The eagle-eyed amongst you may have spotted that 'ISO' is not an acronym for 'International Organization for Standardization', but apparently comes from the Greek word 'isos' meaning 'equal', thereby avoiding the name having different acronyms in different languages (IOS in English and OIN in French). Every day's a school day.
Anyway, ISO/IEC 27001 sets out a management system that brings information security under management control by the use of specific requirements set out in the standard. Organisations that meet its requirements may be certified by an accredited certification body following successful completion of an ISO audit.
I'm therefore proud and delighted to say that on 13 February 2020, Morton Fraser was certified by BSI as operating an Information Security Management System (ISMS) that meets the ISO standard for "The provision of a full range of legal services to businesses, the public sector, individuals and families" from our offices in Edinburgh and Glasgow. My role in the process was peripheral (but big thanks in particular go to our Operations Director and our IT Director). However, I fully intend to bask in the reflected glory of being one of the five members of our Information Security Forum whose key role was to secure the certification.
As a result, BSI certificate number BS 714926 is now proudly on display in our reception area, the culmination of over 18 months' hard work involving the drafting and dissemination of policies, and more importantly, embedding them in our business practices so that everyone in Morton Fraser 'does information security'. It's not about having a quality control function that goes around after the event and 'retrofits' information security before anything leaves the building. BSI is about "making excellence a habit", and having the certification means that Morton Fraser aims to have information security built in to everything it does, at all stages in the process of handling information, and in whatever format we have it.
So what does this all mean for our clients? It means that we strive constantly to use best practice to maintain the confidentiality, integrity and availability of information entrusted to us. As a law firm, our people spend their entire working lives keeping information confidential. It's second nature. Our clients' data is guarded as if it were the Crown Jewels anyway, but having ISO/IEC 27001 in place gives our teams the best possible systems and resources to keep the Crown Jewels in the Tower of London (or rather our Edinburgh and Glasgow offices).