Ellis & Winters LLP Achieves ISO 27001 Certification for Information Security
Ellis & Winters LLP, a leading boutique law firm based in North Carolina, is pleased to announce that it achieved ISO/IEC 27001:2013 Certification for its information security management system (ISMS). Awarded only to organizations whose business processes meet strict standards, ISO 27001 is an internationally recognized standard that imposes rigorous requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an ISMS.
“Ellis & Winters serves clients across a broad range of industries, many of whom operate internationally and work in sectors that are subject to stringent data security requirements. These clients need and expect that their most sensitive information will be protected. Our ISO 27001 certification reinforces our commitment to meeting those expectations,” said Ellis & Winters’ managing partner Leslie Packer.
The award of this certification follows an in-depth audit of the firm’s ISMS by an independent third-party auditing firm. To earn this designation, Ellis & Winters had to demonstrate it has a formal set of risk management and security policies, procedures and controls in place to secure client information.
“We’ve seen a rise in data breaches across all industries, and law firms are not immune,” said Chad Newman, Ellis & Winters’ IT Director. “Achieving this certification demonstrates the firm’s focused commitment to security and protecting client data.”
Said Alex Pearce, an Ellis & Winters attorney who focuses his practice on privacy and data security, “I’m very proud to practice at a firm that walks the walk when it comes to information security. And we’re excited to use the valuable experience we’ve gained through the ISO 27001 certification process to help our clients manage their own data security risk.”
Ellis & Winters’ ISO/IEC 27001:2013 certification is valid for three years and requires periodic audits, which will ensure the firm continues to comply with the standards set forth by the certification.