+44 (0)207 208 2900

info@depinna.co.uk

How De Pinna Notaries responds to ever-increasing data security threats

ISO Document Management

In 2016 De Pinna decided to put in place an information security management system (ISMS) to safeguard the assets and information we hold. ISO/IEC 27001 is one of the world’s best-known standard that specifies the requirements for an ISMS. An ISMS is a framework of policies, processes and procedures that helps to protect the confidentiality, availability and integrity of a company’s assets, which includes information, service, application, infrastructure and people.

With cyber-crime on the rise and new threats constantly emerging, it is important to be risk-aware and have systems in place to proactively identify and address weaknesses. 

According to Verizon’s 2023 Data Breach Investigations Report:

  • 83% of breaches came from external actors.
  • 74% of breaches involved a human element, including social engineering (the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purpose), errors and misuse.
  • 50% of all social engineering incidents in 2022 used pretexting – an invented scenario that tricks someone into giving up information or committing an act that may result in a breach.
  • 24% of all breaches involved ransomware.
  • 49% of breaches by external actors involved use of stolen credentials, while phishing made up 12% of attacks.

An ISMS that is ISO/IEC 27001 certified can assist in addressing the above issues and benefits an organisation by:

  • Ensuring that assets and information entrusted by our clients remain confidential and available as needed.
  • Reducing vulnerability to the growing threat of cyber-attacks.
  • Improving structure and focus.
  • Responding to evolving security risks.
  • Reducing human errors.
  • Saving time through efficient and tested processes.
  • Addressing security flaws.
  • Improving security awareness.

In 2016 our ISMS received the ISO/IEC 27001 accreditation. Over the last seven years to date De Pinna has undergone annual in-depth audits carried out by external auditors. On each occasion we have had to demonstrate that any security weaknesses previously highlighted have been addressed and that our ISMS has improved. As a result, we can now reassure our clients and prospective clients that we have established an ISMS which is robust and well tested.

“Our ISO/IEC 27001 certification (probably unique amongst specialist notary practices) demands that De Pinna focus constantly on maintaining and improving our information technology and security techniques, by implementing, communicating and pro-actively monitoring internationally recognised best practice information security controls. Ensuring document and data security and confidentiality is a strategic commitment from the management team. Day-to-day compliance is now routine for all employees and an integral part of the business.” (Phillip Journeaux, Partner)

Some examples of best practice within our ISMS are:

  • Personal carriage of documents to the Foreign & Commonwealth Development Office and consulates by our own vetted employees.
  • Internal procedures and operations internally audited and adapted to ensure compliance with internationally recognised best practice.
  • Employee workshops and forums to constantly evaluate and improve our ISMS.
  • Encryption of emails and documents via transit, process and at rest.
  • Rigid access controls to all areas of our offices.

“Engagement from partners and employees to adopt the disciplines that are essential to a successful ISMS is the most difficult challenge – but we have managed that successfully!” (Ryan Moody, Partner)

De Pinna is proud to still be the only specialist firm of notaries in London to have achieved ISO/IEC 27001 Information Security Management certification. We are committed to continue improvement and development of our ISMS by implementing appropriate risk assessments, policies and control. De Pinna believes that security is not just about technology but must be a fundamental part of culture and business practice.

If you want to find out more about our journey to achieve and maintain ISO/IEC 27001, how it can help you and your clients, or even how what we have done might inform your own plans for introducing ISO/IEC 27001 or more effective data security in your team or your business – call us on +44 (0)207 208 2900 or email us at info@depinna.co.uk to find out what we can do for you.