New York, NY (January 10, 2019)Epstein Becker Green (EBG) is pleased to announce that, for the second year, it has attained ISO 27001 certification in Information Security Management.

The coveted ISO 27001 certification is the highest level of security-related accreditation that a business can attain and the most widely adopted information security standard in the world. At EBG, protecting the confidentiality and integrity of client data is of paramount importance, and this achievement highlights the firm’s ongoing commitment to those efforts. EBG’s ISO 27001 certificate of registration can be viewed online at the BSI Group website.

How EBG Obtained the ISO 27001 Recertification

In order to uphold the ISO 27001 standard and follow security best practices, EBG must continually review and work to improve the firm’s security posture. To ensure that the firm meets these ongoing obligations, our information security systems underwent an annual audit by an independent third-party auditor. This audit is meant to verify that our information security practices and procedures are updated and in line with the rapidly changing technology landscape.

In the first annual surveillance audit, completed January 2019, the auditor found that EBG has passed with no findings, and cited that our methodology and handling of risk was “best practice.”

“Working through and maintaining the ISO 27K standard has been a rewarding effort for the IT department and the firm,” said Lance Rea, Chief Information Officer. “The certification is just one part of EBG’s culture of continual improvement in the areas of system security, resilience, and performance.”

How EBG Obtained the ISO 27001 Certification

The process to obtain ISO 27001 certification can be lengthy and grueling, but, as EBG believes, clearly worth the effort. After undergoing a thorough audit by an independent third-party auditor, in April 2018, EBG’s information security management systems for client data were found to have met the strict ISO 27001 standard.

How EBG’s ISO 27001 Certification Benefits Clients

EBG is aware that clients want clarity and assurance regarding the extent and strength of the firm’s information security program. Obtaining the ISO 27001 certification shows the firm’s commitment to information security at every level. EBG’s duty to comply with the ISO 27001 standard, along with the required verifications by an independent third-party auditor (explained below), demonstrates that the firm’s information security management system is comprehensive, state of the art, and follows international best practices.

In addition, undergoing the arduous process of obtaining and maintaining ISO 27001 certification has made EBG attorneys and staff more sensitive and aware of their collective responsibility to safeguard our clients’ and the firm’s sensitive information. The firm has also gained new insight into how to help our clients strengthen their own data security policies and procedures and minimize their risks.

Background of ISO 27001

Created by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO 27001 (formally known as “ISO/IEC 27001:2013”) specifies a framework for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an organization’s “information security management system” (i.e., a systematic approach to managing sensitive information so that it remains secure). The ISO 27001 standard aligns with the best practices and guidelines set out in the Code of Practice for Information Security Controls (ISO/IEC 27002:2013) and requires an organization to have a comprehensive set of risk management and security policies, procedures, and controls in place. In addition, the ISO 27001 standard approaches information security from every aspect of an organization—from its people to its operations and technology—which is key to keeping pace with an ever-evolving technology-driven landscape. Thus, adhering to the ISO 27001 standard helps an organization not only properly manage and protect client and intellectual data but also prevent or reduce the damage sustained in a cyberattack, as the organization is better able to detect and stop a breach at its earliest stages.

About Epstein Becker Green

Epstein Becker & Green, P.C., is a national law firm with a primary focus on health care and life sciences; employment, labor, and workforce management; and litigation and business disputes. Founded in 1973 as an industry-focused firm, Epstein Becker Green has decades of experience serving clients in health care, financial services, retail, hospitality, and technology, among other industries, representing entities from startups to Fortune 100 companies. Operating in locations throughout the United States and supporting domestic and multinational clients, the firm’s attorneys are committed to uncompromising client service and legal excellence.  For more information, visit


Media Contact

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.