• An IASME Certification Body since 2014.
  • CREST and Cyber Scheme qualified testers.
  • Aligned to Lexcel, NCSC legal-sector guidance and client due diligence.
  • North East based. Delivered UK-wide.
What's forcing your hand

The client questionnaire you cannot afford to fail

The single most common trigger is a client. Before a corporate, a public body or a financial institution instructs you, they send a security questionnaire: do you hold Cyber Essentials, Cyber Essentials Plus or ISO 27001, do you enforce multi-factor authentication, do you test your backups, do you train your people, do you have an incident-response plan. Holding the right certification answers most of it in one line, and is often a panel or tender gate.

For law firms there is more. Lexcel requires a documented information-management and security policy and at least annual security training. The SRA expects you to identify, monitor and manage material risks, including cyber, and the NCSC publishes dedicated legal-sector guidance on the threats that hit firms hardest: phishing, business email compromise and ransomware.

And for some, it is now mandatory. From 1 October 2025, firms holding a Criminal Legal Aid contract must hold a valid Cyber Essentials certificate.

For accountants, the professional bodies expect proportionate technical controls under their codes of ethics. Cyber Essentials is the recognised way to evidence that you have them.

What we deliver

What we deliver for professional services

Cyber Essentials

Certified directly by us. The fastest credible answer to a client security questionnaire, and the baseline insurers increasingly expect.

Cyber Essentials Plus

Independently audited assurance for firms holding the most sensitive client data, certified directly.

Microsoft 365 hardening and monitoring

Most breaches in this sector start in email and identity. We harden and watch Entra, Defender and sign-ins.

Penetration testing

CREST and Cyber Scheme qualified testing of the systems and applications your clients ask about.

A clear path beyond CE

When a client wants more than Cyber Essentials, we map the step up to IASME Cyber Assurance or ISO 27001, proportionately.

Supply chain assurance

You sit in your clients' supply chain. We help you answer their due diligence with evidence, and apply the same scrutiny to your own suppliers.

Plain English, real protection

Most security vendors hand you a long report and an invoice. We prioritise by real risk, sit with your team to close the gaps, and give you the evidence that unblocks client work. As an IASME Certification Body since 2014, with in-house CREST and Cyber Scheme qualified testers, we certify, test and monitor under one roof, so your answers to a client are evidence, not guesswork.

Regional focus

The North East's professional quarter

Newcastle is the North East's professional-services and legal hub, with a dense base of law firms, accountancy practices and consultancies serving the wider region. For most of them, Cyber Essentials and Cyber Essentials Plus, rather than full ISO 27001, are the proportionate fit. We are the local certification body that delivers them.

  • Newcastle
  • Gateshead
  • Sunderland
  • Durham
  • Northumberland
  • Tees Valley
Questions

Professional services & legal FAQs

Why do law firms and accountants need Cyber Essentials?

Most often because a client asks. Security questionnaires and supply-chain due diligence now routinely ask whether you hold Cyber Essentials, Cyber Essentials Plus or ISO 27001. Holding the certification clears the questionnaire quickly and is frequently a panel or tender requirement. Insurers increasingly expect it too.

Is Cyber Essentials mandatory for law firms?

For most firms it is strongly expected rather than legally required. But from 1 October 2025, firms holding a Criminal Legal Aid contract must hold a valid Cyber Essentials certificate.

What does Lexcel require for information security?

Lexcel requires a documented information-management and security policy covering your information assets, risk assessment, business continuity and incident response, plus information-security training at least annually. We help you put the technical controls behind the policy.

What is the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials is a verified self-assessment. Cyber Essentials Plus adds an independent, hands-on technical audit of your live systems. Plus is the stronger signal for firms holding sensitive client data.

Do you work with accountancy firms?

Yes. The professional bodies expect proportionate technical and organisational controls. Cyber Essentials and Cyber Essentials Plus are the recognised way to evidence them, and to answer client and HMRC-agent expectations.

We are a Newcastle firm. Do you work locally?

Yes. We are North East based and certify firms across the region and the wider UK, on site or fully remotely.

Win the work. Keep the trust.