White & Case Obtains ISO 27001 Recertification in Information Security Management

Press Release
2 min read

Global law firm White & Case LLP has announced today that it has expanded its certification under the prestigious ISO/IEC 27001/2 standard, the world's highest accreditation for information protection and security.

Awarded to firms whose business processes conform to strict international standards, the ISO/IEC 27001 accreditation is the only auditable international benchmark for information security management.

The Firm's ISO program was further assessed to be in alignment with the rigorous National Institute of Standards and Technology (NIST) 800-53 standard, as well as with the cybersecurity practices recommended by the Financial Industry Regulatory Authority (FINRA). White & Case has consistently achieved ISO certification since 2011.

"In today's world of balancing technology innovation and security of our clients' data, we need to be vigilant with proactively safeguarding our clients' confidential information as well as our own. We take this very seriously," said Tony Cordeiro, White & Case Chief Information Officer. "Our enduring adherence to the ISO 27001 framework, coupled with measuring our cybersecurity approach against additional benchmarks, including those of NIST, FINRA and the Association of Corporate Counsel, demonstrate the depth of our commitment to the highest standards of information security. Continually assessing our cyber defenses both internally and externally has fortified the protection of the sensitive information assets entrusted to us."

Developed by the International Organization for Standardization, ISO/IEC 27001 is a globally recognized information security management system standard that requires adherence to controls governing information security policies; organization of information security; human resource security; asset management; access control; cryptography; physical and environmental security; operations security; communications security; system acquisition; development and maintenance; supplier relationships; information security incident management; information security aspects of business continuity management; and compliance.

To obtain recertification, White & Case underwent a comprehensive set of internal and external reviews to ensure its IT systems met the requirements of ISO/IEC 27001. The process was audited by the Professional Evaluation and Certification Board, a leading global provider of training, examination, audit and certification services.

Press contact
For more information, please speak to your local media contact.