ISO 27001: What Is It Good For? In eDiscovery, Absolutely Everything.

Vertical Discovery is proud to be one of the early adopter software companies that have dedicated the time and effort necessary to receive this important certification. So why all the attention?

Every software company claims to be compliant with this certification’s high-bar for data security practices.  This is comparable to a driver without a license telling us they “follow the rules of the road”.  To be compliant, you must put your practices to the test. Enter ISO 27001 Certification and audits.  

But why should an eDiscovery customer care about the ISO 27001 Certification?  Because no data is more sensitive than eDiscovery data – emails, chats, and digital files across a company.  Making eDiscovery platforms high-value security threats – a system often outside corporate control with a target on its back. Sound security practices – in business practices as well as software code is of paramount importance. 

Vulnerable Data & Security Risks Abound 

Organizations are using eDiscovery platforms at higher rates than ever before to help them manage vast volumes of data across a multitude of formats and platforms. Between litigation, FOIA requests, security breaches, compliance & regulatory challenges – the deployment of eDiscovery workflows has never been higher.

And neither has the risk!

Those of us in eDiscovery services and software are data stewards. You would not take a medicine that lacked FDA approval. You would shop for a car with the highest possible safety rating. So why would you trust your data to the security of a platform that hasn’t achieved the rigorous standards set forth in the ISO 27001 certification.

Who is ISO, and what is 27001? 
The International Organization for Standardization (ISO) is an international, non-government organization that “brings together experts to share knowledge and develop voluntary, consensus-based, market-relevant international standards that support innovation and provide solutions to global challenges.”  

The ISO, along with the International Electrotechnical Commission (IEC), jointly publish the ISO/IEC 27000-series of standards, which recommends the best practices for information security management.  

ISO 27001 is the family’s superstar. It specifies the requirements for establishing an information security management system (ISMS) that preserves confidentiality, integrity, and availability of information in an organization, some for example: 

• Protect the confidentiality of your information, ensure the integrity of business data and the availability of your IT systems.
• Provide confidence to stakeholders and customers that you are maintaining the highest standards for information security
• Reduce disruptions to critical processes and the financial losses associated with a breach

Certification – What does it take? 

Achieving the ISO 27001 certification is so easy task!  On average, a first-time certification often takes three years.  It is an arduous process with stringent guidelines.  An auditor tests a company’s controls across the entire organization’s teams, processes, and systems. The standard is divided into 18 sections and covers more than 200 controls. Annual audits and continuous improvement are required for re-certification. It is important to create a work environment where safety and security are a priority. Instilling in your team a professional practice that reinforces security protocols can make or break your data security. Such wide-reaching security should be top of mind for every member of your organization, not merely the ones who work with it most directly.

ISO 27001 and Vertical Discovery 

We at Vertical Discovery consider it essential. Organizations place their trust in us every day, and the security of their data is necessary. Providing that security in every and any way possible is at the heart of our commitment to our client’s success.
A variety of sensitive legal data functions leverage the power of Vertical Discovery’s Optimum platform. Our ongoing effort to maintain this certification provides assurance to our clients and partners that their data will always be handled appropriately and securely, whether in the cloud or on-prem.

• Confidentiality: Ensuring only authorized entities can access the system and its data.
• Integrity: Protecting against unauthorized alteration of information.
• Availability: Providing reliable access to information systems for authorized users.

We are constantly testing and enhancing our security posture and protocols.  Recent technology changes include

• Using a secure data centre hosted in Microsoft Azure Cloud
• Encrypting data at rest and in transit
• Isolating customer data through network security groups
• Requiring multi-factor authentication
• Performing regular vulnerability scans for viruses and malware
• Maintaining business continuity and disaster recovery policies.
• Using permission-based user roles and access to data

No matter how you consume eDiscovery – directly on your own licensed deployment or accessing these great technologies with a partner – be sure to understand how ISO 27001 plays a role in both the services and software that together delivery security to your company.