Kutak Rock’s Information Security Management System complies with the ISO 27001:2013 standard, which specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization, and includes requirements for the assessment and treatment of information security risks, tailored to the needs of the organization. The objective of the ISMS is to preserve the confidentiality, integrity and availability of information by applying a rigorous risk management process. ISO 27001 certification gives confidence to interested parties that the firm’s information security risks are being appropriately managed. View our Certificate attesting that our information security management system and its implementation meet the ISO 27001 standard, as confirmed by our outside auditors.

Kutak Rock also has achieved ACC Data Steward Program – Accredited status, indicating that our information security capabilities have been independently validated as satisfying ACC’s high standards for law firms.

Key elements of our Information Security Management System include the firm’s:

• Background checks for all new hires
• Mandatory information security training for all personnel
• Robust information technology protections
• Highly secure, encrypted, cloud-based document management system (using Net Documents)
• Physical security in all offices
• Vendor management program
• Executive level Information Security Risk Management Committee
• Internal and external testing and auditing

In addition to annual auditing for compliance with the ISO 27001:2013 standard, the firm’s information security systems are routinely audited by our major financial institution, retail, and other large clients.