Clifford Chance ups the ante in law firm IT security

Clifford Chance is one of the first law firms to be certified to the ISO27001 security standard

Law firm Clifford Chance has been certified to the ISO27001 security standard, and is only one of two in the Magic Circle to receive the recognition.

The Magic Circle is a term used to describe the top five London-based law firms.

ISO27001 is a specification for an information security management system (ISMS), which is a framework of policies and guidelines that include legal, physical and technical controls involved in an organisation's information risk management process.

"As the role of IT in the legal sector continues to grow, it is critical that the complex and highly confidential documents that are produced, remain secure," said Paul Greenwood, chief information officer at Clifford Chance.

"We recognise that investment in IT has a direct impact on the quality of service we can deliver to our clients, so it's a high priority for the firm".

Andrew Rose, global IT risk manager for Clifford Chance, said that achieving the standard was not expensive and other law firms should aim for it.

"We aspired to this for a while, and from the time we started to discuss it, to getting approved by the auditor, was a total of six months. We reviewed what our core information was, and made sure we had different layers in practice that were secure and appropriate. We also implemented standardised risk assessments, so that they are quick and agile," said Rose.

"Achieving ISO27001 was all done under our own man power, and the only cost was the auditor coming in, which in total was approximately £2,000," he added.

"It is quite surprising other law firms haven't adopted this, but they tend to operate on a peer review system. Hopefully if they see others in the same field trying for it, they will do the same".