From November 2018 Cyber Essentials will be a requirement for Law society members signed up to the popular Lexcel Standard
Cyber Essentials lets everyone know that you take Cyber Security seriously and have measures in place to keep their information secure.
As an IASME Licensed Certification Body ACS offers fixed fee packages of consultancy, audit and certification for organisations seeking to secure Cyber Essentials and Cyber Essentials Plus security standards.
Practices must have an information management and security policy and should be accredited against Cyber Essentials. The policy must incorporate the following controls:
- a register of relevant information assets of both the practice and clients
- procedures for the protection and security of the information assets
- procedures for the retention and disposal of information
- the use of firewalls
- procedures for the secure configuration of network devices
- procedures to manage user accounts
- procedures to detect and remove malicious software
- a register of all software used by the practice
- training for personnel on information security
- a plan for the updating and monitoring of software.
Get the minimum requirement with Cyber Essentials
Basic Cyber Essentials certification involves a self-assessment, where your organisation completes a questionnaire confirming and detailing the measures that are in place regarding cyber security. Your self-assessment questionnaire will be verified by a certification body to determine whether or not the standard has been achieved. If successful, your firm will be awarded with Cyber Essentials certification to comply with Lexcel v6.1.
It pays to get it right first time. ACS will get you ready
The basic level of Cyber Essentials certification starts at £300 for a straight forward certification assessment involving verification of a self-assessment. If any issues are identified during the verification, your firm will have two days to correct these before having to submit a new self-assessment, upon which a further £300 will be payable, and so on. Only someone familiar with the scheme should consider taking it on themselves.
Go the extra mile with Cyber Essentials Plus
Be one of the select few firms in the UK to achieve Cyber Essentials PLUS accreditation with ACS
Cyber Essentials at its basic level is well known to be achievable as a self-assessment, and often less weight with commercial clients. If your firm mostly operates with private clients, this may not be a concern. However, if your firm has a significant number of clients in the commercial sector, you should consider Cyber Essentials Plus. Whilst essentially the same standard, to obtain the plus certificate your firm will need to be independently tested to ensure the technical controls are adequately enforced.
ACS technical experts understand the complexity of the requirements. We can meet the assessors needs with minimum cost in a timely way.
Cyber Essentials Plus will incur a greater cost due to the need for on-site testing. The time and cost will depend on the complexity and size of your firm, the number of offices and whether you require consultancy or support with implementation. Cyber Essentials Plus also requires completing the self-assessment questionnaire, however a Cyber Essentials Assessor from the Certification Body will also visit your law firm to carry out on-site testing of your organisation’s cyber security measures.
Call us: 0844 481 5786
Whatever level you choose, your certification will be valid for one year, after which the process must be repeated. ACS will keep you compliant.
Cyber Essentials is a UK Government backed standard. The scheme guards against the most common Cyber Security threats:
- Firewalls and internet gateways
- Secure configuration
- Access control, e.g. passwords and access levels
- Malware and virus protection
- Patch management – e.g. ensuring that the latest supported software versions are in use