New York, NY (January 10, 2019) – Epstein Becker Green (EBG) is pleased to announce that, for the second year, it has attained ISO 27001 certification in Information Security Management.
The coveted ISO 27001 certification is the highest level of security-related accreditation that a business can attain and the most widely adopted information security standard in the world. At EBG, protecting the confidentiality and integrity of client data is of paramount importance, and this achievement highlights the firm’s ongoing commitment to those efforts. EBG’s ISO 27001 certificate of registration can be viewed online at the BSI Group website.
How EBG Obtained the ISO 27001 Recertification
In order to uphold the ISO 27001 standard and follow security best practices, EBG must continually review and work to improve the firm’s security posture. To ensure that the firm meets these ongoing obligations, our information security systems underwent an annual audit by an independent third-party auditor. This audit is meant to verify that our information security practices and procedures are updated and in line with the rapidly changing technology landscape.
In the first annual surveillance audit, completed January 2019, the auditor found that EBG has passed with no findings, and cited that our methodology and handling of risk was “best practice.”
“Working through and maintaining the ISO 27K standard has been a rewarding effort for the IT department and the firm,” said Lance Rea, Chief Information Officer. “The certification is just one part of EBG’s culture of continual improvement in the areas of system security, resilience, and performance.”
How EBG Obtained the ISO 27001 Certification
The process to obtain ISO 27001 certification can be lengthy and grueling, but, as EBG believes, clearly worth the effort. After undergoing a thorough audit by an independent third-party auditor, in April 2018, EBG’s information security management systems for client data were found to have met the strict ISO 27001 standard.
How EBG’s ISO 27001 Certification Benefits Clients
EBG is aware that clients want clarity and assurance regarding the extent and strength of the firm’s information security program. Obtaining the ISO 27001 certification shows the firm’s commitment to information security at every level. EBG’s duty to comply with the ISO 27001 standard, along with the required verifications by an independent third-party auditor (explained below), demonstrates that the firm’s information security management system is comprehensive, state of the art, and follows international best practices.
In addition, undergoing the arduous process of obtaining and maintaining ISO 27001 certification has made EBG attorneys and staff more sensitive and aware of their collective responsibility to safeguard our clients’ and the firm’s sensitive information. The firm has also gained new insight into how to help our clients strengthen their own data security policies and procedures and minimize their risks.
Background of ISO 27001
Created by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO 27001 (formally known as “ISO/IEC 27001:2013”) specifies a framework for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an organization’s “information security management system” (i.e., a systematic approach to managing sensitive information so that it remains secure). The ISO 27001 standard aligns with the best practices and guidelines set out in the Code of Practice for Information Security Controls (ISO/IEC 27002:2013) and requires an organization to have a comprehensive set of risk management and security policies, procedures, and controls in place. In addition, the ISO 27001 standard approaches information security from every aspect of an organization—from its people to its operations and technology—which is key to keeping pace with an ever-evolving technology-driven landscape. Thus, adhering to the ISO 27001 standard helps an organization not only properly manage and protect client and intellectual data but also prevent or reduce the damage sustained in a cyberattack, as the organization is better able to detect and stop a breach at its earliest stages.
About Epstein Becker Green
Epstein Becker & Green, P.C., is a national law firm with a primary focus on health care and life sciences; employment, labor, and workforce management; and litigation and business disputes. Founded in 1973 as an industry-focused firm, Epstein Becker Green has decades of experience serving clients in health care, financial services, retail, hospitality, and technology, among other industries, representing entities from startups to Fortune 100 companies. Operating in locations throughout the United States and supporting domestic and multinational clients, the firm’s attorneys are committed to uncompromising client service and legal excellence. For more information, visit www.ebglaw.com.