Regulatory Advisory

Helping clients achieve regulatory compliance using their definition of “reasonable” and “appropriate.”

Example Engagement
Engaging Outside Counsel for a Regulatory Matter

An application service provider engaged HALOCK to help them establish a risk-based approach to address multiple security and privacy regulations.

HALOCK’s Duty of Care Risk Analysis (“DoCRA”) method defines each client’s reasonable and appropriate level of risk in a way that aligns with due care. This helps evaluate security in terms that are friendly to business and compliance, but it should involve specialized counsel.

HALOCK convinced the client to further engage outside counsel to help define risk assessment and risk acceptance criteria, to participate in risk reduction planning, and to review draft materials. The client’s executive officers and Board of Directors gained confidence that the resulting risk analysis and risk reduction plan were openly and frankly evaluated, and that resulting analysis and plans were defensible to regulators and, if necessary, litigators.



The HALOCK Security Briefing is a review of significant events, trends, and movements that will influence how you manage cybersecurity, risk, and compliance. Our clients receive periodic overviews with an extensive report file on the topics discussed. This insightful document also includes reference links throughout the report for easy navigation and deeper research.

Assess your duty of care with the DoCRA Checklist.

Blue DoCRA Reasonable Security Checklist

Partner with HALOCK for reasonable safeguards.

Contact Us