Posted by ilta on May 4th, 2016
Description: As the new CIO at Steptoe & Johnson PLLC, Mark Combs sought to better understand the ISO 27001 standards to determine if he should pitch it to firm management, and if he would find value from instituting these standards at his firm. He wondered if peers in other firms were asking the same questions. We set up an interview with John Verry from Pivot Point Security so Mark could quiz the expert about ISO 27001 and get many of his (and your) questions answered. Some of the topics addressed include:
- What is ISO 27001 anyway - what does it mean and why do I want to do this?
- What standards must be met to become certified?
- Who is involved?
- How much time should a firm commit to gaining certification?
- Will ISO 27001 certification impact client matters?
- What are some of the common difficulties faced - where do certification seekers often fall short?
- How should someone new to the process estimate the total cost of certification?
- Is there an example of the standards preventing a breach?
Mark Combs, the CIO at Steptoe & Johnson, has expertise in information security, technology, strategy, people and project management. He has provided leadership for all areas of IT including networking, telecommunications, PC and application support, project management and data center operations. With 18 years of healthcare IT experience, Mark has previously served in a number of management and security roles. He is a Certified Professional in Health Information and Management Systems and a Certified HIPAA Security Specialist.
John Verry, Pivot Point Security's Managing Partner, is an ISO 27001 Certified Lead Auditor. He established and directs Pivot Point Security's ISO 27001 practice area, focusing on the legal vertical. John helps law firms, e-discovery firms and service providers to law firms discover how ISO 27001 can reduce the security, compliance and attestation challenges that law firms are wrestling with, and gain ISO certification in a proven, efficient and fiscally sound process.