The Client
Burness Paull LLP (Burness Paull) is one of Scotland’s leading commercial law firms, acting for clients in the private and public sectors. The 500-strong, 59 partner firm works with clients across Scotland, the UK and globally in the key sectors of Corporate Scotland, Property and Infrastructure, Finance and Oil and Gas, from three offices in Glasgow, Edinburgh and Aberdeen.
The Challenge
Burness Paull‘s vision is to be the leading Scottish law firm in the world. Aligned to this it seeks to optimise its IT systems to ensure peak performance and optimum security.
Billy Kirkwood, IT director at Burness Paull, feels that in an increasingly connected world, security for businesses such as his is becoming an ever more sophisticated challenge, and so the firm’s response to these threats must evolve to keep pace.
He emphasised the growth of the issue in recent years: “The security of our clients’ data is absolutely critical. Cybersecurity is no longer a challenge limited to back office, but a general business challenge across the sector.”
Burness Paull’s clients are also conscious of potential threats to cybersecurity and as such seek reassurances that their data will be safe during any engagement with the firm. This is consistent with increasing regulation aimed at ensuring companies who handle customer data demonstrate a high level of cybersecurity risk management through process.
When Burness Paull launched a company-wide IT project, the firm knew it was imperative to find an independent expert advisor to analyse the venture from a cybersecurity perspective, in order to deal with any potential challenges. Commissum’s local presence, high levels of accreditation and excellent account management system contributed to its suitability for the task.
All work, including tests on Burness Paull’s IT network, was to be completed during normal working hours. It was critical that disruption to the firm’s everyday operations was kept to an absolute minimum, whilst ensuring comprehensive testing took place.

- All testing conducted without disruption during regular office hours
- Simple, high-impact changes recommended following initial work
- User-friendly feedback reports allowed speedy, precise remediation
- Excellent account management allowed work to take place without admin interference