ISO 27001 Certification
Law firms store some of their clients’ most sensitive business information, which is why clients are increasingly asking harder questions about and mandating more stringent requirements for outside counsel information security practices. For IT, this often means more time spent responding to client requests, RFPs, and even external audits.
In response, several firms are leveraging ISO 27001 certification. Adopting an independently-developed information security management framework lets firms quickly respond to client concerns. Today, ISO 27001 is gaining momentum, with firms in New York and London increasingly facing certification mandates from government and financial services clients.
The advantage for firms is that the ISO stamp of approval provides a quick path to addressing client concerns and a competitive wedge to use as a competitive differentiator among their peers.
Pursuing ISO 27001 is a challenging process, requiring investments on several fronts. To be successful, efforts must include enhancements to internal policies, practices and technology. Management “buy in” and support, and collaboration among risk and IT stakeholders are also a critical.
To attain ISO certification, organizations must satisfy multiple requirements including:
Subjecting their systems and processes to review by accredited external auditors
Conducting their own periodic internal audits to ensure real-world practices align with defined policies
Taking steps to continually improve their information security efforts, including implementing new processes and controls
The Intapp Solution – Intapp Walls + Consulting Expertise
Leveraging the right tools, experience and approach can significantly simplify ISO certification. Intapp provides software and services specifically designed to accelerate these projects by addressing key policy, process and technology requirements outlined in the ISO 27001 definition.
Intapp Walls provides information classification, security enforcement, and user awareness management that are called for in the ISO definition, including organization of information, access control and information security, and compliance reporting. Today, several prominent ISO 27001-certified law firms leverage Intapp Walls as part of information security efforts.
Intapp’s services group offers consulting services that include reviews of existing infrastructure and practices, generation of gap analysis reports, and recommendations for ISO certification project planning and execution.