Xen Consultants

Xen Consultants

From November 2018 Cyber Essentials will be a requirement for Law society members signed up to the popular Lexcel Standard

Cyber Essentials lets everyone know that you take Cyber Security seriously. Therefore have measures in place to keep their information secure.

As an IASME Licensed Certification Body ACS offers fixed fee packages of consultancy, audit and certification. This is for organisations seeking to secure Cyber Essentials and Cyber Essentials Plus security standards.

Practices must have an information management and security policy. They should also be accredited against Cyber Essentials. The policy must incorporate the following controls:

  • a register of relevant information assets of both the practice and clients
  • procedures for the protection and security of the information assets
  • procedures for the retention and disposal of information
  • the use of firewalls
  • procedures for the secure configuration of network devices
  • Strategy to manage user accounts
  • procedures to detect and remove malicious software
  • a register of all software used by the practice
  • training for personnel on information security
  • a plan for the updating and monitoring of software.

Get the minimum requirement with Cyber Essentials

Basic Cyber Essentials certification involves a self-assessment. This is where your organisation completes a questionnaire confirming and detailing the measures in place regarding cyber security. Your self-assessment questionnaire will be verified by a certification body. This will determine whether or not the standard has been achieved. If successful, your firm will be awarded with Cyber Essentials certification to comply with Lexcel v6.1.

It pays to get it right first time. ACS will get you ready

The basic level of Cyber Essentials certification starts at £300, for a straight forward certification assessment. This also involves verification of a self-assessment. However, If any issues are identified during the verification, your firm will have two days to correct these. If the issues are not corrected you will have to submit a new self-assessment. Therefore, upon this a further £300 will be payable, and so on. As a result, someone familiar with the scheme should consider taking it on themselves.

Go the extra mile with Cyber Essentials Plus

Be one of the select few firms in the UK to achieve Cyber Essentials PLUS accreditation with ACS

Cyber Essentials at its basic level is known to be achievable as a self-assessment, and often less weight with commercial clients. If your firm mostly operates with private clients, this may not be a concern. However, if your firm has a significant number of clients in the commercial sector, you should consider Cyber Essentials Plus. Whilst essentially the same standard, to obtain the plus certificate your firm will need to be independently tested. This to ensure the technical controls are adequately enforced.

ACS technical experts understand the complexity of the requirements. We can meet the assessors needs with minimum cost in a timely way.

Cyber Essentials Plus will incur a greater cost due to the need for on-site testing. The time and cost will depend on the complexity and size of your firm. It also is depends on the number of offices and whether you require consultancy or support with implementation. Cyber Essentials Plus also requires completing the self-assessment questionnaire. However a Cyber Essentials Assessor from the Certification Body will also visit your law firm. This is to carry out on-site testing of your organisation’s cyber security measures.

Call us: 0844 481 5786

Whatever level you choose, your certification will be valid for one year, after which the process must be repeated. ACS will keep you compliant.

Cyber Essentials is a UK Government backed standard. The scheme guards against the most common Cyber Security threats:

  • Firewalls and internet gateways
  • Secure configuration
  • Access control, e.g. passwords and access levels
  • Malware and virus protection
  • Patch management – e.g. ensuring that the latest supported software versions are in use