Client information security and data protection
In December 2025, Buddle Findlay achieved ISO/IEC 27001 certification across the entire firm. This internationally recognised standard for information security management systems demonstrates our commitment to protecting client information and maintaining the highest standards of data security.
What this means for you
ISO/IEC 27001 certification provides independent verification that we have implemented robust systems to protect your confidential information. Your data is managed according to internationally recognised best practices, with systematic risk management processes in place to identify and address potential security threats.
Our certification demonstrates our commitment to:
- Protecting your sensitive information: Safeguarding personal records and sensitive data to prevent breaches and unauthorised access
- Risk-based security management: Using a systematic approach to identify and mitigate potential threats to your information
- Regulatory compliance: Ensuring compliance with relevant data protection legislation and staying current with evolving legal requirements
- Reducing security breaches: Lowering the likelihood of information security incidents through comprehensive policies and ongoing staff training
- Consistent standards: Maintaining firm-wide commitment to information security across all our offices and practice areas, ensuring consistent protection regardless of which team you work with
About ISO/IEC 27001
ISO/IEC 27001 is the global standard for information security management systems (ISMS). It provides a structured framework to safeguard data and manage information security effectively for organisations of all sizes.
Achieving this certification requires organisations to implement a comprehensive approach to managing information security risks, including conducting thorough risk assessments, implementing appropriate security controls, documenting policies and procedures, and establishing processes for regular monitoring and review.
Independent auditors verify that all requirements of the standard are met before certification is granted. The certification requires ongoing surveillance audits to ensure continued compliance, demonstrating our sustained commitment to protecting your information.
Our ongoing commitment
Our certification reflects our ongoing investment in systems, processes, and training to ensure that information security remains a priority across the firm. We are dedicated to continuously improving our approach to protecting the information you entrust to us.
