CNS Group case study: Bird & Bird
CNS worked with Bird & Bird to set up ISO27001 project and the project office. Provided a structure for the Governance Regime, as well as completing the necessary risk assessments and policies in order to achieve ISO27001 accreditation in 18 Months.
A long term partnership that has helped Bird and Bird set-up their own Information Security Management System and perform their own security and risk assessments. This has resulted in ISO27001 certification and will result in on-going ISO27001 Compliance.
Bird and Bird LLP is an award winning international law firm with head-quarters based in central London. The firm is 180 years old and now has offices in 23 countries worldwide and clients based in 118 countries. As technology allowed innovations and ideas to travel more quickly, the need to protect the ideas and innovations of its clients encouraged the firm to expand its international capabilities.
“We have worked with CNS for several years and they are currently helping us with our ISMS programme. This is a long term initiative with one of the aims being to certify our firm against ISO27001.
We chose CNS for a number of reasons, primarily for the knowledge and experience the consultants bring, particularly of information security implementations. The consultants engage capably at all levels of the firm, particularly with the board and senior management.
They listen carefully to our needs, and bring insight framed in the language and culture of our own business, which is invaluable for stakeholder engagement. This approach has led to the absolute success of our programme, and we look forward to continuing this partnership for years to come."
Information Security Manager, Bird & Bird.
It is this globalisation of the firm’s practice, along with increased requirements from clients to ensure the security of the information they hold, that has led Bird & Bird to focus on Information Security. The initial challenge was to gain the buy-in of the executive board in order to support the initiative, which had originally been driven from the IT department. CNS were able to assist this process and were in fact asked to present on the subject to the executive board. With the backing of the executive, CNS have completed all tasks within the required timescales and budget to help Bird & Bird achieve ISO27001 in 2014.
CNS has created a new anti-phishing 24/7 service to respond to Metro Bank’s aim. Rather than putting an automated, but ineffective, process in place,
After an 18 Month program Bird & Bird were certified against the ISO27001 standard in 2014. CNS worked with Bird & Bird in setting up the project and the project office, provided a structure for the Governance Regime, as well as completing the necessary risk assessments. Both the London and German offices were certified. CNS continue to work with the client to roll out the ISMS across the remaining offices.
In addition to the ISO27001, CNS consultants also advise Bird and Bird on specific BAU security issues. These include technical testing, response to new threats and vulnerabilities, as well as security considerations for new systems.