Designation validates firm’s commitment to data privacy and security.
Shook, Hardy & Bacon, an international law firm with a legacy spanning 125 years, announced today that it had obtained ISO 27001 certification of its information security management system. ISO 27001 certification provides Shook clients with third-party validation that the firm’s data security guidelines, policies and procedures meet international standards for best practices.
“In the course of our work for clients, Shook, Hardy & Bacon regularly houses and analyzes large quantities of highly sensitive information,” said John Anderson, Shook’s Chief Information Officer. “Through this designation, we can continue to assure clients that we are committed to data security at all levels throughout the firm."
A globally recognized standard for information security management systems, ISO 27001 certification requires that a company show a systematic and ongoing approach to managing sensitive information. Shook began pursuing certification 18 months ago; to maintain its standing, Shook must undergo annual audits to assess its maintenance of high standards.
While the pursuit of ISO 27001 is gaining momentum among law firms, certification itself is not standard across the industry. According to a presentation at the International Legal Technology Association’s LegalSEC conference in June 2014, certification had been achieved by at least 12 large law firms, half of which are based in the United Kingdom. Another 16 U.S. firms were identified as “working toward or investigating certification.”
“The size and severity of corporate data breaches continues to skyrocket, with no end in sight,” Anderson said. “Companies increasingly seek assurances that their business partners have taken adequate and appropriate measures to protect against theft and unintended use of their data. Our annual ISO 27001 audits will help us to focus on continuously improving our systems, adjusting to new risks that didn’t exist the year before.”