Information security: raising the bar
Anderson Strathern has become one of only a few UK law firms to achieve the top accreditation for information security
Information is increasingly at risk from a range of sources: espionage, sabotage, vandalism, fire, flood, computer viruses, computer hacking and attacks, all potentially resulting in loss of service.
The importance of information security for law firms has been highlighted in recent comments by the head of the FBI’s cyber division, Mary Galligan, who said: ”As financial institutions in New York City and the world become stronger, a hacker can hit a law firm and it’s a much, much easier quarry.”
Having an information security management service (ISMS) helps to protect against this, safeguarding information and minimising the risks from such threats, and aims to preserve the confidentiality, integrity and availability of all our information.
In April 2013, Anderson Strathern achieved ISO27001:2005 certification, the world’s highest accreditation for information security and protection.
Information security is not just about IT, but also includes physical files and papers and access to your offices. Clients are increasingly recognising its importance.
Prior to the award we already had an integrated management system for quality, environmental, and health & safety and, in qualifying for the award, we were able to incorporate our ISMS (in accordance with ISO/IEC 27001:2005) into our existing integrated management systems.
Introducing our ISMS involved putting in place a suitable set of controls (policies, processes, procedures, organisational structures, software and hardware functions). Our ISMS allowed us to formalise the way we protect and manage information, based on systematic business risk approach. We involved and trained staff to develop and maintain a high level of information security awareness and handling.
Internal and external audits are carried out, as are independent process reviews. These allow us to seek assurances, continually improve our processes and minimise the risk of things going wrong.
Regardless of size of firm, a successful ISMS requires strong support from top management down, and buyin from all staff through guidance and training.
Allan Skivington is IT manager at Anderson Strathern LLP