Leading city law firm Devonshires, has achieved the international information security standard, IS0 27001. The accreditation means that the firm has the highest security controls in place to protect client’s confidential information.
ISO 27001 is a specification for an Information Security Management System (ISMS), which has to be documented, implemented and tested on the firm and its suppliers. Audits are carried out to check compliance and that the ISMS is working effectively.
Achieving the accreditation coincided with a major IT infrastructure upgrade at the firm engineered by Quiss Technology, an ISO 27001 accredited supplier, in conjunction with Devonshires’ ICT Manager Gavin Searley. This enabled a number of additional technical controls to be designed and implemented.
Philip Barden, Senior Partner, said: “We have always taken security and client confidentiality very seriously but independent verification against an international standard is a strong way to demonstrate this to our clients. It provides them with reassurance that they can trust us with highly confidential matters and removes the need for them to request information security audits.
“Having ISO 27001 is an important statement that we never stop improving what we do for our clients and that we have the systems in place to enhance IT security on an ongoing basis.”
Mark Day, Director of Practice Development led the project, initially with a steering group of managers, lawyers and secretaries and then an appointed Information Security Team, which will also oversee the ISMS.
Mark said: “We achieved IS0 27001 in six months even though all the hard work needed to be put in whilst continuing to serve clients and grow the business. It was impressive to see our people get stuck in and make it all happen, including learning some new language!
“Naturally, some were nervous about being interviewed in a security audit but all our people shone. The training and preparation had also enabled us to reduce the amount of paper we use and make best use of the available office space, improving our working environment.”
The ISO 27001 certificate was awarded to Devonshires in November 2017 by Approachable Certification, a UKAS accredited audit body.