Case Study: Legal Ombudsman improves information security and client confidence with BSI ISO/IEC 27001 certification

Implementing Best Practice and Improving Client Confidence With ISO/IEC 27001

Legal Ombudsman, the public complaints body for legal services in England and Wales, needed stronger information security awareness, a clearer way to demonstrate due diligence and compliance, and an assurance framework aligned with global best practice. Working with BSI, it pursued ISO/IEC 27001 information security management certification to help protect sensitive client information and reassure users that their data was being handled securely.

BSI supported Legal Ombudsman through scoping, risk assessment, policy updates, staff awareness training, and independent stage 1 and 2 audits for ISO/IEC 27001 certification. The result was improved client confidence, better understanding and management of information security risks, stronger internal processes, and enhanced brand reputation. The programme was completed in eight months and established an ongoing audit cycle with BSI to support continual compliance and improvement.

Legal Ombudsman

Ian Waterhouse

Information Security Programme Manager