Worth all the hard work for ISO certification?

It almost goes without saying that law firms must develop and maintain robust information security practices, now more than ever, given the growing threat of cyber-crime.

Whilst there are a number of immediate responses, such as penetration testing and security tests to highlight vulnerabilities, a more comprehensive solution is possible through achieving ISO 27001 certification, an international standard on how best to manage information security.

Law firms, with their abundance of client information and a reputation for lacking security, are an attractive target for criminals, which makes ISO 27001 certification all the more imperative. But it’s not an easy process and lack of experience can lengthen the time taken; which increases risk.

Detailing the requirements for an information security management system, ISO 27001 defines a best-practice approach that not only includes processes and technology, but the human element too. Recognising a law firm’s workforce can be its biggest security risk, the standard requires regular education and training programmes for everyone, at every level.

But it’s not just achievement of the standard that helps. The process of working towards it, will deliver immediate results, improve a firm’s security posture and ensure it quickly meets legal and regulatory data protection obligations.

Help at hand from a trusted partner

Quiss is a business that understands the importance of achieving and maintaining ISO27001, having followed the standard for years and passing the required certification audits.

Without certification, we would find it hard to compete and win business, as ISO 27001 is an increasingly popular requirement when submitting a tender. This is a situation familiar to a growing number of our clients, who understand they will struggle to retain or win business without ISO 27001 certification.

The ISO 27001 standard focuses on 114 information security applicable controls and that for many is the problem, there’s a lot to consider. And there’s no such thing as an average project, so an entire project, from scoping to certification, could take anywhere from a few months to a year or more and cost thousands or even tens of thousands of pounds. Which is why many never even start.

Further considerations affecting the cost will not just be the size of the business, but its complexity and the experience available within the business to focus on this project. Typically the need to achieve certification quickly and smoothly requires external support and that’s where we come in.

We have the necessary experience to guide our clients on their journey to certification, utilising the expertise we have in-house, that few businesses could justify having within theirs on a full time basis.

For more information on achieving ISO 27001 certification for your law firm and to start your journey today before a client asks to see your certificate.

Like what you read?