Skip to Menu Skip to Search Contact Us UK Websites & Languages Skip to Content

When it comes to data protection, law firms are under more scrutiny than ever before. In order to minimize risk and ensure the security of stakeholder information, Burges Salmon worked with SGS to become one of the first companies in its sector to gain certification to ISO/IEC 27001, ISO 22301 and ISO 9001.

Burges Salmon Exceeds The Law Of Averages with SGS

Independent UK law firm, Burges Salmon, always leads by example and its focus on quality throughout all aspects of the business means that it is one of the UK’s leading law firms. With over 425 lawyers and a reputation for its modern and friendly approach, the firm has the size and depth of resources, combined with innovative approaches to client service, to ensure that it comprehensively meets its clients’ legal requirements.

Legal services

Maintaining high levels of service means that a great deal of attention must be paid to the safeguarding of client and organizational data, while at the same time allowing Burges Salmon to optimize and prioritize business processes and operational continuity.

Abi Williams, Head of Programme Management at Burges Salmon, explains: “As guardian of the firm’s governance framework, I ensure that all projects and programmes fit within our overall strategy. The introduction of the General Data Protection Regulations (GDPR), and the need to ensure compliance, led us to re-evaluate our current processes. Research by our Knowledge Management team around client requirements and emerging market practice made it clear that the most likely way to maximize our effectiveness in this area was to design an integrated management system (IMS) based on certification to ISO/IEC 27001, ISO 22301 and ISO 9001.”

ISO/IEC 27001 is the international standard for information security management. It provides a framework that enables organizations to identify information security risks, threats and vulnerabilities. It also ensures that client and third-party data is stored securely. Safeguarding personal data and intellectual property is key to demonstrating compliance with legal and regulatory requirements.

Meanwhile, the ISO 22301 business continuity management standard specifies the requirements that protect against, and reduce the likelihood of, disruptive incidents. This demonstrates to clients and regulators that the firm can continue to function, even under disruptive circumstances.

ISO 9001 is the world’s most established quality management framework. Burges Salmon recognizes that these three certifications, as part of an IMS, ensure a clear, reliable process for the management of quality in support of its legal service delivery.

Asked why ISO/IEC 27001 was considered the most suitable standard for its information security needs, Abi replies: “We want to give clients confidence that their data is protected and stored securely. Furthermore, we want to reduce the risk of financial penalties and reputational damage that could result from the loss of any personal information. Therefore, certification allows us to demonstrate our ongoing commitment to information security and data protection.”

Continued Improvement

Burges Salmon is no stranger to ISO certification, having been compliant with the ISO 14001 environmental management system (EMS) standard for many years. Recognizing its importance, it has always treated information security seriously and already had a number of robust governance and management systems in place to mitigate the likelihood of cyber-attacks, hacks, vandalism, terrorism, data leaks and theft.

In order to see how aligned its existing practices were to each other, a dedicated Burges Salmon project team led by Abi and Head of Knowledge Management, Carol Aldridge, worked with consultant, IT Governance, to identify how best to create an integrated management system. Following this process SGS was then commissioned to conduct a full audit and issue certification.

Abi comments: “Having worked extensively with IT Governance we were confident that we would meet the requirements of the standards; however, there was still an element of apprehension prior to the audit. There need not have been though, as the SGS auditors were friendly and engaged with relevant people from the firm to discuss various documents, talk about their experiences with the compliance process and clarify any issues. We knew that they would challenge us but that, ultimately, it would help us get to where we wanted to be.”

Looking to the future

“Achieving joint certification to three leading international management standards as part of an IMS is no mean feat and something that few companies in any sector have accomplished,” concludes Ray Woodford, UK Product Manager at SGS. “We are enjoying working with Burges Salmon and feel confident that its IMS will help the firm increase performance, improve employee engagement and ensure that clients are more than satisfied with its approach to information security management, business continuity and the overall quality of its operation.”

For more information, please contact:

Freddie Wright-Jones
Business Support
SGS United Kingdom Ltd
t: +44 (0)1276 697715

About SGS

SGS is the world's leading inspection, verification, testing and certification company. SGS is recognized as the global benchmark for quality and integrity. With more than 97,000 employees, SGS operates a network of over 2,600 offices and laboratories around the world.