Compliance & Privacy

Take a look at our CMS

At Hodges, Avrutis & Foeller, compliance with our industry regulations is paramount. As such, our compliance management system (CMS) addresses the requirements set out in the seven regulations applicable to our industry and allows flexibility for revisions based on recent interpretations of legislation or case law.


Ensures regulatory requirements
are incorporated into our business
policies, processes, and procedures.


Prescribes the necessary training for our
employees to ensure they understand their
responsibilities for compliance with the


Incorporates internal audits of
policies, procedures, and processes


Tracks consumer complaints, responses,
and follow-up actions


Includes corrective actions for
internal and external audit findings
Our lawyers provide clear compliance expectations, audit findings, and corrective actions for employees and third-party vendors to CMS leadership. The firm uses an internal compliance auditor to manage and report on the CMS as well as an outsourced compliance officer. The “finger of the pulse” is provided by the internal compliance officer, while the externalized compliance officer gives the “industry standard and best practice” perspective.


Develop and maintain compliance
policies, procedures, and processes


Administers and tracks employee


Assesses emerging issues or potential


Ensures corrective action measures are
completed and documented

In the electronic document store, our CMS program incorporates more than 50 written policies, procedures and processes. In addition, the monitoring and trending activities of CMS are maintained electronically. Our CMS will prevent regulatory  violations, provide cost efficiencies and reduce business risk to all our clients.

Data Privacy Management
As with the CMS, the firm is diligent in managing data security and privacy for our clients. Our system includes a combination of physical, electronic, and administrative controls to avoid any loss of privacy in our customer data.
Physical Control
  • Secure access on all ingress/egress points

  • Secure access between public waiting areas and non-public Firm offices

  • Secure access to file rooms and server rooms

  • Use of closed circuit monitoring throughout office

Electronic Control
  • Use of secure data transers (e.g. Syncplicity, YGC, etc.)

  • Use of firewalls

  • Employee and third-party internet site access restrictions

  • Maintenance of security patch updates

  • Use of secure offsite back-up for encrypted data

  • Continuous scanning for viruses and malware

  • Frequent security integrity scans

  • All incoming claims data is managed
    electronically, only (no new hardcopy files)

Administrative Controls
  • Prohibition of cell phones in the office (except attorneys)

  • New user security policy

  • Clean desk policy Security policy (including visitor policy)

  • Attorney approvals for any use of removable media by employees and third-party vendors

  • Security integrity policy

  • Document retention and purging policy