Your single source for new lessons on legal technology, e-discovery, and the people innovating behind the scenes.

An Introduction to ISO 27001

Kristy Esparza

Data breaches have landed a recurring role in the news cycle over the past several years, shining a blinding light on organizations’ security practices. But how can you really trust a company is keeping your data safe?

We can talk all we want about securing this and securing that, but in the end, there’s nothing like tangible verification that the company entrusted with your data is doing things right.

In a field like e-discovery, where some of the most sensitive data is in play, the ISO 27001 certification—the international standard for information security management—is a good start.

But what does “ISO 27001 compliant” actually mean?

If you don’t know the answer to that question, don’t fret. Today, we’ll give you a rundown of what you should know about ISO the organization and their 27001 certification.

Let’s start with the name.

ISO: Where the World Agrees

First things first: ISO is not an acronym. It’s short for the International Organization for Standardization. And the meaning behind the moniker is a good match for the organization’s origins and philosophy.

Back in 1946, delegates from 25 countries convened in London to develop international standards for industry, under the simple idea that standards “make things work”—they ensure quality, safety, and efficiency.

By February 1947, ISO was born—a completely independent non-governmental body, tasked with developing consensus-based standards for various industries. The group spanned several countries and a ton of languages. All those different languages = no standard name or abbreviation.

So, the founders—in the true spirit of consensus—came up with the name, ISO, from the Greek word “isos” meaning “equal.”

Today, the organization, whose tagline is “where the world agrees,” prides itself in the name, saying, “Whatever the name, whatever the country, we are always ISO.”

Today, ISO has members from 161 countries and 770 technical committees and subcommittees, made up of experts from all over the world to develop voluntary and consensus-based standards for any industry—cosmetics, mining, vacuum technology, fire safety … the list goes on.

These committees have come up with 22,087 international standards and counting, covering almost all aspects of technology and manufacturing. And yes, one of them is #27001—an important standard for any company dealing with data.

Lucky Number 27001

The requirements for ISO 27001 revolve around establishing, implementing, maintaining, and continually improving information security systems. They’re intended for any organization to use, regardless of size or type.

Yet, unlike some ISO certifications, 27001 is not mandatory. It’s a set of guidelines, organized to address every process involved in security, confidentiality, integrity, and availability that companies can choose to implement if they want to ensure they’re meeting the globally agreed-upon best practices for managing and keeping data safe. Though, in today’s climate, the demand for the certification is high.

If an organization wants to reassure their customers that they follow ISO 27001 guidelines, they can get certified—but ISO won’t help them do it. For that, company’s need to hire accredited certification bodies that meet ISO-defined independent audit criteria. And a lot of companies, including Relativity, do just that.

“Achieving ISO 27001:2013 certification assures the stakeholders of our RelativityOne services that we follow a systematic approach to managing sensitive company information so that it remains secure,” says Lynn Engel, senior compliance manager at Relativity. “It shows that Relativity has aligned its people, processes, and IT systems with agreed-upon global best practices, and indicates that RelativityOne can sustain information security through its underlying risk management and compliance monitoring processes.”

The ISO 27001 standards include everything from how a company outlines their process for identifying, analyzing, and treating information risks to how leadership ensures strategic alignment and the inclusion of security considerations across the organization. To learn more about security at Relativity and with RelativityOne, visit the Relativity Trust site.

What is Relativity Trust?

Kristy Esparza is a member of the marketing team at Relativity, specializing in content creation and copywriting.