Cyber Essentials is not a strict legal requirement for Lexcel or the Conveyancing Quality Scheme (CQS), but both expect your firm to have documented information security in place. Cyber Essentials, and ideally Cyber Essentials Plus, is the clearest, most cost-effective way to prove you meet that bar, reassure clients and keep insurers happy.
For most firms the real question isn’t whether the rules force you to certify, but whether you can afford not to when clients, panels and insurers increasingly ask for it. Here is how it fits together.
What Lexcel and CQS expect
Lexcel, the Law Society’s quality standard, requires documented information-security policies and risk management. CQS goes further for conveyancers, with specific expectations around identity verification and protecting client account details. Neither names Cyber Essentials by name, but both want evidence that you take security seriously and have controls that work.
Where Cyber Essentials fits
Cyber Essentials packages the core technical controls into an independently checked certification covering firewalls, secure configuration, security updates, access control and malware protection. Achieving it gives you ready-made evidence for your Lexcel and CQS assessments, and a clear baseline you can point clients and insurers to.
Cyber Essentials or Cyber Essentials Plus?
Cyber Essentials is a verified self-assessment. Cyber Essentials Plus adds a hands-on technical audit by a qualified assessor, giving stronger assurance. Many firms start with Cyber Essentials and move to Plus as larger clients, lenders or panels ask for it. If you act for corporate clients or sit on lender panels, Plus is increasingly the expectation.
The wider benefits
- Stronger protection against the phishing and fraud that target firms
- Easier, often cheaper, cyber insurance
- A clear answer to client due-diligence questions
- A foundation you can build on toward ISO 27001 later if needed
A real example: certification that won a contract
We helped a client become cyber security compliant to meet a customer’s requirements and win a large tender, which grew their business. For law firms, demonstrable certification is increasingly part of how you’re chosen, not just a box to tick.
Why law firms choose First Stop IT
As an NCSC Assured Service Provider and Cyber Advisor, First Stop IT helps firms achieve and maintain certification. Our own credentials include:
- Cyber Essentials Certified
- IASME Cyber Assurance (Gold)
- NCSC Assured Service Provider (Cyber Advisor for Cyber Essentials)
- Microsoft Partner
- Crown Commercial Service Supplier (G-Cloud)
- Quality Principles Certified
We look after more than 2,000 endpoints across 50 companies, we’ve been named a Top 50 UK MSP for three years running, and we support organisations with 10 to 100 employees across Essex, Hertfordshire and London, including Harlow and Bishop’s Stortford.
Book a free Cyber Essentials readiness review
Want certification to support your Lexcel or CQS accreditation? Book a free IT and cyber security review with First Stop IT and we’ll map the quickest route to Cyber Essentials.