Client Data & Privacy Protection

person typing

At Saul Ewing, we take a comprehensive approach to managing business and security risks. To that end, the firm is ISO/IEC 27001 certified and has also secured the ISO/IEC 27701 (Privacy) extension. We were among the first U.S. law firms to achieve the latter certification by implementing a “Privacy Information Management System” (PIMS) with multiple layers of security controls to protect firm and client data. In addition, several of our attorneys hold the Certified Information Privacy Professionals (CIPP/US) credential and serve as a firmwide resource on cybersecurity and privacy protection principles. 

We help safeguard client data by:

  • Maintaining a comprehensive, risk-based, data security program for our systems, including Privileged Account Management and Network Access Controls
  • Monitoring the security of our systems and data using intrusion detection and data loss prevention technology
  • Providing training to all lawyers and staff on confidentiality, privacy and sensitive data management
  • Maintaining physical security at all office locations
  • Utilizing two-factor authentication for remote access
  • Distributing firm-managed laptops with security-by-design architecture
  • Maintaining multiple controls to manage web-based threats
  • Utilizing an in-house Litigation Support Services team with advanced security systems, protocols and algorithms for matters involving eDiscovery
  • Deploying “next generation” end-point and server anti-malware employing software behavior analytics

Demonstrating our continued commitment to maintaining very high standards of security for our clients, we are committed to a framework that protects client and firm data and have established our security policies based on internationally recognized standards.