Tuesday, November 15, 2011

ISO 27001 for Law Firms: Report from Houston Risk Roundtable Hosted at Baker Botts

Last Friday we held a Risk Roundtable session in Houston, Texas. Many thanks to Baker Botts for hosting. The event focused on ISO 27001 for law firms. Brian Lynch moderated and sends his customary summary:
  • Dan – Greetings from the Great State of Texas! We had a very informative Risk Roundtable today at Baker Botts in Houston with our special guest, Andrew Rose, Principal Analyst, Security and Risk, from Forrester Research.
  • Andrew walked us through the ISO 27001 standard and how it applies to law firms. In response to growing client demands and increased regulatory obligations, law firms are finding themselves developing all sorts of security measures to accommodate a variety of requests. ISO 27001 certification has provided a reliable framework for a number of firms to respond effectively and provide security that clients have come to expect.
  • Bobby Tindel of Andrews & Kurth spoke to us about the robust processes and technologies that his firm has put in place over the past year and a half. One of the "sleeper risks" is a disgruntled employee turning whistle-blower over a minor violation.
  • The best approach is to close the loopholes and apply comprehensive and defensible security. Another participant pointed out the high standard established by the HIPAA/HITECH Act, and it's increasingly frequent appearance. Clients are pushing firms to provide security levels comparable to their own, not to other law firms.
  • As always, it was a great opportunity for an engaged group of participants to connect and share risk management perspectives.
For more information about ISO 27001 for law firms, see our recent New York Roundtable summary.

No comments:

Post a Comment