Who and what the questionnaire is designed for

This tool, designed in conjunction with the Law Society,  is intended for solicitors' firms to use to review the information technology systems maintained by chambers, and check if they are information security compliant.

Why we've developed a standardised tool

We worked with the Law Society to produce a single common, standardised questionnaire that firms can use.

This is because chambers often receive many different cybersecurity questionnaires from solicitors’ firms, asking chambers to confirm that they have all their necessary cybersecurity measures in place.

An agreed standardised solution eases the administrative burden on both the chambers responding to the questionnaire, and the law firms assessing those responses.

What has changed in version 2?

Following feedback from members and to reflect cybersecurity developments, we published version 2 of the questionnaire in May 2024. In version 2 we have added questions around disaster recovery, business continuity and incident management, as well as data and device management.

Given the importance of risk mitigation, in version 2, phishing, vulnerability, and penetration testing are now standalone questions. We have also added a section at the end of the questionnaire for additional disclosures, if necessary. New and updated questions are marked with an asterisk (*) in the questionnaire and more detail is provided in annex 1.

Alongside the updated questionnaire we have provided a new voluntary cyber and information security affirmation to define and agree the individual roles and responsibilities of barristers and instructing solicitors.

Why and how to use the questionnaire

The answers will reveal whether a chambers' data is stored securely, which helps any instructing law firms.

Solicitors' firms should use it when instructing chambers to understand how the chambers processes information, and it should be used by barristers and chambers professionals to ensure your chambers has taken all possible care in protecting its data. 

The questionnaire is in a fillable PDF format, it is best used on a desktop or laptop. 

The answers are confidential

The answers, which will remain confidential between the parties, are for information purposes only. They do not give rise to any contractual or tortious liability on the part of chambers or individual barristers.

How often should the answers be checked?

We recommend that the answers are checked every 6 months to ensure the questionnaire is up to date.

What is the cyber and information security affirmation?

Alongside version 2 of the questionnaire, we have published a new voluntary cyber and information security affirmation. The voluntary affirmation has been developed by the joint working group to be used by barristers and instructing solicitors to define and agree their specific individual roles and responsibilities.

The voluntary affirmation is not contractually or legally binding, but is a reminder of the importance of cybersecurity and information management.

Further reading and advice

Understand current cybersecurity threats, and implement best practice

As part of its mission to raise the cyber maturity and resilience of chambers, the National Cyber Security Centre has also produced a cyber threat report.

The report is for senior decision makers in the legal sector, and its purpose is to:

  • help chambers understand current cyber security threats
  • highlight the extent to which the legal sector is being targeted
  • encourage industry-wide adoption of cybersecurity best practice
  • offer practical guidance on how legal professionals can protect their practice 

This applies to sets of all sizes and practice, from sole practitioners operating from an approved entity, to chambers with hundreds of practitioners and multiple national and international offices.