Lexcel Compliance
Lexcel Compliance
Secure, Comply, Certify is our unique three-step approach to achieving certification to Lexcel. Whilst many consultants will help you to implement the standard, ours go one step further by working with you to implement cyber security first, which strengthens your compliance to Lexcel.
As a large part of Lexcel is centred around data protection and client confidentiality your framework should include cyber security measures to assess the external threats which could compromise the security of your information. We have established relationships with consultants and certification bodies to implement Secure, Comply, Certify – a 360 degree approach to information security.
About Lexcel
Throughout the Lexcel practice management standard there are references to security of systems and confidentiality of client data. In order to successfully achieve this certification, legal firms are required to demonstrate that their assets are secure from external threats by undertaking regular penetration testing.
Our Lexcel consultants can help you to identify the physical risks to your assets from a potential cyber threat whilst advising you on the relevant sections of the Lexcel standard. Using the results from a penetration test, we can strengthen your information security policies and procedures, and provide a full assessment of the external environment.
We can work with a variety of organisations to implement changes required to ensure GDPR compliance. Here is an example of how we work together to help you.
- Strategic Plans
2.4 – Practices will have a business continuity plan, which must include
- An evaluation of potential risks and the likelihood of their impact.
- Ways to reduce, avoid and transfer the risks.
- A procedure to test the plan annually in order to verify that it would be effective in the event of a business interruption.
- Information Management
4.1 – Practices will have an information management policy which must include:
- The identification of relevant information assets of both the practice and clients.
- The risk to these assets, their likelihood and the impact.
- Procedures for the protection and security of the information assets.
- A procedure for training personnel.
4.2 – Practices will have an email policy, which must include:
- Procedures for the management and security of emails.
4.3 – If the practice has a website, the practice must have a website management policy which must include:
- Procedures for the management of its security.
4.5 – Practices will have a social media policy, which must include:
- The scope of permitted and prohibited content.
- Risk Management
6.1 – Practices must designate one overall risk manager to be able to identify and deal with all risk issues.
- Client care
7.1 – Practices will have a policy for client care, including:
- Protecting client confidentiality.
- File and Case Management
8.5 – Practices will have a procedure to:
- Safeguard the confidentiality of matter files and all other client information.
Our straightforward three-step framework
In order to address each of the above points, our certified consultants take you through a straightforward three-step framework which focuses firmly on security, compliance and certification.
By guiding you through this framework, we can ensure that you not only have the technology foundation in place to meet with the requirements for Lexcel, but also that information security within your practice extends beyond technology to encompass your people, culture, processes and physical environment so as to keep it resilient – even in the event of a breach.
Comply Services
GDPR – the General Data Protection Regulation
Hill Dickinson, The Compliance Foundation and Xyone Cyber Security have joined forces to offer the complete solution to the challenges that GDPR presents across governance and structure, process and policy, and technology.
ISO 27001 – Information Security Management System (ISMS)
We can help you comply to ISO 27001, a standard which involves the information security procedures of all your business’ or firm’s areas. This includes the ways you communicate with clients, to how your information security policy is put into action by all personnel.
ISO 27032 - Cyber Security
Part of the ISO 27000 framework, ISO 27032 sets guidelines for keeping your security, assets and at-risk areas safe. Our expert information security consultants will take you from beginning-to-end in aligning your staff, procedures and policies with ISO 27032:2012’s aims, with a proposal and outline sent to you prior to our work beginning.
ISO 27301 – Business Continuity
Secure, Comply, Certify is Xyone’s unique three-step approach to achieving certification to ISO22301, 27001 and 27032.
Our model goes one step further to implement cyber security, which strengthens your compliance.
Our model goes one step further to implement cyber security, which strengthens your compliance.
Lexcel – Legal Sector Practice Management Standard
Secure, Comply, Certify is our unique three-step approach to achieving certification to Lexcel. Whilst many consultants will help you to implement the standard, ours go one step further by working with you to implement cyber security first, which strengthens your compliance to Lexcel.
PCI DSS – Payment Card Industry Data Security Standard
If your business or firm takes payments from credit cards, you’ll need to be compliant in how and what data you handle. Xyone offer our own expertise, alongside relationships with consultants and auditors to ensure that you meet current security and compliance standards for PCIDSS.
“
Credit Style have been using Xyone Cyber Security now for over 2 years. During this time Credit Style and Xyone have formed a close and trusting relationship due to their prompt, helpful and friendly service. Over this period Xyone have carried out numerous projects, from External, Internal and Web Penetration testing to carrying out the testing for Credit Style to become Cyber Essentials Plus certified, most recently carrying out External Infrastructure Penetration Testing.
Xyone have, on every occasion, operated in a very professional manner, whether dealing over the phone, or when Assessors are visiting our premises and find their staff trained to a high level with clear expertise in the Cyber Security field.
Credit Style look forward to continuing our relationship with Xyone over the coming years and appreciate the knowledge and peace of mind that they provide via their expertise and service.
Credit Style would happily recommend Xyone and their services to any other company that require help, advice or service within Cyber Security.
Richard J Martin
Director Credit Style Ltd
“
Having worked with Xyone for some time now, I have found them to be extremely professional and courteous whilst maintaining a friendly and approachable side. The integration of the Mitigate into our organisation was very straightforward and hassle-free. The admin aspect of the system is easy to navigate and maintain and the reporting gives enough detail without being too complicated. The training platform itself is user-friendly and although the training goes into a lot of detail, the examples are current and based on real life situations. The support guys are very supportive and always happy to help. I can highly recommend Xyone.
“
Cyber Security awareness is essential to stop employees from causing serious security incidents, we must also be aware of the regulatory requirements in place to protect client data.
Mitigate, developed by Xyone Cyber Security, the Cyber Security Policy Awareness Training Suite, is the perfect tool for this with clear policies and e-learning training and assessments.
The portal is very user friendly and can be easily implemented and rolled out to staff. It is simple to use saving time and ensures training our staff is cost effective. The Mitigate training suite ensures that we can manage the risk and build company resilience.
“
As our employee numbers and workload increased, we were finding it difficult to schedule time to run training sessions and keep track of who had / hadn’t been trained on important matters such as cyber security. Mitigate was the answer we were looking for. A simple to use training tool with built in tests is perfect for our fast-moving business. We can keep track of training to date and schedule re-testing ensuring we are always organised and compliant. Mitigate also has the scope to allow for other areas of the business to be covered, such as Anti Money laundering and Human Resource modules (i.e. induction) which keeps everything neat and tidy under one piece of software. Software updates are received on a regular basis and you are always listened to if you have a software suggestion. I would definitely recommend Mitigate for your business
“
The Cutover team really enjoy working through the Mitigate training modules. The training portal helps our employees focus on specific security topics and reduce the overall company risk profile. Great work, I look forward to seeing more new content and features.
“
Xyone attended at our offices to present a training session on cyber security. It was attended by people at different levels, from support staff to management level and also from different departments including IT, risk, marketing and HR. It is fair to say that everyone present gained something from the session. It was well presented, interesting and extremely thought provoking. Xyone demonstrated their knowledge and credibility in this area whilst not being patronising or, at the other end of the scale, using language which was too technical. The content was extremely useful not just in terms of professional life, but also in terms of personal awareness of cyber security issues.
Stephensons Solicitors LLP
“
After realising the weaknesses of our internal system security, AEV decided to instigate Cyber Security training from Xyone to allow all staff members with computer access to understand their responsibilities when it comes to terminal and online security. All these employees were trained through group, 3 hour sessions over the period of a day. The training was informative, enjoyable, interactive and extremely helpful. Feed-back was positive and all said that it was enlightening and very useful, not just for their work lives but also for their personal online security.
“
Xyone delivered their excellent Cyber Awareness training session to our Business Heads group. They took what can be quite a dull and uninteresting topic, and presented it in such an engaging and thought provoking manner that the whole group were able to take something away from it, regardless of how much was previously known around the subject. Showing that cyber security isn’t just a job for the IT function to deal with, but something that the whole firm has to take responsibility for has certainly helped me in pushing the security message out across all staff.
Sackers
“
We found the services of Xyone Cyber Security excellent and very easy to deal with, we would highly recommend them for any cyber security requirements.
The whole process from sending us a reminder to assessing our questionnaire to issuing the certificate was very efficient throughout.
Coach Direct
“
Xyone, and Jacek particularly have done a great job in helping us achieve Cyber Essentials Plus. The assessment itself was pain free and good humoured as Jacek wandered around checking if people had post-it notes stuck to their screens with passwords on. Sensible and proportionate recommendations were made and those have now been implemented.
Clarion
GET IN TOUCH
Request a Quote
Complete the contact form and a member of the team will be in touch to discuss your security requirements.
- info@xyone.co.uk
- +44 (0) 333 323 3981
- Offices in Lancaster, London and Manchester, UK
