Legal & Law Enforcement: Information Access Compliance

Check if you're compliant

A Guide to US and UK user security compliance for legal and law enforcement

Legal professionals have access to a broader array of sensitive information than any other sector. As, naturally, law can apply to virtually any area of our working and professional lives, those working in the legal profession can have access to anything from personal case data, to the finer points of a merger, through to volatile crime information.

This is why the legal sector has some of the most stringent regulations with regards to security, providing particularly granular requirements for those organisations under their jurisdiction. In the UK, the Law Society, the legal sector’s professional representative organisation, has set out Lexcel – as set of required security standards for the solicitors and law firms working under it. All legal organisations are also required to work within the Data Protection Act (DPA). In the US, any federal agency (i.e. police forces, courts) must comply with The Federal Information Security Management Act of 2002 (FISMA).

Within this guide, we’re looking at the specific requirements of these regulations. We’ve also included ISO 27001 and its more specific sub-requirement ISO 27002, as although it is not specific to law, its status as a global ‘gold standard’ for security across industries makes it well suited for an organisation in the law, which is pan-sector by nature. We’ve conducted research among works in the legal sector in the UK and US, to discover how compliant they are, and provided a compliance checklist to help you with your compliance strategy.


Research report

The report follows the narrative of a user’s employment from what happens when they start employment, through the granular details of network access on to changing roles or leaving an organization.

  • Executive summary

    A brief introduction to the compliance regulation sets; FISMA, ISO 27001, the Data Protection Act and Lexcel, and how the legal sector is meeting these requirements.

    Read now
  • On-boarding new employees

    The steps taken with new employees to protect the organization and its clients’ information.

    Show Research & Guidance
  • Security training, awareness and procedure

    Addressing the human side of security to protect legal and law enforcement agencies and their clients’ information.

    Show Research & Guidance
  • Network access security

    Technology’s role in taking user security further to mitigate the risk of any security breach.

    Show Research & Guidance
  • Information access and necessity

    Levels of access control and monitoring needed to maintain integrity of data and ensure that sensitive data does not fall into the wrong hands, intentionally or otherwise.

    Show Research & Guidance
  • Moving jobs or roles

    Requirements to address access rights as employees move or change roles.

    Show Research & Guidance