Law firms are starting to seriously pursue the ISO 27001 information security framework. In cities like New York and London, firms even face ISO certification requirements from government and financial services clients. And these firms are not shy about trumpeting their capabilities:
- "White & Case serves a large number of multinational companies, governments and other public and private sector organizations, all of which want assurance that their most sensitive information is strictly safeguarded in accordance with world-class standards. As a firm, we are committed to maximizing the trust and confidence our clients have in our global IT infrastructure security capabilities."
- "As the role of IT in the legal sector continues to grow, it is critical that the complex and highly confidential documents that are produced, remain secure... It is quite surprising other law firms haven't adopted this, but they tend to operate on a peer review system. Hopefully if they see others in the same field trying for it, they will do the same."
"We serve an impressive array of national and multinational clients who rely upon our ability to protect and maintain their information with our rigorous security standards. Retaining our ISO 27001 certification demonstrates our high level commitment and understanding of security requirements to ensure our client information and data remains fully secure."
- "Certification has introduced a structured approach to security management and also significantly improved our competitiveness... Prospective clients are increasingly calling on legal firms to prove their information credentials as part of the tendering process."
"Our firm stays ahead of competitors on information security with prestigious certification… We are leading the pack on information security. This certification provides real business benefits when working with our clients and future clients, especially within the financial industry."
"The firm recognized that security was being publicized frequently and that with some of the data breaches that have been in the news, it would be important to show that our firm has a strong commitment to security. All of our clients have sensitive confidential information and they expect us to have the appropriate security systems in place. They're coming on site and doing security assessments, so having this shows them at the very beginning that we have good policies and procedures in place."
In addition to providing these firms with a potent competitive differentiator, ISO certification serves as a convenience "checkbox" response when facing client confidentiality management and information security questions in RFPs and panel selection questionnaires.
But achieving certification can be a challenging, requiring enhancements to internal policies, practices and technology controls. Success requires management "buy in" and support, collaboration among risk and IT stakeholders, and an execution plan that minimizes change or disruption to lawyer work practices.
Supporting ISO 27001 Certification
For organizations seeking expert guidance to accelerate their pursuit of ISO certification or equivalency, Intapp offers tailored ISO 27001 readiness consulting services.
Leveraging the right tools, experience and approach can significantly simplify ISO certification. Intapp provides software and services specifically designed to accelerate these projects by addressing key policy, process and technology requirements outlined in the ISO 27001 definition.
Intapp’s consulting group and its partners offer assessment services that includes review of existing infrastructure and practices and generates analysis reports, scoping project requirements and timing for certification project planning and execution.