ISO 27001 accreditations: the recent converts

Thanks to those who followed up our story in the January Orange Rag – A year for ISO 27001: Phoenix achieves certification – with their own ISO accreditation news.
First up is A&L Goodbody, which has similarly been acknowledged for its high standards in information security with the internationally recognised ISO 27001 certification. The certification reinforces A&L Goodbody’s commitment to protecting its information from security threats such as cyberattack, misuse, theft, vandalism and terrorism. A rigorous auditing process, conducted by Certification Europe, has resulted in A&L Goodbody achieving a full scope certification. 
Michael Brophy, CEO of Certification Europe and an industry leading expert in ISO 27001 said: “The issue of information technology security has never been more important, and the protection of data is a growing concern for clients and stakeholders alike. Having achieved an ISO 27001 certification, we are confident that A&L Goodbody has continually demonstrated their commitment to maintaining the confidentiality of its clients’ data and protecting this information from misuse, corruption or loss. Their clients can be secure in the knowledge that A&L Goodbody adheres to best practices for information security management.”
Julian Yarr, managing partner at A&L Goodbody added: “Protecting information in today’s environment is one of the biggest challenges businesses face. Achieving this ISO certification shows that we are doing all we can, set against international best practice, to make our data and that of our clients as secure as it can be. It’s clear to us that clients want to engage with firms who have the highest standards in data protection, and we believe that achieving ISO 27001 provides them with that comfort.”
Second up, Roythornes achieved accredited certification for ISO 27001 in December 2017. The East Midlands law firm has been working hard on a ‘prevention is better than the cure’ approach to cyber security and continues to implement measures intended to reduce the risks of security breaches including the use of cyber security experts to test systems, people and processes for weaknesses. Operations and IT Director, Jonathan Swan told us: “As a law firm, ensuring that our clients can trust us is critical to our business. Recently we achieved ISO27001 accredited certification, the international standard for information security. This provides a management framework to help maintain and continuously improve the confidentiality, integrity and availability of our information systems. We believe that having this certification will help further instil client confidence in us as a firm and provide a higher degree of assurance in the governance of our systems and client data.”
Turning to legal tech vendors next and Luminance in February announced its successful ISO 27001:2013 certification from BSI (Business Standards Institution). The company has established a heavyweight Security General of MI5, Lord Evans of Weardale KCB, alongside Jack Stockdale and Dave Palmer, who are respectively CTO and director of technology at world leading cyber security company Darktrace.   Luminance continues to apply the most rigorous information security procedures to all client work. Any information uploaded to Luminance is stored securely on the company’s cloud servers or on-site appliances and encrypted to ensure that document content and metadata are protected. “We take the security and protection of our customers’ data very seriously,” said Emily Foges, CEO of Luminance. “The ISO certificate is further proof of our commitment to offering clients the highest security standards, as well as excellent service. We welcome the advice and support of a highly experienced Advisory Board to ensure we maintain these standards as we continue to grow.”
Another vendor to have very recently achieved certification is intelligent deal platform startup Legatics, which you will recall is to be rolled out globally at Magic Circle giant Allen & Overy after a stint in A&O’s tech incubator Fuse. Legatics obtained its ISO27001:2017 certification on 17 January 2018.
And last but not least, DictateNow has achieved ISO 22301:2012, the internationally acclaimed standard for business continuity. The firm’s business continuity management system (BCMS) underwent a detailed assessment by Lloyd’s Register Quality Assurance (LRQA), a world leading UKAS certified, independent provider of Business Assurance services, who found the system in full compliance. DictateNow is already ISO 9001:2015 and ISO 27001:2013 accredited.
Managing director Garry Park commented: “Having a business continuity plan in place is one thing, but having it independently assessed and certified ISO 22301:2012 compliant is what really counts for our clients. “Any business that outsources transcription services to DictateNow can rest assured that if anything goes seriously wrong, like an incident that denies us access to our offices, the service we deliver will not be interrupted.
“Managing our service across our home-based typists, spread throughout the UK, remains a challenge, but brings resilience to our service and limits the impact of any one localised event, like a fire, flood or power outage. Perhaps more worrying is the growing threat of cyber-crime, with the recent WannaCry ransomware attacks highlighting how quickly businesses can succumb. And if it’s your niche service provider that’s hit, your business will also suffer.
“The three ISO standards for which our business maintains certification, require that we continually improve our systems, within the context of how we work with our clients – and that’s what’s really important. “This latest achievement has taken a lot of hard work by our internal teams and puts us amongst the very first service providers in the UK to achieve ISO 22301:2012 certification.”
This story first appeared in the February Legal IT Insider
Update: Online legal services procurement company Lawcadia achieved ISO 27001:2013 in November 2017. CMO and co-founder Sacha Kirk tells us: “These processes often take many months but our team was able to obtain the certification in four weeks! Mostly this was due to the continued diligence of our team and high standards that we were already holding the business to, but still it was a proud milestone for us to have the formal recognition of the work that has been done.”
She adds: “Lawcadia interfaces with corporate clients and their law firms and so we need to adhere to a very high standard when it comes to data security. With enterprise clients that work in multiple international geographies, data sovereignty also needs to be managed, so it is a highly complex issue.”