We think about that number a lot. This month we renewed our ISO 27001 certification, so it feels like the right moment to explain what that is, why we care, and what it changes for the people who trust us with their documents.
What ISO 27001 actually is
ISO 27001 is the international standard for information security. To hold it, a company has to prove it manages risk to data in a structured, documented, repeatable way. A single password policy does not count. The standard asks for a full information security management system, then sends an independent auditor to test whether that system works in real life.
The current version is ISO 27001:2022. It sets out 93 controls across four areas: how the organisation is run, how people handle information, the physical setup, and the technology behind it. An accredited external body reviews each one before it signs off. The auditor reads the policies, then checks whether daily practice matches them. The certificate only stands if the answer is yes.
What "renewed" means
A certificate like this is not something you earn once and hang on the wall. It runs on a three-year cycle, with surveillance audits in between to make sure standards do not slip. Renewal means the auditor came back, examined the system again, and confirmed it still holds. We passed. The point of the cycle is that security is never finished, and an outside review keeps us honest about where we stand.
Why we care more than most
Most client data does not leak through a dramatic, movie-style hack. It leaks through ordinary work.
Picture how a document request usually travels today. A partner asks a client for twenty items. The files come back as attachments across a few replies. One copy gets saved to a desktop. Another sits in a shared drive behind a link that never expires. Nobody is quite sure which version is the final one, or who still has access.
The risk is rarely the conversation itself. It is the confidential file that travels as a loose attachment, gets copied somewhere, and leaves no record of where it ended up. The numbers show what that adds up to. Verizon's 2025 report put losses from business email compromise at 6.3 billion dollars, and roughly 80 percent of phishing now targets login details for everyday tools like Microsoft 365.
There is a second problem hiding underneath the first. In 2025, third-party breaches climbed to more than a third of all incidents. When a firm holds client data, it becomes part of every client's attack surface. For a practice in audit, M&A, accounting, insurance, or legal work, that is where the real danger sits. You can have brilliant people and a spotless reputation, and still lose a client's confidence over one misplaced file.
How you are protected when you work in Alkmist
Inside Alkmist, that exchange changes shape. The conversation can still start wherever it does today, including the inbox. Our email agent reads a request sitting in a thread and turns it into a tracked action item, so a client keeps using the tools they already know while the file itself moves somewhere safer.
Once it does, every document has an owner, a deadline, and a full record of who opened it and when. Nothing depends on a stray attachment. Access can be granted and pulled back. Activity is logged. The same structure that makes the work visible is what keeps it secure.
This is what secure document collaboration looks like in practice. A client uploads a confidential file to a request you sent, and it lands in one place rather than scattering across desktops and drives. You always know what has been shared, with whom, and what is still outstanding.
ISO 27001 is the proof behind that environment. The certification covers how we build, run, and monitor the platform you trust with sensitive material. It also lines up closely with GDPR, which matters when your clients, and ours, sit across 62 countries. The same controls apply whether the platform carries your firm's name or runs quietly in the background as white-labelled infrastructure.
The part clients never thank you for
Security is rarely the thing anyone praises. People notice it only when it breaks. Our job is to make sure that day never arrives, so the only thing your clients remember is how simple the work felt.
That is why we renewed. Not for the badge, though we are proud of it. We did it because the firms using Alkmist hand us the most sensitive documents their clients own, and that kind of trust deserves to be checked by someone other than us.
See where your client work should actually live
If your confidential files still travel as loose attachments with no record of where they land, it is worth seeing the alternative. Explore Alkmist and send your first secure document request in a few minutes. One workspace, every file accounted for, and a clear view of who has what. Check out Alkmist.
