Information Is the New Oil: Protect Your Investment
Trend 1 — Client-Driven Security
Requirements Clients are exerting increasing pressure on external suppliers, particularly law firms, to enhance their confidentiality management controls. In a growing number of cases, this includes limiting access to matter team membership. For law firms, this means panel selection questionnaires and RFPs with more stringent confidentiality requirements, and more time spent documenting their internal capabilities.
Some clients go so far as to include audit rights in their terms of business. These audits are not theoretical. One large U.S. law firm described client security concerns as "viral" and recently faced an audit by an international financial client. It took the firm over 200 hours to respond to 300 questions and host onsite visits across multiple office locations in several jurisdictions. This example is a common occurrence, and it highlights how the old-world response of pointing to professional rules and
standards is quickly being replaced with a client-driven "trust but verify" attitude to compliance.
Trend 2 — Law Firm Certification
(ISO 27001) In response to external demands, a number of firms are leveraging certification with the international information security standard ISO 27001. ISO 27001 is gaining momentum, with firms in New York and London even facing explicit certification mandates from government and financial services clients.
Adopting an independently certified security management
framework lets firms quickly respond to client concerns in a more cost- and resource-effective way. And firms are already using ISO certification as a competitive advantage to differentiate themselves from their peers.
Peer to Peer
67