Case Study
Pogust Goodhead – ISO 27001
Pogust Goodhead
Pogust Goodhead is one of the world’s leading law firms in its practice areas, providing access to justice for victims of wrongdoing by large corporations. As pioneers in large-group environmental and human rights litigation, their objective is to improve the lives of millions of people worldwide. During a time of rapid growth and with a strong commitment to the highest levels of information security, mitigating the risk of data breaches and enhancing client trust, achieving ISO 27001 Certification has been a key goal for Pogust Goodhead, making them a leading litigation law firm in implementing such rigorous security protections.
Challenge
Pogust Goodhead faced a significant challenge in handling sensitive data and ensuring compliance across multiple jurisdictions. The absence of information security standards in the legal industry presented a significant challenge, but also an opportunity for Pogust Goodhead to establish themselves as leaders in information security within the sector. ISO 27001 certification was seen as the solution to address this gap, providing a gold standard for data protection and instilling trust among clients.
Approach
Pogust Goodhead’s Information Security Team pursued ISO 27001 Certification through a meticulous and comprehensive process, starting with the establishment of a robust and comprehensive Information Security Management System (ISMS). They implemented a series of risk management strategies to provide clients with reassurance regarding data security.
To support, control and monitor technology and data in the business, they implemented three products and services: ThreatLocker, Darktrace and CyberArmedSecurity. These solutions provided innovative cyber security protection, detection capabilities and monitoring of threats from the dark web.
Once the ISMS, products and services were implemented and established, the team at Pogust Goodhead reached out to a number of Certification Bodies to gauge their approach to certification, with an ambitious target of achieving ISO 27001 Certification within a short timescale, and engaged with Certification Europe to begin the certification process. Throughout the certification process, the Pogust Goodhead team maintained a close collaboration with Certification Europe, engaging in monthly meetings to plan the necessary assessment requirements to achieve ISO 27001 certification. The collaboration with Certification Europe provided expert Assessors to assess Pogust Goodhead’s security practices, which demonstrates their commitment to meeting the stringent ISO 27001 standards. Certification Europe not only fulfilled their commitments but also provided an exceptional service, exceeding all expectations in terms of timing, professionalism and expertise.
Outcome
Being awarded ISO 27001 Certification in March 2023 was a proud achievement for Pogust Goodhead. This accomplishment, after two years of dedicated preparation, demonstrates their excellence in Information Security. As a leading litigation law firm in achieving ISO 27001 certification, their zero major/minor result signifies their dedication to protecting client data. Alongside their technological case-management solutions, Pogust Goodhead leads the way in implementing rigorous and trusted information security protections within the UK litigation industry.
Furthermore, the certification process led to significant improvements in security across all areas of the business. Implemented measures include single sign-on with passwordless solutions, biometric login on all devices and AI-based monitoring of systems using Darktrace. The Information Security Team follows up on unusual user behaviour detected by AI alerts, providing an additional layer of human verification. These improvements, coupled with impressive statistics such as processing 20Tb of network and endpoint traffic and securing 741 devices using ThreatLocker, showcase Pogust Goodhead’s commitment to maintaining a secure environment.
Pogust Goodhead’s journey to ISO 27001 Certification was a smooth and successful one, with Certification Europe delivering exceptional service and meeting all expectations. The certification not only strengthened their understanding and management of information security but also facilitated passing due diligence requirements with ease. Pogust Goodhead appreciates the confidence that Certification Europe instilled in their team and looks forward to rolling out the high standard globally. Based on their positive experience, they confidently recommend Certification Europe’s services to potential clients considering ISO Certification.
When it comes to Certification Europe, I can confidently say they delivered exactly what they committed to. They fulfilled their promises, and this level of reliability is commendable. As a company, we worked incredibly hard to create a high standard Information Security Management System for our Head Office. Because of the work with Certification Europe and the confidence their team have given our team at Pogust Goodhead, we look forward to rolling this standard out globally.
We would be confident in recommending Certification Europe’s services to any potential client considering ISO Certification.
Chris Porton
Chief Information Security Officer, Pogust Goodhead
Would you like to speak to our team?
We’d love to hear from you and answer any questions you may have regarding our services.
