Secure, Comply, Certify is our unique three-step approach to achieving certification to Lexcel. Whilst many consultants will help you to implement the standard, ours go one step further by working with you to implement cyber security first, which strengthens your compliance to Lexcel.
As a large part of Lexcel is centred around data protection and client confidentiality your framework should include cyber security measures to assess the external threats which could compromise the security of your information. We have established relationships with consultants and certification bodies to implement Secure, Comply, Certify - a 360 degree approach to information security.
Throughout the Lexcel practice management standard there are references to security of systems and confidentiality of client data. In order to successfully achieve this certification, legal firms are required to demonstrate that their assets are secure from external threats by undertaking regular penetration testing.
Our Lexcel consultants can help you to identify the physical risks to your assets from a potential cyber threat whilst advising you on the relevant sections of the Lexcel standard. Using the results from a penetration test, we can strengthen your information security policies and procedures, and provide a full assessment of the external environment.
Below are the specific points from the Lexcel standard which have an influence on cyber security policy:
2.4 – Practices will have a business continuity plan, which must include:
An evaluation of potential risks and the likelihood of their impact.
Ways to reduce, avoid and transfer the risks.
A procedure to test the plan annually in order to verify that it would be effective in the event of a business interruption.
4.1 – Practices will have an information management policy which must include:
The identification of relevant information assets of both the practice and clients.
The risk to these assets, their likelihood and the impact.
Procedures for the protection and security of the information assets.
A procedure for training personnel.
4.2 – Practices will have an email policy, which must include:
Procedures for the management and security of emails.
4.3 – If the practice has a website, the practice must have a website management policy which must include:
Procedures for the management of its security.
4.5 – Practices will have a social media policy, which must include:
The scope of permitted and prohibited content.
6.1 – Practices must designate one overall risk manager to be able to identify and deal with all risk issues.
7.1 – Practices will have a policy for client care, including:
Protecting client confidentiality.
File and Case Management
8.5 - Practices will have a procedure to:
Safeguard the confidentiality of matter files and all other client information.
In order to address each of the above points, our certified consultants take you through a straightforward three-step framework which focuses firmly on security, compliance and certification.
By guiding you through this framework, we can ensure that you not only have the technology foundation in place to meet with the requirements for Lexcel, but also that information security within your practice extends beyond technology to encompass your people, culture, processes and physical environment so as to keep it resilient –even in the event of a breach.
Contact us today to discuss your Lexcel-related requirements.
We provide a comprehensive range of penetration testing, certification, information security consultancy and managed services for SMEs, public sector organisations and larger corporates looking to protect their business and enhance overall security of their IT systems.
Our specialists will help you identify and manage risks around your various data assets to give you, your employees and your customers much greater peace of mind.Hover over each section to find out more