Peer to Peer Magazine

Winter 2015

The quarterly publication of the International Legal Technology Association

Issue link:

Contents of this Issue


Page 24 of 71

PEER TO PEER: THE QUARTERLY MAGA ZINE OF ILTA 26 CASE STUDIES What prompted your firm to pursue the ISO certification? We wanted a methodology and a framework that ensures we're using best practices for information security. We also wanted third party-verification that proved our commitment to information security. What were the most difficult parts of the process? The hardest part was finding a way to balance the internal time commitments of developing all the policies and procedures and the day-to-day responsibilities of everyone involved in the project. It took about 18 months to complete the project, which is a typical timeframe for most firms. How has the firm created value with this certification? We now have a strong set of policies and procedures that provide clear direction for information security for the entire firm. Everyone in the firm is aware of our information security requirements thanks to a robust training and awareness program. Our clients and other external parties know we are committed to keeping their data secure. And the certification serves as proof for auditors and regulatory agencies that we have appropriate security measures in place. How did the CIO 100 award win validate the certification and the work you put into it? Winning this award was very gratifying because winners were selected by a team of external judges and editors at CIO magazine. They picked us because of the business value the certification provides to our firm. The fact that we received an award from a non-legal source made it especially gratifying. Why should law firms seek certification now? This and other certifications are becoming more important and will probably be required by clients and regulatory agencies in the future. Getting started on them sooner rather than later could be a very good idea. Award-Winning ISO Certification Shook, Hardy & Bacon was named a CIO 100 honoree by CIO magazine. The award recognizes innovative companies using IT to create business value, and Shook was selected based on the firm's work to obtain ISO 27001 certification. John Anderson, Shook's Chief Information Officer, gives us a brief look at the project. John Anderson John Anderson is the Chief Information Officer at Shook, Hardy & Bacon L.L.P. He has worked in leadership positions within the information technology field for more than three decades and has been at Shook since 2002. His experience includes oversight of strategic planning, budgeting, data center architecture, programming, user support, litigation support, records management, library services, knowledge management, information governance, disaster recovery, vendor management and staff development. John is on the executive committee of the KU School of Business Advisory Council and is a frequent guest lecturer at the school. Contact him at

Articles in this issue

Links on this page

Archives of this issue

view archives of Peer to Peer Magazine - Winter 2015