Information security is the central concern of all organisations that manage and work with knowledge. In the case of the legal profession, the risks of unavailability of the IT system in general, or piece in particular when you need to meet a court deadline, or the leak of confidential data in the context of a cyber-attack, or even by an insider, cause unforeseeable reputational damage. Cyber-attacks are a question of when and not if they will happen.

Data on reputation

Data leakage

Unavailability of data at critical times

While not aiming for ISO27001 certification, which is complex and expensive, ROOX has an approach to the standard, implementing the control and mitigation mechanisms set out in the middle.

Response to ISO27001

Investment in response to the objectives and financial capacity of the company

ROOX first diagnoses the current situation, which assigns a score calculated according to the existing risks. Afterwards, a proposal is made to improve this score so the company can decide on the risk it wants to take according to its financial investment objectives..

AS-IS Diagnosis

TO-BE Proposal

Medium/long term plan

No matter how many technologies are implemented, the main risk will always be on the people inside the organisation since their behaviour is the leading risk factor. Therefore, the first step is to follow ROOX's recommendations. We have security awareness training, besides access to a group of professionals with experience in implementing an ISO27001 certification process that can help your company to be more secure. Information security is not just about technology; it's about techniques.

ISO27001 implementation

Security awareness actions

Security training