infrastructure or capacity existed to support such an effort. In addition to determining these firms’ posture relative to GDPR, the client also sought to assess them relative to its own internal data security and privacy standards, as well as against outside security frameworks.

The Solution

CyberClarity360 provided a seamless solution leveraging our custom-built software platform along with a high level of managed services support to deliver the assessment, analysis, evaluation and reporting of these law firms. Built on the NIST Cybersecurity Framework, CyberClarity360’s maturity-based assessment methodology, evidence collection capabilities and algorithmic validation mechanisms ensure that results are consistent, prompt and actionable. In combination with managed service offerings, this solution can empower existing client teams to move faster or deliver the entire lifecycle from end to end.

The Result

Leveraging CyberClarity360 and managed services from Kroll, the entire portfolio of approximately 75 intellectual property firms was assessed, complete with validation, analysis, evaluation and reporting against the desired regulatory and compliance frameworks in less than two months, successfully meeting the deadline for compliance.

The Kroll Difference

Built from the ground up to deliver an industry-leading combination of velocity, breadth and depth, CyberClarity360 enables clients to fully understand their third-party cyber supply chain risk. Backed by hundreds of cyber professionals who respond to thousands of incidents each year, CyberClarity360 incorporates global regulatory standards, as well as industry best practices into a software-enabled assessment platform. The solution, in combination with managed services, supercharges the entirety of the third-party risk management lifecycle, including collection, validation, virtual or on-site audits, risk identification, remediation planning and ongoing monitoring.

Learn more at


Optimized Third-Party Cyber Risk Management Programs

Manage risk, not spreadsheets. Identify and remediate cybersecurity risks inherent in third-party relationships, helping achieve compliance with regulations such as NYDFS, FARS, GDPR, etc.

Cybersecurity Due Diligence for M&A

Pre and Post-transaction assessment can uncover costly risks.

Cyber Risk Assessments

Kroll's cyber risk assessments deliver actionable recommendations to improve security, using industry best practices & the best technology available.

Third Party Cyber Audits and Reviews

Ensure that your third parties are handling sensitive data according to regulatory guidelines and industry standards with our cyber audits and reviews.