Attorneys and Legal Professionals

Establishing Duty of Care for Cybersecurity

The day you are sued for a data breach, you will be asked eight questions that you will want to prepare your organization or client for.

Data Breaches are litigated in terms of negligence. Judges and interested parties are trying to determine if your organization/client was doing something reasonable to prevent harm to others.

DoCRA (Duty of Care Risk Analysis) is a standard by which organizations may align their risk assessments to demonstrate reasonable and appropriate. The standard includes a method for organizations to clearly calculate and prioritize risk as well as define acceptable risk.

If you are looking for assistance in bringing your risk method in line with DoCRA (DoCRA.org), we can help.

For clients that follow CIS Controls, download CIS Risk Assessment Method (RAM):


Complete the form to learn more about DoCRA.
You will also receive the DoCRA Checklist.



By clicking the 'Send' button, you accept HALOCK's privacy policy.

Contact Us