ISO 27001: Hygiene Expectation or Competitive Differentiator for Law Firms?

a colourful umbrella representing standing out in the crowd of information security

Legal firms like other businesses understand threats are growing around the security of information. By their nature they also have a good understanding about risk.  So there should be little doubt that achieving an accreditation such as ISO 27001:2013 gives those firms an opportunity to demonstrate to customers and prospects they take the subject seriously.  

But is ISO 27001 a hygiene expectation for doing business in the legal services arena or is it a competitive differentiator?  The answer is probably ‘yes’ to both!

Switched on customers and interested parties are increasingly expecting their supply chain to meet higher levels of confidence. Achieving accreditation offers that independently (although clearly you want to trust your lawyer too) I think we will see it as a hygiene expectation grow quickly over time.  And indeed the figures reinforce that with UK certificates issues showing a 15% increase over last year for all businesses.

However not all customers know what to expect, and regulation or legislation may not force parties to act.  So until then it’s fair to say that for those who have achieved the standard are ahead of the game and have a differentiator (ceteris paribus).

For example Shook, Hardy & Bacon already uses certification as a competitive differentiator as described in a recent CIO article:

“When we do pitches to clients, it’s something we mention because it’s a differentiator. It’s a competitive advantage right now.”

John Anderson, CIO at Shook, Hardy & Bacon

As certification amongst law firms becomes more commonplace and customer expectations grow it will be a hygiene expectation. An ongoing commitment to the continuous development of the ISMS will then be key to keep up, let alone stay ahead. For now, those that do invest can be confident they are differentiating. Fundamentally this is about protecting and maximising both their firms interests and those of the clients. After all, isn’t that the purpose of the lawyer – client relationship! is committed to making the achievement of ISO 27001:2013 accreditation easier and raising the bar for better more sustainable ways of working in this field.  We are helping to revolutionise information security management and make it more mainstream, affordable and embedded into the work of the organisation.

If you would like to know more about how can help you achieve ISO 27001:2013 or improve the management of your ISMS, please contact us on 01273 704 500 or visit our website at