Law firm gains British standard for IT quality


Law firm gains British standard for IT quality

Cliff Saran

Law firm Irwin Mitchell has completed an 18-month project to attain BS7799 accreditation, enabling it to demonstrate compliance and quality throughout its IT department.

Irwin Mitchell works with insurance companies. A key driver for accreditation was the need to provide these partners with evidence of its data security policy.

Richard Hodkinson, IT and operations director at Irwin Mitchell, said, "We were being asked to produce reams of paper to provide evidence on data security. It is easier to say we are BS7799-accredited."

To achieve the certification, Irwin Mitchell had to adopt 127 controls specified under BS7799, covering areas such as data back-up, perimeter defence and a policy stating how patches should be applied. "You have to prove categorically that you can protect confidential information," said Hodkinson.

The standard covers non-IT issues such as having a clear-desk policy and the physical security of the building and server room.

Rather than let IT staff audit themselves, Hodkinson set up a team of four non-IT staff to manage BS7799 compliance. "The compliance team manages the audit and the IT teams produce the evidence," said Hodkinson.

To help with the auditing process, Hodkinson used the netSurity iQSM online auditing tool.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy