Skip to content

Exterro Launches Groundbreaking Incident and Breach Management Solution

PORTLAND, Ore., April 9, 2020 – Exterro Inc., the preferred provider of Legal GRC software specifically designed for in-house legal, privacy, and IT teams at Global 2000 and AmLaw 200 organizations, and the Association of Corporate Counsel exclusive Alliance Partner for Data Privacy and Cybersecurity Compliance and E-Discovery, announced a new addition to their Legal GRC Platform today. Exterro’s Incident and Breach Management solution fills the gap between Information Security and Legal when responding to cybersecurity incidents by helping teams automate processes that eliminate ad hoc investigating, while integrating with critical enterprise Data Inventory systems to help immediately determine the nature of compromised data.

“We are delighted to have strengthened our Legal Governance, Risk, and Compliance (GRC) platform with the addition of this critical piece of the cybersecurity puzzle,” said company Founder and CEO Bobby Balachandran. “Our Incident and Breach Management solution enables the user to define remediation steps per incident type and provides a documented audit trail with proof of remediation. Crucially, it also allows outside legal counsel to confidentially supervise the investigation process—including third-party investigators or consultants—and truncates investigation time and costs by integrating with the business’s Data Inventory.”

Exterro Incident and Breach Management™ is an integrated solution that enables customers to be confident that their incident and breach response process is both documented and defensible. Leveraging the NIST Standards Playbook, this solution ensures a comprehensive and documented process. It eliminates current ad-hoc, risky approaches, delivering greater predictability, transparency and speed to resolution. Included is a powerful workflow engine enabling users to easily create a complete response that incorporates differing local or global requirements based on the affected data and constituents.

Additional features include:

  • Data Breach Notification Regulation Library, which is integrated into the incident review process to ensure compliant reporting—and alerts counsel to changes in regulations.
  • Encrypted Messaging and Notes to enable teams to communicate and document outside of potentially compromised systems, while ensuring integrity in documentation and defensibility.
  • Integration with Legal Hold and In-Place Document Preservation solutions to ensure harmony between processes.
  • Dynamic Distribution List Generation utilizes a seamless integration with HR system and empowers legal counsel to craft precise stakeholder distribution lists, taking into account various factors, including type of incident, affected applications, governing jurisdictions and global breach law notification requirements
  • Privacy Library to provide the critical conditions for evaluating data privacy events.


“Notification requirements vary greatly by jurisdiction and type of data exposed. Companies can quickly become overwhelmed by different timelines,” says Tyler Thompson, Data Protection and Technology Transactions Attorney, Bryan Cave Leighton Paisner, LLP. “A solution to manage all of these different needs can free up bandwidth to focus on containing the incident and supporting customers while reducing the likelihood that a requirement is missed.”

Read more about Exterro Incident and Breach Management.