GLG completes ISO 27001 certification

GLG has completed ISO 27001 certification, the international standard for information security management, with an effective date of December 2, 2025. The expert network announced the result on January 29, 2026, following what it described as a comprehensive third-party audit covering the systems behind its core insight-network services.

For a firm whose product is the controlled flow of information between vetted experts and institutional clients, the certification is less a marketing badge than a procurement-cycle requirement. ISO 27001 is the credential vendor-management teams at hedge funds, asset managers, and consultancies typically ask for in security questionnaires. Without it, a vendor renewal can stall.

What ISO 27001 actually covers

ISO 27001 is issued by the International Organization for Standardization and certifies that a company operates a documented Information Security Management System (ISMS), with controls spanning access management, encryption, incident response, supplier risk, and ongoing internal audit. Certification requires a third-party audit and is renewed on a defined cycle, typically with annual surveillance audits.

For expert networks, the relevant control families are the ones governing how client and expert data is segregated, how transcripts and call recordings are stored, and how access is logged. These are the same systems compliance teams probe when an expert call touches a sensitive sector.

The procurement context

Buy-side information-security questionnaires have grown longer over the past three years. Hedge fund operations teams, custodians, and fund administrators now routinely ask vendors for SOC 2 Type II reports, ISO 27001 certificates, or both, before approving a renewal. A vendor that holds neither faces uncomfortable conversations during diligence.

GLG's announcement does not disclose the certifying body or the scope statement, both of which determine how broadly the certificate applies. Scope matters: a certificate covering only one office or one product line is materially different from an enterprise-wide certificate. Buyers reading the press release will want the certificate itself, not just the announcement.

Why now

The expert-network category has spent the last three years living under elevated compliance pressure. The 2023 raids on Capvision's Shanghai and other mainland offices, and the earlier scrutiny of Bain's China research practices, prompted multiple Western expert networks to pause or restructure China-sourced calls. Material non-public information (MNPI) policies have tightened on the buy-side, with some funds requiring vendors to demonstrate not just policy but audited controls.

In that environment, an ISO 27001 certificate is closer to table stakes than differentiation. Several of GLG's peers have held the certification for years. The more interesting question is what GLG's certified scope covers and whether it extends to the AI-assisted transcription and search tooling the firm has been building into its platform.

What to watch

The near-term tells: whether GLG publishes the full scope statement, whether competing networks issue parallel announcements, and whether buy-side RFPs in 2026 begin requiring ISO 27001 explicitly rather than treating it as one option among several. The expert-network category has commoditized on product; compliance is one of the remaining axes where firms can still differentiate on substance.