Who and what the questionnaire is designed for
This tool, designed in conjunction with the Law Society, is intended for solicitors' firms to use to review the information technology systems maintained by chambers, and check if they are information security compliant.
Why we've developed a standardised tool
We worked with the Law Society to produce a single common, standardised questionnaire that firms can use.
This is because chambers often receive many different cyber security questionnaires from solicitors’ firms, asking chambers to confirm that they have all their necessary cyber security measures in place.
An agreed standardised solution eases the administrative burden on both the chambers responding to the questionnaire, and the law firms assessing those responses.
What has changed in version 2?
Following feedback from members and to reflect cyber security developments, we published version 2 of the questionnaire in May 2024. In version 2 we have added questions around disaster recovery, business continuity and incident management, as well as data and device management.
Given the importance of risk mitigation, in version 2, phishing, vulnerability, and penetration testing are now standalone questions. We have also added a section at the end of the questionnaire for additional disclosures, if necessary. New and updated questions are marked with an asterisk (*) in the questionnaire and more detail is provided in annex 1.
Alongside the updated questionnaire we have provided a new voluntary cyber and information security affirmation to define and agree the individual roles and responsibilities of barristers and instructing solicitors.
Why and how to use the questionnaire
The answers will reveal whether a chambers' data is stored securely, which helps any instructing law firms.
Solicitors' firms should use it when instructing chambers to understand how the chambers processes information, and it should be used by barristers and chambers professionals to ensure your chambers has taken all possible care in protecting its data.
The questionnaire is in a fillable PDF format and is best used on a desktop or laptop.
The answers are confidential
The answers, which will remain confidential between the parties, are for information purposes only. They do not give rise to any contractual or tortious liability on the part of chambers or individual barristers.
How often should the answers be checked?
We recommend that the answers are checked every 6 months to ensure the questionnaire is up to date.
What is the cyber and information security affirmation?
Alongside version 2 of the questionnaire, we have published a new voluntary cyber and information security affirmation. The voluntary affirmation has been developed by the joint working group to be used by barristers and instructing solicitors to define and agree their specific individual roles and responsibilities.
The voluntary affirmation is not contractually or legally binding, but is a reminder of the importance of cybersecurity and information management.
Further reading and advice
- Read: Your guide to the information security questionnaire (article)
- Read: How cybersecure is your chambers? (article)
- See the IT Panel on the Practice & Ethics Hub
- Training: Our on-demand course to understand and improve cybersecurity
Understand current cyber security threats, and implement best practice
As part of its mission to raise the cyber maturity and resilience of chambers, the National Cyber Security Centre has also produced a cyber threat report.
The report is for senior decision makers in the legal sector, and its purpose is to:
- help chambers understand current cyber security threats
- highlight the extent to which the legal sector is being targeted
- encourage industry-wide adoption of cyber security best practice
- offer practical guidance on how legal professionals can protect their practice
This applies to sets of all sizes and practice, from sole practitioners operating from an approved entity, to chambers with hundreds of practitioners and multiple national and international offices.