Security and Risk

Protecting our clients’ information is a responsibility we take seriously.

While both hardware and software play critical roles in cybersecurity, the true foundation of robust security is the people powering it. Our people have implemented multifaceted policies that address confidentiality, data segregation, encryption, ethical guidelines, conflict of interest, and access control, among other issues. Continuous training and advanced threat intelligence help to keep our team up-to-date on best practices and evolving threat landscapes.

Our Information Security program helps safeguard sensitive information by employing a specialized security operations team and advanced technologies that support both the firm’s internal operations and client-related business processes. With a defense in depth approach to information security, the basis for the firm’s security program is well-established.

Kelley Drye first attained ISO 27001 certification in 2016 and was most recently recertified to the ISO 27001:2022 standard, with current certification valid through 2028. This certification comprehensively encompasses the services we offer, with particular emphasis on our document management, email communications, remote access, mobile device management, and litigation and regulatory data services. The firm also achieved ISO 27017:2015 certification for cloud security in September 2023 and has since aligned this certification with the ISO 27001:2022 standard.

Our security and risk efforts also include elevating data integrity and service availability, thereby minimizing the risk of significant business disruptions and promoting prompt business recovery. By regularly conducting business impact analyses, assessments of risks and vulnerabilities, and rigorous disaster recovery drills, we uphold a unified business continuity and disaster recovery program.