CASE STUDY

ISO 27001 compliance: A smooth certification for global law firm

Compliance
SHARE

The client

A leading Canadian law firm, delivering business-centred legal solutions both nationally and globally. As well as offering top-tier legal advice, they have a strong reputation for building trusted long-term relationships.

The challenge

Like many law firms, our client was required to transition to the updated ISO 27001:2022 standard by October 2024. The firm receives hundreds of compliance questionnaires annually, and appropriate ISO certification helps to streamline this process, reducing form-filling and administration during the tendering and client onboarding process.

They were seeking an experienced partner to support them in this endeavour, with a specific focus on:

  • Determining which updates were necessary to their Information Security Management System (ISMS)
  • Identifying any additional controls or processes that could be designed and implemented to ensure best practice
  • Secure handling of sensitive client information (any breach could significantly harm the firm’s reputation)
  • Compliance with multiple regulations, including GDPR.

The solution

Our comprehensive solution included:

  • Reviewing current policies and manuals to assess compliance effort needed to achieve the new standard
  • Mapping existing controls and processes to the updated ISO standard
  • Identifying all gaps and reviewing all documentation, updating policies and creating new ones as required
  • Updating their ISMS scope

The outcome

By successfully preparing our client for their certification audit under the new ISO Standard, they passed on their first attempt, avoiding the potential waste of time and resources associated with post-audit remediation. Working closely with the law firm, our compliance experts ensured a smooth and timely transition to ISO 27001:2022 where our client can now:

  • Confidently showcase their ISO compliance to attract new customers.
  • Continue to uphold high standards of information security.
  • Safeguard their reputation.
  • Maintain and enhance client trust.

Just as our law firm has a strong reputation for building trusted, long-term relationships, we are now looking forward to working with them in the years ahead, to deliver more of the tools they need to win new business.

Whether it’s a strategic initiative or a task you don’t have time for, we are the source you can trust to get it done.