IS WHAT’S GOOD FOR THE GOOSE GOOD FOR THE GANDER? SHOULD FIRMS ASK THEIR VENDORS TO GET ISO 27001 CERTIFIED?
Many law firms are pursuing ISO 27001 certification in order to increase their security maturity as well as to demonstrate a sort of “Good Housekeeping seal of approval” to clients and prospective clients as well as to their firm management. Some clients are also asking firms to vouch for the security of our vendors. Should we also ask our key vendors in areas like Electronic Discovery and Hosting, Document Review, Colocation, etc. to do the same?
I would appreciate hearing from you on this topic. Which vendors do you think are the most important to have certified? Although ISO 27001 certification is not a guarantee of security, would a certification and the associated documentation help security reviews you may think to do go more quickly and smoothly?
#Security