A year for ISO 27001: Phoenix achieves certification

Phoenix Business Solutions has achieved ISO27001:2017 certification, we revealed earlier this month, in a year when many law firms are working towards the standard themselves and can be expected to look for assurances that their vendors are committed to information security management.
Phoenix’ independent assessment was conducted by the British Assessment Bureau and demonstrates its commitment to keeping its data, staff and premises secure.
Jason Petrucci, CEO at Phoenix Business Solutions commented: “ISO is a globally recognised standard and achieving certi cation gives our clients, stakeholders and the wider marketplace con dence that their data will be protected and that the correct policies and procedure are in place to maintain a healthy and secure environment. Achieving certi cation is a complex and demanding process but above all is a re ection of our commitment to the marketplace.”
Client reaction
Phoenix clients including Osborne Clarke and Mishcon de Reya are at different stages of their own ISO 27001 accreditation, so how important to them is it that their vendors are accredited?

Nathan Hayes (pictured right), IT director of Osborne Clarke, says: “Becoming ISO accredited is really important in terms of the way we run our business – information security is becoming a more signi cant issue and that is only set to increase. We need ways to ensure that we are looking after our clients’ data and our own data and one way to achieve that is accreditation for ourselves and from our vendors.
“ISO accreditation will become a hygiene factor: that’s not a question of if, but when. We’re coming to the end of our own ISO 27001 accreditation, as part of which we’ve had to validate our vendors. It makes it easier if we know that the right questions have already been asked, so we don’t have to go through the full validation process again. It makes it a much simpler and less time-consuming process for us.”
And Ned Stevanovski (pictured left), head of IT operations and security at Mishcon de Reya, said: “As we go through the certification ourselves, we will be making sure that all of our vendors comply with the same standards.”
While ISO 27001 is not yet a differentiator, the pair both agree that it will be. Hayes says: “There will come a point where if two vendors are providing a service and all else is equal, but one is accredited and one not, we’re probably going to choose the ISO accredited one. Any vendor in the legal tech space that isn’t looking seriously at ISO right now is probably missing a trick.”
And Stevanovski told us: “The certification is not yet a differentiator, but going forward there will be more pressure on companies to have the right policies and procedures in place to protect customer data as GDPR comes into force. Achieving ISO:27001 demonstrates Phoenix’s commitment to information security management – as one of our key technology partners this is very important to us.”
This story first appeared in the January 2018 Legal IT Insider newsletter – click here for your free monthly copy: http://legaltechnology.com//latest-newsletter/