AU & NZ
SG
MY
US
IE
Legal Cloud hosting
6 Questions to Ask your Cyber Security Provider
When bringing on board new practice management software partners, or any new technology partners, there are many cyber security-related questions we’d highly recommend law firms should ask. You cannot delve too deeply into a new suppliers’ cyber security credentials.
As we keep reiterating throughout this blog, these measures probably apply to law firms more than most other business, purely because of the highly sensitive nature of the information they hold on behalf of clients. This, coupled with high levels of cybercrime affecting the profession today, probably makes information security one of the most important aspects of any law firm check-list when signing up with a new IT / software partner.
Below you will find the top 6 security questions every law firm should ask any prospective software or IT services provider.
1. How secure is their datacentre for SaaS?
For firms going with a cloud solution can your supplier prove they operate their SaaS solution (i.e. for cloud hosting) within an ISO 27001 certified datacentre? ISO 27001 is the international standard that stipulates best practice for an information security management system.
2. How seriously does the prospective supplier take information security?
Can your supplier prove THEY themselves are also ISO 27001 certified? Certification to ISO 27001 demonstrates that an organisation is following robust information security best practices. Some suppliers say they have ISO 27001 certification when in fact it is only specifically their third-party datacentre that has it. For belt and braces information security management your supplier themselves should have it too.
3. Ask for a penetration test report
Can your supplier present a recent penetration test report? Penetration testing (often referred to as pen testing) is the practice of testing a computer system, network or web application in order to find any vulnerabilities that could be exploited by a cybercriminal.
4. Can you see an audit trail?
Do you have access to an audit trail within your practice management software? i.e. are you able to see if users are accessing areas they shouldn’t?
5. Ask about security patching
Can your supplier demonstrate a robust security patching process within their SaaS infrastructure? i.e. for keeping up-to-date with Microsoft database security standards?
6. Ask about cyber essentials accreditation
Can your supplier prove they are Cyber Essentials accredited? Cyber Essentials is a government-backed cyber security certification scheme that sets out a good baseline of cyber security for organisations. The scheme is designed to prevent cyber-attacks.
Book a Free Cyber Security Audit and discover how we can help your firm!
Blog Spotlight: Cyber Security
Read our latest blogs on all things IT security covering key industry questions and trends.
See latest new
Cloud computing for law firms: A practical checklist for 2026
Creating a digital conveyancing process to align with customer expectations
How to get the most out of the AML Independent Audit
Legal Compliance Update
SME Law Firms Strengthen Cyber Resilience and Client Trust with Enterprise-Grade Protection from Access Managed Services
AML Updates for the Legal Sector
Is your firm's policy management creating compliance risks you can't afford to ignore?
How are law firms really faring on the mental health front?
Data Protection for Law Firms: Expert Insights from Judith Ratcliffe
Access Managed Services Achieves Record-Breaking MSP 501 Rankings and Earns Spot on MSP of the Year Shortlist