866.254.0000
Talk with a Specialist
Services
SOC & Attestations
Payment Card Assessments
ISO Certifications
Privacy Assessments
Federal Assessments
Healthcare Assessments
Penetration Testing
Cybersecurity Assessments
Crypto and Digital Trust
Schellman Training
ESG & Sustainability
AI Services
View All Services
Industry Solutions
Cloud Computing & Data Centers Meet a broad range of regulatory and industry compliance mandates for your customers
Financial Services & Fintech Cybersecurity assessments for both the banking industry and the financial service providers
Healthcare Reporting to manage risk and adhere to applicable laws and regulations
Payment Card Processing Validate compliance with the various forms of the PCI DSS
US Government Achieve authorization to work for federal agencies, DoD, and the associated contractor base
Higher Education & Research Laboratories Reinforce your commitment to securing your student's and institution's data.
View All Industry Solutions
Learning Center
Our Technology
About Us
Leadership Team
Careers
Corporate Social Responsibility
Strategic Partnerships
Visit About Us
Services
Services
View All Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
View All Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
Learning Center
Our Technology
About Us
About Us
About Schellman
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships
Talk with a Specialist

Litigation Powerhouse Shook, Hardy, & Bacon

Establishes a Culture of Information Security with ISO 27001 Certification

  • Services: ISO 27001
  • Among the first U.S.-based law firms to receive an ISO 27001 certification, Shook, Hardy & Bacon has used it as a competitive advantage and has also been able to create an internal culture of information security.

Download the case study

Download the case study

For more than a century, the world’s leading companies have turned to Shook, Hardy & Bacon to protect their business investments and maximize growth opportunities both inside and outside the courtroom. 

  • Services: ISO 27001
  • Among the first U.S.-based law firms to receive an ISO 27001 certification, Shook, Hardy & Bacon has used it as a competitive advantage and has also been able to create an internal culture of information security.

Download the case study

Download the case study

One of the nation’s largest and most prestigious law firms, Shook, Hardy & Bacon deals with a variety of sensitive client data, and as a result, must have secure and compliant business practices. Attorneys and other legal professionals handle an abundance of client data, but many law firms aren’t equipped with the IT-focused staff needed to stay abreast of compliance issues, let alone put practices in place to ensure client and firm data is protected. The seventh most frequent target by cyber criminals—the legal industry—is facing increased pressure from clients to protect their information.

Shook, Hardy & Bacon wanted to be proactive and ensure it was protecting its clients’ information while following best practices for information security internally. To accomplish this, the firm established an information governance committee of more than a dozen members; it included the firm’s CIO, General Counsel, attorneys, additional IT team members and members of management. “The committee meets on a regular basis to talk about trends in the industry, trends in general, and what is happening inside of our firm,” explained John Anderson, CIO of Shook, Hardy & Bacon.

Securing Client Data with ISO 27001

Shook, Hardy & Bacon’s information governance committee wanted to have a framework and methodology in place to guarantee it was following best practices for information security throughout the firm. It also wanted to have third-party verification that proved its efforts to outside parties.

In 2013, one of the trends the committee had been eyeing was the ISO 27001 certification, which, according to Anderson, was a relatively new certification to have in the legal industry.

To get started, the firm worked with an independent security consultant to create a roadmap for the ISO 27001 certification. The security consultant then recommended the firm use Schellman & Company for its audit.

Quote
“It’s very important for our clients to know their information is properly safeguarded, and the ISO 27001 certification is a way for us to prove that we have strong information security practices that are verified by a third-party auditor.”

John Anderson | CIO | Shook, Hardy & Bacon

“Shook, Hardy & Bacon saw this as an opportunity for them to broadcast that it takes information security very seriously,” said Ryan Mackie, ISO Certification Practice Director at Schellman & Company.

In 2014, the Schellman & Company team came to Shook, Hardy, & Bacon’s Kansas City headquarters to conduct the first audit and returned a month later to conduct the final audit.

How Law Firms Benefit From an ISO 27001

Among the first U.S.-based law firms to receive an ISO 27001 certification, Shook, Hardy & Bacon has used it as a competitive advantage and has also been able to create an internal culture of information security.

“Everyone knows their responsibilities and obligations, and we conduct annual training and ongoing awareness to reinforce it,” Anderson said of the firm’s culture of information security. “Many of our clients tell us they appreciate our approach toward information security, and that our ISO 27001 certification is proof of our commitment.” 

Anderson continued: “We always had an information security awareness program that let everyone know what their responsibilities and obligations were, but after we developed the additional policies and procedures that are required for ISO 27001 certification, we were able to require everyone in the firm to read and acknowledge those policies. We also conduct annual training to reinforce the policies and obligations.” Shook, Hardy & Bacon’s commitment to information security is allowing the firm to blaze new trails in the legal industry, according to Mackie.

“They’re considered a trailblazer and we definitely applaud them,” said Mackie. “It’s a big effort for any organization to undertake, specifically one like a law firm, not to mention a law firm that didn’t have necessarily a direct customer requirement. It was a great experience because they see the value of compliance.”

Thanks to Schellman’s professionalism, Anderson sees the two companies continuing to work together. “They clearly understand security and were always prepared,” said Anderson. “They always treated us very respectfully, and we enjoyed working with them and look forward to working with them in the future.” Given the massive amounts of data law firms handle today, it’s only a matter of time before ISO 27001 will become commonplace in the legal industry, according to Mackie.

Quote
“For law firms considering ISO 27001, I don’t think there’s any better tool to have in their compliance stack than this one. ISO 27001 lets firms communicate to their customers that they’re serious about their data, where it’s stored and who has access to it.”
Ryan Mackie

Ryan Mackie | ISO Certification Practice Director | Schellman

Connect with a Schellman specialist.

We are a trusted provider to the world’s leading companies with a service delivery model which allows for optimum quality and client experience for organizations of every size and complexity.

Talk with a Specialist

4010 W Boy Scout Boulevard
Suite 600
Tampa, FL 33607

U.S. 1.866.254.0000

Outside the U.S.
1.813.288.8833

Resources
Company
Stay Up-to-Date

Sign up to receive Schellman's Weekly Ready delivered every Friday morning.

© SchellmanPrivacy PolicyTerms of Use

“Schellman” is the brand name under which Schellman & Company, LLC and Schellman Compliance, LLC provide professional services. Schellman & Company, LLC and Schellman Compliance, LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Schellman & Company, LLC is a licensed certified public accounting firm (Florida license number AD62941) registered with the Public Company Accounting Oversight Board (PCAOB) that provides attest services to its clients, and Schellman Compliance, LLC provides nonattest cybersecurity and compliance professional services to its clients. Schellman Compliance, LLC is not a licensed CPA firm. Schellman & Company, LLC and Schellman Compliance, LLC are independently owned and are not liable for the services provided by any other entity providing services under the Schellman brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Schellman & Company, LLC and Schellman Compliance, LLC.