Today, cybersecurity is front and center in the legal industry, and it should be. Data breaches can cause crushing financial losses, while damage to an organization’s reputation can linger for years. Lawyers no longer have the luxury of thinking of cybersecurity as a field too technical, or not sufficiently legal, to be within their purview: The New York Rules of Professional Conduct (Rule 1.1), and the equivalent in most states impose a duty of technological competence on practitioners. This article seeks to explore the gold standard in information security, ISO/IEC 27001:2013 (Second edition 2013-10-01) (hereinafter ISO 27001), and to provide attorneys and legal professionals with a foundational understanding of ISO 27001.
Some in the legal profession may be glancingly familiar with the ISO 27001 standard: After all, Amazon Web Services (AWS), Azure, other cloud service providers, or legal process outsourcing organizations often tout their ISO 27001 certifications. But does the average lawyer really know what it means? In my experience, the answer has been no. So, let’s start with a simplified definition of ISO 27001: It’s a standard for protecting and securing an organization’s information assets. Before we take a deeper dive, let’s discuss the standard’s origins.
ISO (International Organization for Standardization)
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]