ISO 27001 certification
“We saw achieving ISO 27001 as a vital part of our risk management strategy and continuous improvement programme. For us it was important from a regulatory, professional and commercial perspective to ensure our information security systems within the business were robust.
“Once we decided to implement the standard, our view was to apply it right across the firm from top to bottom. For us, it wasn’t about getting the tick in the box. It provided the impetus for a culture change.
“We worked with Julian Russell and had some really positive debates about how the standard would actually work for our business. He came up with very practical solutions that now that they are in practice, are proving to work very well.”
Tamsin Cooper, Partner – Risk and Compliance
The company
Langleys is a long-established practice and has grown into a leading UK law firm offering a full range of legal services. It has circa 350 employees, including 34 partners. It has recently completed a major refurbishment of its offices in Micklegate, York.
The firm has divided its business into four key divisions: Commercial, Private Law, Insurance and Residential Conveyancing. It has invested heavily in its IT platform as it views technology as an essential part of its business strategy to drive performance and maintain its competitive edge.
Langleys is very much part of the communities in which it operates and encourages staff to get involved in fund raising and charitable events for local good causes. Members of its team also donate their legal skills to pro bono work through Pro-Help, a group of professional companies and businesses that is run through Business in the Community.
The challenge
Since the firm had decided to adopt a holistic approach to implementing the standard, the scope of the project was very broad and covered all people, all services, all processes, all technology and assets across its offices.
The threat from cyber crime is on the increase, and they wanted to be able to monitor and track absolutely everything they did to ensure their systems were as robust as possible.
The methodology
The business already had a strong IT infrastructure with good systems and protection of data, what it needed to build on was policies and procedures for handling information that fell outside the network of coverage it had in place. Julian recommended ‘ISO in a Box’ as the most appropriate system for achieving 27001 certification.
A thorough gap analysis was the starting point, and a lot of time was spent working in detail to ensure that the controls specified in 27001 would be practical to implement. Mid way through the project it was announced that the ISO 27001:2005 Standard was being updated with a new version – ISO 27001:2013 – and that the 2005 version would become obsolete in October 2015.
The new Standard puts a strong focus on measuring and evaluating how well the organisation’s information security management system is performing, ensuring that it is ‘fit for purpose’. This meant that Langleys’ existing systems then had to be audited against the new requirements.
New policies and procedures were written and tested and ISO in a Box provided a structured framework for documenting every part of the business.
The benefits
The firm now has complete visibility and tracking of all security threats ISO 27001 certification has satisfied the requirements for its FCA regulated clients. By implementing the standard, employees have a far greater awareness of the importance of protecting information and the need to adhere to all policies and procedures. It has given the firm the confidence that its systems are as robust as possible.
There are also ‘softer’ benefits: The project has effected a culture change that people have bought into; they are using the new system and it has become part of the way they work. The feedback is positive; the sheer breadth of the scope covered by the certification has certainly enhanced Langleys’ competitive edge.
