Information Security & ISO 27001
Safeguarding client data in our custody
At Mourant we take information security extremely seriously. We are committed to continually improving our processes to ensure that they are as robust as possible and that we meet our obligations to safeguard the client data in our custody. We have made strategic investments in information security and, while no defences are infallible, we continue to focus on client data security enhancements as a priority. This is a strategic imperative for us.
According to a recent survey* cyber security, alongside compliance and data protection, is among the top three operational risk concerns for investment banks and private equity houses in the next 12 to 18 months. Over 90% of the Chief Compliance Officers who were questioned said that they have specific requirements of their advisers in relation to IT or Cyber Security.
The research also revealed that private equity and investment houses are beginning to measure themselves and their suppliers against other industry standards including, for example, the ISO 27001 standard for information security. The survey revealed that when tendering for new advisors the importance of compliance with industry standards is top of mind, with 71% of firms stating that demonstration of compliance with ISO 27001 is very important to them.
ISO 27001 Certification
Our approach to information security is clearly distinguished; we are the first firm in our market to achieve ISO 27001 certification. This follows a series of comprehensive audits carried out by LR, a UKAS accredited assessor. The international standard, which is seen as the pinnacle of information security management, requires the development and implementation of a rigorous Information Security Management System (ISMS) programme, that defines how we manage information security across our organisation and office locations. Compliance with this standard requires a holistic approach, taking into account the requirements for establishing, implementing, maintaining and improving information security management, supported by our people, processes and technology.
Our ISMS Team
The firm's ISMS programme and accreditation framework is managed by a dedicated Head of Information Security who focuses exclusively on data security.
The CISO reports directly to our Chief Information Officer who has a background in information security gained at one of the world's leading international law firms and a FTSE 100 listed oil and gas company. Together, they work closely with our Chief Risk & Compliance Officer on all aspects of data security.
Our ISMS Programme
Our ISMS programme is well established and rigorous. It includes on-going, firm-wide security training and technical security controls, the efficacy of which is regularly tested and verified by external auditors. Based on continuous process improvement principles, it combines a deep understanding of our obligations with focused expertise bound by leading-practice controls, audit and oversight. Internally we focus on a three pronged education and training programme, including awareness, behaviour and culture aspects. Externally we work in partnership with our clients to support their own data security requirements and enhancements.
If you would like more information on our ISMS programme, please get in touch via your usual Mourant contact.
*Survey carried out by independent research consultancy, Coleman Parkes, in November 2017