At Saul Ewing, we take a comprehensive approach to managing business and security risks. To that end, the firm is ISO/IEC 27001 certified and has also secured the ISO/IEC 27701 (Privacy) extension. We were among the first U.S. law firms to achieve the latter certification by implementing a “Privacy Information Management System” (PIMS) with multiple layers of security controls to protect firm and client data. In addition, several of our attorneys hold the Certified Information Privacy Professionals (CIPP/US) credential and serve as a firmwide resource on cybersecurity and privacy protection principles.
We help safeguard client data by:
- Maintaining a comprehensive, risk-based, data security program for our systems, including Privileged Account Management and Network Access Controls
- Monitoring the security of our systems and data using intrusion detection and data loss prevention technology
- Providing training to all lawyers and staff on confidentiality, privacy and sensitive data management
- Maintaining physical security at all office locations
- Utilizing two-factor authentication for remote access
- Distributing firm-managed laptops with security-by-design architecture
- Maintaining multiple controls to manage web-based threats
- Utilizing an in-house Litigation Support Services team with advanced security systems, protocols and algorithms for matters involving eDiscovery
- Deploying “next generation” end-point and server anti-malware employing software behavior analytics
Demonstrating our continued commitment to maintaining very high standards of security for our clients, we are committed to a framework that protects client and firm data and have established our security policies based on internationally recognized standards.