•  •  Dark Mode

Your Interests & Preferences

I am a...

law firm lawyer
in-house company lawyer
litigation lawyer
law student
aspiring student

Website Look & Feel

 •  •  Dark Mode
Blog Layout

Save preferences
An estimated 3-minute read

ANA becomes 2nd Law Firm in India to achieve ISO 9001:2008 & 27001:2013

 Email  Facebook  Tweet  Linked-in


Recently Abhay Nevagi & Associates, Advocates (hence ANA) has become the only the Second law firm in India to become ISO certified for Quality Management Systems (9001:2008) and Information Securities Management Systems (27001:2013). Initially everyone was circumspect. As the ISO processes unfolded we saw that this rigorous journey was justified, it bound us into a more effective unit and one by one everyone was on board.

ISO 9001:2008

ISO 9001:2008 is a Quality Management System usually seen in the Manufacturing Sector. We as a Law Firm had to tailor make our guiding manual applicable to the needs of a Law Firm. Everything from analysing, de-coding to homologation of the QMS guidelines were carried out by an internally appointed team. Interestingly, in our voyage towards ISO certification we realised we were already complying with all ISO processes using logic and need of the hour amendments. This helped us transition a lot quicker than envisaged. What ISO primarily did was put us through a rigorous documentation process. Our entire filing and library system went through a revamp. Computer filing system is properly segregated. Key Responsible Areas and Key Performance Indicators were identified. Drafts were standardised reducing inadvertent discrepancies. Client communication and feedback was channelized and made more effective all of this facilitating accessibility to information. 

As we progressed through the ISO process we collectively and individually realised we were able to give appropriate direction to any matter that came to our door. Everyone in the office is aware the flow of all QMS. Now the office boy knows that every file needs to be entered into the inward register consequently numbered and appropriately filed as per subject matter. The reception executive knows which clients email needs to be forwarded to which advocate so on and so forth.

ISO 27001:2013

An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.

Our sister concern Stickman & Nevagi Cyber Forensic Investigation Services Pvt. Ltd., an Information Security Company which is already ISO 27001:2013 certified, guided us through the whole process.

Law firms have high concentrations of confidential information spanning hundreds or thousands of clients. An Advocate-client relationship is a bonafide one. Section 43 A of the Information Technology Act, 2000 provides for adoption of “Reasonable Security Practices & Procedures” for protection of “Sensitive Personal Data & Information. As per Information Technology Rules 2011 framed u/s 43 A (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information), adoption of ISO 27001 displays compliance of requirements u/s 43 A.

We also wanted to ensure that the Certifying agency carried out a detailed audit and left no stones unturned. Our search ended at Bureau Veritas, created in 1828, a global leader in Testing, Inspection and Certification (TIC), delivering high quality services to help clients meet the growing challenges of quality, safety, environmental protection and social responsibility.

Bureau Veritas subjected ANA to an exhaustive audit of every facet of its operations, processes, client management, feedback mechanism, information security infrastructure. All staff and advocates were interviewed; all internal processes and procedures were reviewed.

The attainment of these certifications is significant not only for the Firm, but also for the company’s clientele. They offer a continued assurance of internal awareness among advocates in ANA & staff in regards to the policies and procedures for services to clients and for the security of the information it holds. Such a level of transparency is beneficial in following manner - a.) enhanced risk identification and remediation measures and capability of quickly executing an efficient recovery plan in case of disaster , and b.) it ensures sound performance of client projects and complete security of client data. Maintaining the certifications encourages constant endeavor to improve company’s processes and policies, which is, again, beneficial for ANA as well as its clientele.

Click to show 1 comment
at your own risk
By reading the comments you agree that they are the (often anonymous) personal views and opinions of readers, which may be biased and unreliable, and for which Legally India therefore has no liability. If you believe a comment is inappropriate, please click 'Report to LI' below the comment and we will review it as soon as practicable.