Choosing A Suitable Cyber Certification Pathway

Choosing A Suitable Cyber Certification Pathway

I’m sure you will all be familiar with Lexcel. The popular Law Society accreditation that is widely adopted by law firms. Lexcel is an accreditation that is widely respected as it helps create strong frameworks within practicing law firms.

The new version of the Lexcel standard (‘v6.1’) became mandatory for all assessments taking place from 1 November 2018. Within this version firms are recommended to implement the Government backed Cyber Essentials certification.

Cyber Essentials helps your law firm guard itself against the most common cyber threats and demonstrate your commitment to cyber security. Its infamous badge can be displayed on your email signature and on your website. Considered as the starting point for a good cyber security programme, it is particularly suitable for businesses with no existing Cyber Security certifications or for those who don’t have huge amounts of time or resource to dedicate to security.

However, how do you know whether Cyber Essentials is appropriate for your business? There are actually a few cyber and data accreditation routes out there that are worth considering depending on your firm’s size and infrastructure. Let’s take a look at these…

Firstly, you’ve got Cyber Essentials Plus. This is a step up from Cyber Essentials. It covers the same controls but this time is independently verified by a site visit from an expert assessor in comparison to the online self-assessment form of Cyber Essentials. You will achieve certification should you pass a thorough inspection of online devices through a detailed network vulnerability scan. Typically, this should be more appropriate for medium to large sized law firms with multiple offices and more complex infrastructures.

Next up is IASME Governance. The IASME Governance standard was developed over a number of years during a project funded by government to produce a cyber security standard which would be an affordable and reachable alternative to the international standard, ISO27001. This is everything in Cyber Essentials, plus some key additions.

These additions are a data protection 2018 readiness assessment and an evaluation of risk assessment and security risk management processes. It is perceived as a light version of ISO27001 and is appropriate for firms wanting to take the journey towards IS027001 who want a recognised stepping stone.

Alternatively, this also works well for firms who don’t have the resource for ISO27001 but who want to certify their technical and non-technical information management processes. The accreditation also comes with £25,000 worth of Cyber Insurance.

Lastly but by no means least is ISO27001. Most appropriate for large regional or city-based law firms, ISO27001 is seen as the gold standard of Information Security and is globally recognised. If, as a firm, you are keen to demonstrate that information security is richly embedded into your business processes and that it is taken seriously at all levels, not just IT, then ISO27001 is the appropriate step for you to take in the long run.

If currently you don’t have any accreditations in place, then starting your journey with IASME Governance is a good place to start in terms of achieving your long-term objective. CISO’s may also look at ISO27001 as a way to effectively demonstrate their role to the board.

The way you’re perceived with IS027001 across the B2B sector changes, it portrays you as a business  that is well prepared, IT focused and has strong and robust processes in place.

As the legal sector continues to undergo rapid changes with regards to technology and infrastructure, the value of accreditations will rise. In the next few years we may see banks asking for specific accreditations in order for you to join their panel. Technology contracts may stipulate these as a requirement and customers will begin to familiarise themselves with the picture they paint of your organisation.

Of course, there’s no getting away from cybercrime with some sort of magic ingredient however choosing the right accreditation puts you on a stronger footing.

Here at Lawyer Checker we are ISO27001 and Cyber Essentials Plus accredited so we can support your accreditation journey and help you understand which one is most appropriate for your business before certifying you. To talk us about accreditations please contact me on [email protected] or 01829 307540.

Lawyer Checker

Lawyer Checker announce survey results and Tech Hamper winners






Provider of market-leading risk management solutions to the legal sector.

Lawyer Checker is a leading provider of risk management solutions to the legal sector, offering a full inclusive suite of products and services which have one thing in common – they are all designed to protect and to promote your firm.

Our expert understanding of the legal sector means that we are in a unique position to ensure that your business is protected from the main threats without delay.

We are committed to being proactive when it comes to caring for our clients, and to getting them onto a platform where they are safer.

What does Lawyer Checker do?

Our suite of fraud prevention and cyber security products include:


Thirdfort is the latest in Lawyer Checker's innovative suite of products helping to defend law firms against the persistent threats lurking in the legal sector, by providing enhanced due diligence to source of funds and ID checks. It uses a mobile app to digitally confirm a client's identity by combining facial recognition technology with document scanning and open banking, enabling you to confidently “Know Your Customer." Find out more >

Account and Entity Screen (AES)

AES provides your firm with enhanced risk management when transferring funds by checking the accounts details of a solicitor you are sending funds to against our unique database. This ensures your client funds are sent to a legitimate bank account associated with the vendor’s conveyancing firm. Find out more >

Consumer Bank Account Checker (CBAC)

CBAC offers enhanced due diligence when remitting sales proceeds and balancing payments to consumers. It works by validating the source and destination of funds by checking the bank account details match your client’s personal details when sending or receiving client funds. Find out more >


A vital layer in protecting against email modification fraud, OnDMARC can actively block phishing attacks and obstruct 3rd parties impersonating your email domain to any recipient such as your clients, suppliers or employees. Email fraud is a law firm’s biggest risk. To avoid sensitive data being stolen through email impersonation fraud, safeguard your firm by implementing OnDMARC, otherwise anyone can send an email directly to your customers, suppliers or employees pretending to be you. Find out more >

Cyber Certifications

The National Centre for Cyber Security has identified the legal sector as a top target for cyber criminals. The sensitive data, large sums of money and important information that is held needs protecting to avoid severe damage to clients and your reputation.

Cyber Essentials

Cyber Essentials is a ‘must have’ certification for law firms which will protect your business, prevents data breaches and highlights to your customers, your regulators, the ICO and cyber criminals that you take cyber security seriously and shows you have taken the recommended steps to secure yourselves from potential threats. Getting Cyber Essentials certification for your firm is quick and easy, our in-house expert Cyber Essentials Assessors at Lawyer Checker (Part of Practical Vision Network) can conduct your online assessment and issue your certificate in less than 48hrs. For only £350 plus VAT it will give you peace of mind that you have shielded your law firm from cyber risk.

Cyber Essentials Plus

Our professional in-house assessors can issue official certificates to compliant firms for Cyber Essentials Plus, which is the next step up from Cyber Essentials. It covers the same controls but this time it is independently verified by a site visit from our expert assessor who will carry out a thorough inspection of online devices and web hosts through a detailed network vulnerability scan and certify your security arrangements to Cyber Essentials Plus level.

IASME Governance

Our expert in-house assessors can issue official certificates to compliant firms for IASME which includes Cyber Essentials certification along with a GDPR readiness assessment. It signifies to your customers and shareholders that you consider data protection a priority, and your desire to manage risk by demonstrating a high level of security. This certification is particularly suitable for businesses that are working towards ISO27001 and want a stepping stone, or for those that want to align to ISO27001 but perhaps don’t have the budget to go to a full certification.

ISO 27001

Our expert in-house consultants will help your firm prepare for ISO 27001 certification audits. It is internationally recognised as the most comprehensive and detailed accreditation to help embed a healthy security culture within your business. The consultation focuses on all business areas and not just the IT department. Our execution experts can work with you to implement ISO27001 in a way that works for your business and can provide as much or as little support as you need from project plans, document templates to full implementation. Our professional assessors can even help you to book and prepare for your certification audits.

To safeguard your business, use Lawyer Checker’s comprehensive products and services to arm you and your law firm with the right tools and information to be able to obtain the assurances you need to act in the best interests of your clients.

Key contacts:

Heidi Jenkins
Key Relationship Manager at the Practical Vision Network including Lawyer Checker, Solve Legal Marketing and The Move Exchange.
M: 0330 052 7588 E: [email protected]

Mark Siwiec
Business Development Manager (Cyber) at the Practical Vision Network including Lawyer Checker, Solve Legal Marketing and The Move Exchange.
M: 03300529150 E: [email protected]

Suite 4, Wright House, 67 High Street, Tarporley, Cheshire, CW6 0DP

Leave a Reply

Your email address will not be published.