Based in Edinburgh and Glasgow, Morton Fraser Lawyers is a leading independent Scottish law firm ranked among the country’s top ten. In 2018, Business Insider named the firm ‘Scotland’s SME of the Year’, and it also featured in the ‘UK’s Top 100 Companies to Work For’. Clarity defines how Morton Fraser works, the service it delivers, and the confidence it gives clients in their legal outcomes and data security.

Challenge: Strengthening data protection through ISO 27001 implementation

As digital connectivity grew and cyber threats increased, Morton Fraser recognised the need to reinforce its information security framework. The firm wanted to assess how well its existing controls protected confidential data and align its systems with ISO 27001 standards. In December 2017, Morton Fraser engaged Resillion to review its security posture and develop a plan for ISO 27001 implementation.

Our approach: Establishing a clear path to ISO 27001 implementation

We conducted a business impact assessment to identify Morton Fraser’s critical information assets and determine the required levels of protection. Our gap analysis compared current security controls against ISO 27001 standards and we performed a detailed risk assessment to evaluate their effectiveness.

Using the results, we developed a tailored roadmap for ISO 27001 implementation. This included defining the scope of the Information Security Management System (ISMS), outlining key policies and procedures and establishing the framework for risk management and continual improvement. Morton Fraser then began integrating the ISMS across its operations, guided by our assessment findings and implementation plan.

Results: Achieving ISO 27001 certification and a robust security framework

Morton Fraser completed the ISO 27001 implementation process and successfully achieved certification. The new ISMS gave the firm a structured, standardised approach to managing information security and ensuring ongoing compliance with ISO 27001 requirements.