This website uses cookies. View our cookie policy
Select regional store:

ISO 27001 for Law Firms

Meet client information security audit demands with the international information security standard, ISO 27001

Having worked with a number of high-profile, specialist and niche law firms throughout the country, we know that many practices are subject to regular information security audits requested by their clients. These can be laborious and time-consuming – as well as disruptive – to carry out.

Certification to ISO 27001, the international information security standard, eliminates the need to repeatedly undergo detailed information security audits because the certification body has already done the audit. ISO 27001 is recognised worldwide as the international information security standard, and certification greatly reduces the burden of regular audits.

Comply with the GDPR

As of May 2018, all organisations that hold information on EU data subjects will be required to comply with the EU General Data Protection Regulation (GDPR). Failure to comply can result in tough penalties, and breached organisations can expect fines of up to 4% of annual global revenue or €20 million – whichever is greater.

Until now, law firms that have suffered data breaches have largely managed to keep out of the media spotlight – with the notable exception of the Panamanian firm Mossack Fonseca – but this will soon change. When the GDPR comes into force in May 2018, law firms will have to disclose breaches that compromise the rights of data subjects. Having information security controls already in place, such as those recommended in ISO/IEC 27001:2013, will strengthen your cyber security stance, and will significantly reduce the likelihood and impact of suffering a breach.

Stringent information security is important in the legal sector

Cyber crime presents a significant risk to clients and their assets, including information and money, which not only leads to a negative impact on the structural or financial stability of a law firm, but can severely damage a firm’s reputation. Under Principle 10 of the Solicitor’s Regulation Authority (SRA) handbook, law firms within England and Wales have a responsibility to “protect client money and assets”.

With law firms ranked the seventh most frequent target for cyber criminals by CISCO’s last Annual Security Report, law firms are under considerable pressure from both clients and the government to protect confidential information.

We are now seeing clients demand that their law firms implement stringent information security controls, such as those set out in ISO 27001, to protect their confidential information.

ISO 27001

Many law firms are now implementing ISO 27001-compliant information security management systems (ISMSs) to ease the workload of regular audits and better manage their sensitive information. Not only does this prove to their clients that they take information security seriously, it enables them to gain an advantage over their competitors. Top UK law firms that have achieved certification to the Standard include Allen & Overy, Clifford Chance, DLA Piper and Linklaters.

ISO/IEC 27001:2013 sets out the best-practice specifications of an ISMS, a system of managing the confidentiality, integrity and availability of your information assets. Complying with this standard provides your business with a holistic approach to information security – encompassing people, processes and technology – that is recognised worldwide.

Why IT Governance?

IT Governance is a global provider of information security solutions, and has helped over 400 organisations around the world achieve certification to ISO 27001.

We have helped law firms of all sizes (and across multiple locations) achieve their information security objectives through a mixture of tools, training, consultancy and penetration testing, and we can help you, too, with our affordable, fixed-price solutions.

Contact us on 0845 070 1750 or at to discuss your information security requirements with one of our advisors today.

Free resources:


ISO 27001 for Law Firms

Download this free paper and discover how top law firms use ISO 27001 to grow their client base, how ISO 27001 will benefit your firm, and why stringent data security in the legal sector is a key business enabler.



Cyber security for the legal profession – an urgent priority

Read this free brochure to learn how to reduce your reputational risk, how the GDPR will affect your firm, and the routes you can choose to get your firm cyber secure.