New York, NY (April 26, 2018) – Epstein Becker Green (EBG) is pleased to announce that in an effort to ensure that confidential client data remains secure, it has earned the coveted ISO 27001 certification, the highest level of security-related accreditation that a business can attain and the most widely adopted information security standard in the world. At EBG, protecting the confidentiality and integrity of client data is of paramount importance, and this achievement highlights the firm’s ongoing commitment to those efforts. EBG’s ISO 27001 certificate of registration can be viewed online at the BSI Group website.
Background of ISO 27001
Created by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO 27001 (formally known as “ISO/IEC 27001:2013”) specifies a framework for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an organization’s “information security management system” (i.e., a systematic approach to managing sensitive information so that it remains secure). The ISO 27001 standard aligns with the best practices and guidelines set out in the Code of Practice for Information Security Controls (ISO/IEC 27002:2013)and requires an organization to have a comprehensive set of risk management and security policies, procedures, and controls in place. In addition, the ISO 27001 standard approaches information security from every aspect of an organization—from its people to its operations and technology—which is key to keeping pace with an ever-evolving technology-driven landscape. Thus, adhering to the ISO 27001 standard helps an organization not only properly manage and protect client and intellectual data but also prevent or reduce the damage sustained in a cyberattack, as the organization is better able to detect and stop a breach at its earliest stages.
How EBG’s ISO 27001 Certification Benefits Clients
EBG is aware that clients want clarity and assurance regarding the extent and strength of the firm’s information security program. Obtaining the ISO 27001 certification shows the firm’s commitment to information security at every level. EBG’s duty to comply with the ISO 27001 standard, along with the required verifications by an independent third-party auditor (explained below), demonstrates that the firm’s information security management system is comprehensive, state of the art, and follows international best practices.
In addition, undergoing the arduous process of obtaining and maintaining ISO 27001 certification has made EBG attorneys and staff more sensitive and aware of their collective responsibility to safeguard our clients’ and the firm’s sensitive information. The firm has also gained new insight into how to help our clients strengthen their own data security policies and procedures and minimize their risks.
How EBG Obtained the ISO 27001 Certification
The process to obtain ISO 27001 certification can be lengthy and grueling, but, as EBG believes, clearly worth the effort. After undergoing a thorough audit by an independent third-party auditor, in April 2018, EBG’s information security management systems (comprising Document Management, Email, Remote Access, Litigation Support, and Mobile Device Management) were found to have met the strict ISO 27001 standard. This certification, however, does not give us permission to simply rest on our laurels. EBG must not only uphold the ISO 27001 standard and follow security best practices but also continually review and improve the firm’s security posture. To ensure that the firm meets these ongoing obligations, our information security systems will undergo annual audits by an independent third-party auditor. These audits will verify that our information security practices and procedures are updated and in line with the rapidly changing technology landscape.
About Epstein Becker Green
Epstein Becker & Green, P.C., is a national law firm with a primary focus on health care and life sciences; employment, labor, and workforce management; and litigation and business disputes. Founded in 1973 as an industry-focused firm, Epstein Becker Green has decades of experience serving clients in health care, financial services, retail, hospitality, and technology, among other industries, representing entities from startups to Fortune 100 companies. Operating in locations throughout the United States and supporting domestic and multinational clients, the firm’s attorneys are committed to uncompromising client service and legal excellence. For more information, visit www.ebglaw.com.