The Standard is the Standard: ISO 27001 & Law Firms

Published On January 27, 2018

The importance of law firms becoming ISO 27001-certified as means to demonstrate to clients that they are complying with information security standards.

Recently our Pittsburgh ARMA chapter toured Heinz Field, home to the Pittsburgh Steelers. Directly outside of the Steelers locker room is the metal sign that you see in this photo. “The Standard is the Standard” is an axiom attributed to current Steelers coach, Mike Tomlin. While there are slight variations as to the meaning behind Coach Tomlin’s message, the general consensus from the players and the organization is this: the standard is the same for everyone. No excuses. No justifications. If you are on the field, and part of the team, you’re expected to perform as hard and as fast as everyone else.

This type of expectation is not unfamiliar to law firms. Clients require superior representation from their lawyers. Clients (especially those in regulated industries) also expect law firms are managing and securing their data by the same standards that they (the client) have within their own organization. The significant increase in client security requirements via outside counsel guidelines, RFPs, and security questionnaires have now prompted many law firms to become (or consider becoming) ISO 27001-certified as means to demonstrate to their clients that they are complying with what is widely known as the standard for information security.

In this report, Leveraging Information Security Standards in Law Firms: The Increasing Popularity of ISO 27001 in the Legal Industry, the Law Firm Information Governance Symposium (LFIGS) addresses this increasing trend. Additionally, the report examines the challenges, opportunities, and approaches to obtaining certification. The report also explores other security standards, and presents a survey that reflects the current trend of ISO 27001 certification in law firms.

The report is certainly relevant to those in the IT, IG, or information security discipline. But, it’s important to note that its audience doesn’t stop there. It’s also designed for individuals in HR, Marketing, and Procurement. In fact, it could be argued that any law firm employee or partner would benefit from reading the paper.

Why?

With client security, the standard is the standard, regardless of the role an individual has within the firm. The responsibility to protect client data does not just belong to one or two teams.

It belongs to everyone.