Thursday, April 25, 2013

Law Firm Information Security & Governance – ISO 27001 + Expert Opinion

We've commented previously on how several law firms are leveraging ISO 27001 certification as a competitive and business development asset. Via The Lawyer, comes another example: "Anderson Strathern awarded world’s highest accreditation for information protection and security" --
  • "Scottish firm Anderson Strathern has announced that it has achieved the prestigious ISO 27001 certification across its entire business. ISO 27001 is the world’s highest accreditation for information protection and security, and is the only international benchmark for information security management verified by an independent audit."
  • "'The security of our clients’ information is of paramount importance to us. Our clients include governments, commercial organisations, and private individuals whose most sensitive information has to be strictly safeguarded in accordance with world-class standards. ISO 27001 confirms that our clients' sensitive data is robustly secure,' said Andy Lothian, Managing Partner. 'We are committed to maximising the trust and confidence our clients have in our quality of service, our security capabilities and in our sustainability.'"
And, in the US, comes an article from the ABA Journal: "As more hackers target lawyers, here’s how to protect client data" --
  • "Most major U.S. law firms have been victims of security breaches, and the unwelcome threats likely operated covertly for 8 to 9 months before they were discovered. For many firms, the first whiff of insidious action comes from a knock on the firm’s door by the FBI."
  • "…the U.S. government labeled New York City’s 200 largest law firms 'the soft underbelly' of hundreds of corporate clients, two experts warned at an ABA Techshow session on data security for lawyers. Even midsize, boutique and solo firms are at risk…"
  • "Updated ethics rules require lawyers to make reasonable efforts to make sure client data is secure. The new rules also require lawyers to be competent with technology or to hire someone who is. Judges will no longer buy arguments that tech and its threats are evolving too quickly for lawyers to keep up, Nelson said."

No comments:

Post a Comment