Security and Risk

Protecting our clients’ information is a responsibility we take seriously.

While both hardware and software play critical roles in cybersecurity, the true foundation of robust security is the people powering it. Our people have implemented multifaceted policies that address confidentiality, data segregation, encryption, ethical guidelines, conflict of interest, and access control, among other issues. Continuous training and advanced threat intelligence help to keep our team up-to-date on best practices and evolving threat landscapes.

Our Information Security program helps safeguard sensitive information by employing a specialized security operations team and advanced technologies that support both the firm’s internal operations and client-related business processes. With a defense in depth approach to information security, the basis for the firm’s security program is well-established.

Kelley Drye first attained ISO 27001 certification in 2016, and the firm’s current certification is valid through 2025. This certification comprehensively encompasses the services we offer, with particular emphasis on our document management, email communications, remote access, mobile device management, and litigation and regulatory data services. The firm also achieved ISO 27017 Cloud certification in September 2023.

Our security and risk efforts also include elevating data integrity and service availability, thereby minimizing the risk of significant business disruptions and promoting prompt business recovery. By regularly conducting business impact analyses, assessments of risks and vulnerabilities, and rigorous disaster recovery drills, we uphold a unified business continuity and disaster recovery program.