Leveraging Information Security Standards in Law Firms: The Increasing Popularity of ISO 27001 in the Legal Industry

Information is the most valuable asset within a law firm and keeping this information secure is paramount to clients and firm leadership. ISO 27001 provides a framework to better protect information from an increasing variety of threats including fraud, cyber-attacks, inappropriate access and data leakage. Certification helps firms:

  • Avoid penalties
  • Protect their brand and reputation
  • Ensure a secure exchange of information
  • Foster stakeholder (client) loyalty and trust
  • Achieve regulatory compliance, and
  • Minimize the efforts of client security audits.

This paper defines ISO 27001 certification, illustrates various approaches to achieve certification, describes benefits and challenges with the certification process and identifies the direct linkage between ISO 27001 and Information Governance (IG) as a discipline.