WHY ISO CERTIFICATION MAKES A DIFFERENCE
Commercial law matters, by their very nature, are extremely sensitive and legal professionals have a duty of care to manage and foresee their clients’ expectations around confidentiality and security. By extension, legal professionals need assurance that any external service providers they engage will competently protect the confidentiality and integrity of materials placed in their care.
LitSupport provides such assurance through certification and commitment to the ISO 9001 (Quality Management System – QMS) and the ISO 27001 (Information Security Management System – ISMS) standards.
One of LitSupport’s core performance targets has always been “ZERO breaches of confidentiality” and we have not yet detected any breaches in our operation. Nonetheless, when we started to pursue ISO 27001 certification, we realised that we had to qualify that statement with “as far as we know”. In a world of sophisticated malware and hacktivism, we had to recognise that as a supplier we could be the target of random or deliberate cyber attacks.
PROVIDING A CIRCLE OF DEFENCE
We needed to provide a circle of defence that moves us from “as far as we know” to a categorical statement that the security of our legal clients’ documents and data has not been compromised while in our care. To do this, we have scrutinised every system and process step to identify and evaluate potential risks and weak points.
Having evaluated those threats and vulnerabilities, we have been working to reduce each threat by instigating effective controls in fifteen key areas. We have reviewed and refreshed our security processes, systems and culture to :
- Ensure our systems can identify and repel hostile attacks on our IT networks and, by extension, those of our clients, by standardising internet perimeter controls across all LitSupport locations and performing regular penetration testing of our Job Ordering and Tracking Application – JOTATM.
- Restrict access to all data and files on a needs basis, with controlled and logged access to all our offices, IT systems and specific files using unique user credentials
- Protect information from accidental exposure by making job data anonymous (no client identification – referenced only by job ID), and destroying residual data on our networks and copiers using the respective manufacturer’s security kits
- Prevent unauthorised disclosure with specific controls around access to websites, external email accounts and the emailing or copying of data from the network.
MEASURING AND IMPROVING OUR SECURITY PERFORMANCE
LitSupport’s existing operational procedures have been strengthened and extended by inclusion as performance metrics in the ISMS framework. These include aspects as diverse as background checks on all staff, training that focuses on security awareness and business continuity planning and testing.
Continuous improvement is at the heart of the ISO 27001 standard. LitSupport is pleased to offer its certified status to our clients, demonstrating the care we have taken to safeguard your confidential material. We do so in the knowledge that we need to maintain vigilance by verifying, reviewing and improving our system so that we can continue to protect the information entrusted to our care.