ISO 27001 Consultancy

With the assistance of Comunet, a highly credentialed Australian law firm successfully attained their ISO 27001 certification.

ISO 27001 Consultancy and Certification

In addition to the Executive Committee of a leading insurance sector Australian law firm with a nationwide presence recognising the importance of enhancing their overall cybersecurity position given the sensitive and highly confidential data they manage; several clients also required a higher level of cybersecurity within the firm’s third-party supply chain.

The firm recognised that ISO 27001 certification would provide many benefits, including:

~ The mitigation of many common information security risks.
~ Demonstration to clients that their data is being adequately and securely protected.
~ Strengthening client relationships.
~ Standing out amongst competitors.
~ Avoiding potentially catastrophic security breaches.

The Challenge

The Executive Team formulated a set of cybersecurity initiatives to begin the ISO 27001 process, and despite a sizeable in-house IT team, the organisation required additional capacity and skillsets to execute the ISO 27001 strategy effectively.

With both existing and potential clients seeking reassurance in relation to the firm’s data security policies and procedures, it was critical that the methodology and framework ensured best practices for information security.

Comunet, with a dedicated cyber security team specialising in ISO 27001, cyber engineering and security tooling, and advisory and analyst services, was approached to lead the certification process.

Already a long-term IT service provider to the firm, Comunet embraced the opportunity to collaborate with their client on this new initiative, and commenced by conducting a comprehensive gap analysis, and then devised a comprehensive plan for both policy and technical controls necessary to ensure the project’s success.

The Process

The law firm entrusted Comunet to improve, and enhance its existing cybersecurity infrastructure and practices, and, where necessary, integrate and implement new ones to ensure compliance with ISO 27001 standards.

The transformative journey began with Comunet commencing the ISO 27001 Statement of Applicability, before undertaking a comprehensive analysis of the firm’s cybersecurity risks.

In collaboration with the firm, Comunet then crafted a strategic roadmap, including the creation of new policies, processes, and registers which followed numerous workshops and regular meetings where emerging deliverables and critical risk factors were discussed, addressed, and actioned.

The Outcome

With the support and guidance of Comunet, the law firm was able to develop its ISO 27001 implementation plan and successfully achieve certification within 18 months.

Under Comunet's expert guidance, the firm established performance metrics to ensure the sustainability of its ISO 27001 certification; measuring the success of its cybersecurity strategy by monitoring and reviewing the following key performance indicators (KPIs), developed in conjunction with Comunet:

~ Obtaining ISO 27001 Certification successfully after the Stage 1 and 2 audits, which was achieved.
~ X number of security incidents per year.
~ X number of non-conformances and corrective actions raised per year.
~ Risk rate for phishing emails click through campaigns.
~ Completion of Cyber Security Awareness training.

The law firm maintains its relationship with Comunet, leveraging its expertise in cyber advisory and specialist technical services.

Comunet has now been engaged to support the law firm in the completion of a full cloud security review and Office 365 security review; reflecting the firm’s commitment to enhancing cybersecurity across all areas of its operations; contributing to the consistent maintenance and successful completion of annual ISO 27001 audits.

With Comunet's expertise in cybersecurity and as a consultant for ISO 27001 certification, our team can assist all organisations, no matter the industry, to ensure their operations are protected. To learn more, please contact us.