Lexcel and Cyber Essentials
If you are involved with Law it is likely your practice is either accredited to Lexcel or you may have heard about this accreditation, but do you know what it actually is and why you should achieve Cyber Essentials?
What is Lexcel?
Lexcel is an accreditation which has been created by the Law Society, its main aims are to help legal practices demonstrate and work towards a quality mark for practice management and client care. The framework has been designed to help practices and legal departments develop consistent operational efficiencies and client services, help to manage risk effectively, reduce costs and promote profitability within the business.
The framework has been designed with flexibility in mind, it has been designed to ensure that any law practice can implement it according to their requirements. The framework is based upon 7 core areas:
- Structure and strategy
- Financial management
- Information management
- People management
- Risk management
- Client care
- File and case management
What is Cyber Essentials?
The Cyber Essentials scheme is a government backed cyber security based certification, the certification is based upon a set of five security controls which, when correctly deployed, will provide you with a level of protection from the most common cyber security threats. These controls apply to a defined scope, which could be part or all of your company, depending upon your needs.
The five security controls are:
- Secure Configuration
- Access Control
- Malware Protection
- Patch Management
The Cyber Essentials scheme is mandated for any government tenders and is recommended to have in place to demonstrate your commitment to protecting information. Implementing the five controls within the Cyber Essentials framework will help you protect against 80% of online cyber threats.
Why should you look at achieving Cyber Essentials?
Achieving the Cyber Essentials certification is recommended no matter what industry your business is in, however with the introduction of Lexcel version 6.1, the Law Society has incorporated the Cyber Essentials certification as a recommendation.
Under Lexcel, it states that law practices must have information management and security policies in place and regularly reviewed. If your law practice is accredited against Lexcel, but not Cyber Essentials, you may in some circumstances be asked why you have not achieved Cyber Essentials.
Cyber attackers are ever increasing and law firms have been found to be right in the middle of this due to the nature of confidential information they hold. By achieving Cyber Essentials, it will demonstrate that you are thinking seriously about protecting the data that you hold and that you have implemented government recommended security controls.
This can also help work towards being compliant with the Data Protection Act 2018 and the GDPR as you can demonstrate that security controls are being put in place under Cyber Essentials.
How to achieve certification?
Achieving Cyber Essentials is straight forward, simply contact us here at TeraByte and we can talk through your requirements, once everything has been agreed, we’ll need 5 pieces of information to get you setup on the online self-assessment portal and you are ready to go.
Once the online portal has been setup, you will have access to all the questions, simply work through these and once complete, submit the questions. Our Cyber Essentials assessor will mark the questions and, if everything is ok, you’ll be issued a certification. If there are any issues, our assessor will get back to you with remediation advice.
Want to know more about Cyber Essentials? Contact us at: [email protected] for more information.