News

Law firm gains British standard for IT quality

Cliff Saran

Law firm Irwin Mitchell has completed an 18-month project to attain BS7799 accreditation, enabling it to demonstrate compliance and quality throughout its IT department.

Irwin Mitchell works with insurance companies. A key driver for accreditation was the need to provide these partners with evidence of its data security policy.

Richard Hodkinson, IT and operations director at Irwin Mitchell, said, "We were being asked to produce reams of paper to provide evidence on data security. It is easier to say we are BS7799-accredited."

To achieve the certification, Irwin Mitchell had to adopt 127 controls specified under BS7799, covering areas such as data back-up, perimeter defence and a policy stating how patches should be applied. "You have to prove categorically that you can protect confidential information," said Hodkinson.

The standard covers non-IT issues such as having a clear-desk policy and the physical security of the building and server room.

Rather than let IT staff audit themselves, Hodkinson set up a team of four non-IT staff to manage BS7799 compliance. "The compliance team manages the audit and the IT teams produce the evidence," said Hodkinson.

To help with the auditing process, Hodkinson used the netSurity iQSM online auditing tool.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy