Lighthouse eDiscovery Achieves HIPAA and ISO 27001 Compliance


December 20, 2017

"Data security is of utmost importance to our clients," said Mark King, chief information officer at Lighthouse eDiscovery. "These assessments demonstrate our commitment to provide the most reliable security infrastructure to our clients. Our dedicated IT security team maintains sophisticated structural and environmental controls that evolve based on changing standards, new threat models, and client requirements."

HIPAA requires organizations engaged in handling electronic protected health information (ePHI) to implement the necessary systems, procedures, and policies to secure such information. Risk analysis and management is an ongoing process, in which compliant entities must regularly review records to track access to ePHI and detect security incidents, periodically evaluate the effectiveness of security measures, and regularly reevaluate potential risks to ePHI.

The stringent security assessment by an independent auditor reviewed Lighthouse's compliance in its data management, data hosting and data security operations in the following areas:

  • Administrative safeguards
  • Physical safeguards
  • Technical safeguards
  • Breach notifications

ISO 27001 is a globally recognized standard for the establishment and certification of an information security management system. The standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization's overall business risks. It sets forth a risk-based approach that focuses on adequate and proportionate security controls that protect information assets and give confidence to interested parties.

These assessments were performed by Schellman & Company, LLC, an ANAB and UKAS accredited certification body based in the United States.

For more information about this announcement, please contact

About Lighthouse

Lighthouse is a global leader in eDiscovery and information governance solutions to manage the increasingly complex landscape of enterprise data for compliance and legal teams. Since our inception as a local document copy shop in 1995, Lighthouse has evolved with the legal technology landscape, anticipating the trends that shape legal practices, information management, and complex eDiscovery. Whether reacting to incidents like litigation or governmental investigations or designing programs to proactively minimize the potential for future incidents, Lighthouse partners with multinational industry leaders, top global law firms, and the world’s leading software provider as a channel partner. For more information, visit

General Media Inquiries

Eric Walter
Global Communications