ISO 27037 – Digital Evidence Handling Assessment
At Company Certification Int., we provide expert conformity assessment services based on ISO/IEC 27037, the international guideline that outlines how to properly identify, collect, acquire, and preserve digital evidence. Though this is not a certifiable standard, our assessment helps organizations demonstrate alignment with best practices in digital forensics and incident response.
What Is ISO/IEC 27037?
ISO/IEC 27037 provides guidance on handling digital evidence in a legally sound and forensically reliable manner. It is especially valuable for organizations that may face legal disputes, security breaches, or need to collect evidence for internal investigations.
It covers:
Identification and documentation of potential digital evidence
Proper collection and preservation methods
Role definition: Digital Evidence First Responders and Specialists
Legal and procedural considerations in evidence handling
Our Assessment Services
Our ISO/IEC 27037 conformity assessment includes:
Review of digital evidence handling policies and SOPs
Evaluation of systems and tools used for data collection
Gap analysis against ISO/IEC 27037 recommendations
Assessment of staff readiness and role clarity
Delivery of a Conformity Assessment Certificate
Key Benefits
Increases the reliability of digital evidence in investigations
Strengthens your organization's readiness for cyber incidents
Supports compliance with data protection and legal standards
Builds trust with regulators, auditors, and clients
Reduces legal and reputational risk
Who Needs This?
Organizations handling sensitive or regulated data
IT and cybersecurity teams
Legal departments and compliance officers
Digital forensics and incident response units
Government, telecom, finance, and healthcare sectors
What You’ll Receive
Digital Evidence Handling Assessment Report
Practical recommendations for improvement
Certificate of Conformity (non-accredited)
Optional awareness training for key staff
Our Process
Conducted remotely or on-site
Based on interviews, document review, and tool walkthroughs
Efficient delivery with actionable insights
Frequently Asked Questions (FAQ)
Q1: Can we get certified to ISO/IEC 27037?
A1: No, it is a guideline. However, you can obtain a conformity assessment certificate showing your alignment with its principles.
Q2: Is this assessment useful for legal compliance?
A2: Yes. Proper digital evidence handling supports legal defensibility and readiness for disputes or cybercrime investigations.
Q3: How does it relate to ISO/IEC 27001?
A3: It complements ISO 27001 by offering depth in incident evidence collection and forensic practices, especially for security events.
Q4: Do you assess our team’s readiness?
A4: Yes. We review the roles, responsibilities, and preparedness of evidence handlers as defined in the standard.
Take Control of Your Digital Evidence Process
Let Company Certification Int. help you align with ISO/IEC 27037 and build confidence in your digital evidence practices.