Information is increasingly at risk from a range of sources: espionage, sabotage, vandalism, fire, flood, computer viruses, computer hacking and attacks, all potentially resulting in loss of service.
The importance of information security for law firms has been highlighted in recent comments by the head of the FBI’s cyber division, Mary Galligan, who said: ”As financial institutions in New York City and the world become stronger, a hacker can hit a law firm and it’s a much, much easier quarry.”
Having an information security management service (ISMS) helps to protect against this, safeguarding information and minimising the risks from such threats, and aims to preserve the confidentiality, integrity and availability of all our information.
In April 2013, Anderson Strathern achieved ISO27001:2005 certification, the world’s highest accreditation for information security and protection.
Information security is not just about IT, but also includes physical files and papers and access to your offices. Clients are increasingly recognising its importance.
Prior to the award we already had an integrated management system for quality, environmental, and health & safety and, in qualifying for the award, we were able to incorporate our ISMS (in accordance with ISO/IEC 27001:2005) into our existing integrated management systems.
Introducing our ISMS involved putting in place a suitable set of controls (policies, processes, procedures, organisational structures, software and hardware functions). Our ISMS allowed us to formalise the way we protect and manage information, based on systematic business risk approach. We involved and trained staff to develop and maintain a high level of information security awareness and handling.
Internal and external audits are carried out, as are independent process reviews. These allow us to seek assurances, continually improve our processes and minimise the risk of things going wrong.
Regardless of size of firm, a successful ISMS requires strong support from top management down, and buyin from all staff through guidance and training.
In this issue
- Risk and the duty to inform
- Decrofting back on track
- The long road to qualify
- Scotland scores on “Themis” debut
- Equality and regulatory reform
- Reading for pleasure
- Opinion column: Martin Crewe
- Book reviews
- President's column
- What right of way?
- Gas in the tank
- Scotland on the world stage
- Up there with the best
- The Significant Seven
- Out on 65?
- Gatekeeping the experts
- Fairway failings
- Beware of solvent liquidations
- Passing off update
- Scottish Solicitors' Discipline Tribunal
- Holyrood out of bounds
- DPAs: cross-border confusion?
- The road to land reform, but where is it going?
- How not to win business: a guide for professionals
- Information security: raising the bar
- Waste: help sort it out
- Where there's a will
- Ask Ash
- "Reply to all"
- Law reform roundup
- Incidental financial business: amendments ahead
- Times are tough