JurisLabs
Book a free call
← All services

Configuration Audit

Fixed fee

A review of how the AI tools you already use are configured and how they handle client data. It answers two questions: is your client data being handled safely, and is the output reliable enough to act on. It is a configuration and data-handling review, not a security audit or a compliance opinion.

What is included

  • An inventory of the AI tools in use, including informal ones like consumer ChatGPT, Copilot, or Gemini.
  • A review of each vendor's data-handling terms: training, retention, opt-out status, sub-processors, and whether a SOC 2 report exists.
  • A review of your current settings for each tool: whether inputs can reach vendor training, whether access is role-appropriate, whether logging is on.
  • A look at any acceptable-use policy you have, or a note that none exists.
  • A short interview about how the tools are actually used, not just how you think they are.
  • A findings report and a 60-minute walkthrough call.

How it runs

  • You send a tool inventory using a provided template.
  • JurisLabs reviews each vendor's terms, security documentation, and configuration options.
  • A brief interview to confirm real usage patterns.
  • Analysis and report writing.
  • Report delivery and a walkthrough call covering the remediation steps.

What you get

A written Configuration Audit Report: a red/yellow/green risk register for each tool, a plain-English explanation of each issue, and a prioritized remediation checklist.

About 1 to 2 weeks from the tool inventory to the report.

A good fit if

  • You adopted AI tools, formally or informally, and never rigorously reviewed what they do with client data.
  • You started on consumer tools and are now doing more sensitive work through them.
  • You added a tool mid-matter without reading the vendor's data terms.

Not the right fit if

  • You have not adopted any AI tools yet. Start with the assessment.
  • You want a formal compliance certification or a written ethics opinion.
  • You want a full IT security audit of endpoints, networks, and non-AI software.

Examples

  • An attorney drafts client letters in free-tier ChatGPT, where inputs default to training. The report flags it red and gives the exact setting and tier to switch to.
  • A firm signed an AI research tool's terms without reading the data agreement and now feeds it matter details. The report reviews the agreement and gives the steps to tighten data isolation.
  • A firm uses Microsoft Copilot but never enabled the data-protection settings or scoped document access. The report lists the specific settings to turn on.

What is not included

  • An independent penetration test of any vendor's infrastructure.
  • Any opinion on whether your AI use complies with your bar's professional-responsibility rules.
  • Tools you do not disclose in the inventory.
  • A review of your wider IT infrastructure beyond where it touches AI data flows.

Talk it through

Book a free call. You will leave knowing whether this is the right starting point for your firm, even if you never hire JurisLabs.

Book a free call

JurisLabs provides technology consulting and implementation for law firms. It does not provide legal advice, and contacting JurisLabs does not create an attorney-client relationship.