Join
Contact

NCBA Committed to Security Program (CTS)

Managing third party risk is more complex than ever. Law firms and creditors are under pressure to meet growing cybersecurity expectations, reduce vendor risk exposure, and stay ahead of evolving regulations. Yet, the current approach – fragmented assessments, repetitive documentation, and rising costs – isn’t sustainable.

That’s why NCBA created the Committed to Security program.

Built exclusively for the legal and collections community, the Committed to Security (CTS) program simplifies vendor risk management through a centralized, scalable, and independent due diligence platform - giving vendors a credible risk score and giving members the confidence to do business with trusted, security-conscious partners.

Why It Matters

CTS isn’t just another compliance checkbox; it’s a mark of credibility. By demonstrating a vendor’s security posture in a clear and verified way, CTS gives law firms and their clients greater confidence in their ability to protect sensitive data and manage risk effectively. And for vendors, it’s a chance to prove security maturity without drowning in duplicative documentation.

Key Program Features

  • Built on the Secure Controls Framework (SCF)
    The foundation of CTS is a widely respected security framework that maps to dozens of industry standards.
  • Dynamic Scoping by Vendor Profile
    Assessments automatically scale based on each vendor’s business type, size, and risk posture—so the process is fair, efficient, and relevant. It enables risk-based, right-sized assessments.
  • Independent Review
    All assessments are conducted by ConvergentDS, an experienced cybersecurity firm that brings third-party credibility and deep industry knowledge.
  • Streamlined and Centralized
    Reduces assessment fatigue, lowers costs, and promotes consistency across your ecosystem.
  • Sanctum
    Vendor security insights in one place. Creditors, law firms, and vendors can access Sanctum, a secure, cloud-hosted governance, risk, and compliance platform, to track, evaluate, and collaborate on due diligence and remediation activities.

What to Expect

  1. A clear, efficient process from start to finish.
    Participating in the Committed to Security program is simple, structured, and designed to minimize disruption to your team.
  2. Tailored Assessment
    The CTS assessment is customized to match your organization’s specific size, complexity, and risk posture, so you’re only evaluated on what’s relevant.
  3. Secure Documentation Submission
    You’ll receive a documentation checklist. Upload your evidence to a secure data room - no long-form questionnaires or duplicate requests.
  4. Direct Assessor Support
    A certified assessor reviews your submission and will reach out with any clarifications to ensure accuracy and completeness.
  5. Clear, Audit Ready, Shareable Report
    You receive a detailed report that reflects vendor security posture which can be confidently shared with clients and law firms.
  6. Remediation Management
    If gaps are identified, vendors receive clear, prioritized recommendations. Our team can provide guidance and confirm remediation actions are complete, ensuring you meet the CTS program’s security standards.
  7. Ongoing Guidance
    Security isn’t static. As industry standards evolve, the CTS program evolves, helping vendors stay aligned with emerging risks and regulatory expectations.

CTS Program Benefits

CTS Benefits

Vendor

Member

Client

Save Time: Less Redundancy & Simplified Submission Process
CTS minimizes repeat requests and paperwork by focusing only on relevant frameworks and controls, saving vendors time and frustration. No more long-form questionnaires. Our goal is to address 80% or more of the due diligence requirements clients expect from third-party vendors.

Cut Costs: Dynamic Assessment Scope
One size does not fit all.
Assessments automatically scale based on vendor type, organization size, and risk posture.
- Pay only for what’s relevant. Avoid over-assessing. Minimize compliance fatigue.

Gain Clarity: Risk-Based Ratings
No guesswork, no generic results.
Every vendor receives a risk report tailored to their operational context.
- Make informed, confident decisions backed by transparent data.

Stay in Sync: Centralized, Strategic Access
All vendor security insights in one place.
Creditors, law firms, and vendors access the secure Sanctum platform to track, evaluate, remediate, and collaborate.
- Unify workflows, streamline oversight, and share information seamlessly.

Remain Compliant: Continuously Updated Controls
Security threats evolve. So do we.
The program adjusts with industry regulations and emerging risks to stay current and effective.
- Stay protected, aligned, and audit-ready year after year.

Join NCBA's Committed to Security Program

The Committed to Security program is a path to stronger vendor security, lower costs, and less complexity. It reduces the burden of due diligence so teams can focus on delivering real value, not managing endless documentation.

Questions? Contact liz@creditorsbar.org.

About ConvergentDS

ConvergentDS is NCBA’s trusted security advisor, with global expertise in:

  • Advisory security consulting
  • Compliance readiness
  • Due diligence & risk assessments
  • Managed vulnerability services
  • Penetration testing
  • Privacy regulation strategy

Their client-first approach ensures tailored, high-quality service that fits the unique demands of law firms practicing creditors rights.

Committed to Security Program (CTS) FAQs

  1. What is Committed to Security?

    Committed to Security is a scalable vendor security program purpose-built for the legal collections industry. Key features include:

    • Built on the Secure Controls Framework (SCF)
      The foundation of CTS is a widely respected security framework that maps to dozens of industry standards.
    • Dynamic Scoping by Vendor Profile
      CTS assessments automatically scale based on each vendor’s business type, size, and risk posture—so the process is fair, efficient, and relevant. It enables risk-based, right-sized assessments.
    • Independent Review
      All assessments are conducted by ConvergentDS, an experienced cybersecurity firm that brings third-party credibility and deep industry knowledge.
    • Streamlined and centralized: Reduces assessment fatigue, lowers costs, and promotes consistency across your ecosystem.

  2. Why it Matters?

    The Committed to Security (CTS) program demonstrates a vendor’s security posture in a clear, credible way, giving clients greater confidence in your ability to protect sensitive data and manage risk effectively. It serves as a visible symbol of your dedication to strong, responsible security practices.

    • What is the Due Diligence Process?
    • Quick onboarding call – We’ll introduce the process and timing.
    • Secure evidence upload – Vendors submit documentation to a secure data room; CDS handles the rest.
    • Assessor due diligence – A dedicated assessor will review materials and reach out with any questions.
    • Review and next steps – Once complete, we’ll walk the vendor through the report and discuss actionable next steps. Once complete, a vendor identifies which law firms and creditors they would like to have access to their report.

  3. How is Data Protected?

    A secure portal link is provided for data requests. Data is protected with AES-256 and transmitted using end-to-end encryption. Final reports are delivered via secure digital links that are:

    • user-specific
    • protected by multi-factor authentication
    • programmed to self-destruct after use

  4. How Do We Get Started?

    Reach out to Liz Terry to learn more.

About the Program

Why It Matters

Key Program Features

What to Expect

Program Benefits

Join the Program

About ConvergentDS

FAQs

What People Are Saying

“The Committed to Security Program sets a new standard for security assurance —streamlining vendor oversight while strengthening trust with clients.”
~ Liz Terry, Executive Director, NCBA

“We built the Committed to Security program to solve a real problem in the legal collections industry - too many duplicative assessments, not enough time/resources, and rising client expectations. We use a scalable, trusted framework that works for vendors and clients alike, while raising the bar for security across the entire ecosystem.”
~ Chris Johnson, CEO, ConvergentDS