Skip to main content
A group of diverse people looking at a computer

Cyber Security Auditing for Law Firms


A PDA Legal cyber security audit will analyse key controls that support the protection of your information and data, from the harm of breaches and other threats.

Cyber Security Audits Benefit Your Organisation’s Information Security and Data Protection Integrity.

PDA’s audits provide an in-depth, plain language report, setting out; aspects requiring improvement, feedback on policies and procedures, and practical guidance. Many of our clients request a cyber security audit ahead of a formal ISO or Cyber Essentials assessment.

Our Cyber Security Audits Cover Your Documented Controls For:

  • Arrow Icon

    Risk Management Reviews: Assessment of your organisation’s current information security and data protection risks and processes. This includes ensuring that your organisation has an adequate risk register that takes into account information security and data protection risk, with regular reviews taking place.

  • Arrow Icon

    Training: Identifying where regular training has taken place within your organisation, that training is appropriate to the roles and is evaluated, and identifing any areas where additional cyber-security training could is required or could be advantageous.

  • Firewalls and boundary controls: Checking if all devices on your network are protected by a suitable firewall or equivalent network control. This must include blocking inbound connections where appropriate.

  • Arrow Icon

    Secure network configuration: Checking of security activity of the organisation’s computer systems and devices, and that it has suitable processes, policies and safeguards in place in relation to removable media.

  • Arrow Icon

    Safeguarding against malware: Ensuring your organisation is up-to-date with malware protection on all devices that use its network.

  • Managing software patches: Reviewing your process with regards to ensuring all software patches are reviewed regularly and applied in a timely manner to minimise any vulnerabilities.

  • Arrow Icon

    Map of personal data: Reviewing your systems and controls in relation to managing personal data, including ensuring that you have a clear understanding of what data you hold, for what basis, who has access to it, where it is stored and for how long it is retained.

  • Arrow Icon

    File sharing: Your organisation must have working controls for the application of encryption, document vaults or other systems for the secure transfer of files and information. This includes controls for use on your network of removable media such as USB devices, flash drives, and DVDs

  • Arrow Icon

    Control of user access: The controls and procedures you have in place for adding, changing or removing user accounts and any associated information.

  • Arrow Icon

    Use of internet, email and messaging services: Your policies with regards to acceptable use of email, internet and messaging services. We also review your policies with regards to spam/junk handling, and email related rules with regards to thread length and data retention timeframes.

  • Arrow Icon

    Home working and remote working: All remote and home workers must have up-to-date security training, with controls in place to use their devices safely at home.

  • Arrow Icon

    Business continuity: Maintaining a continuity plan that recognises the different kinds of threat where information/data security is affected.

  • Arrow Icon

    Threat management: Implementing a documented mechanism or system for reporting on threats and attacks for pre and post attack.

  • Arrow Icon

    Breaches and breach registers: Recording information on security breaches and near misses in your organisation.

Our Cyber Security Audit Process:


Typically, our cyber security audits take place in two stages, both of which are conducted on a transparent, scheduled, fixed fee basis which provides you with peace of mind that you know how much you need to budget for and what to expect from us at each step.

Step 1 - Desktop Review & Gap Analysis Report

Our clients have told us time and again that our audit reports are the most detailed, but easy to digest, that they have ever received.

We start by reviewing your documented controls and records that support cyber security controls and provide you with a written Gap Analysis Report.

We don’t simply peruse your cyber security policy; we examine a host of supporting documents and records as well, including;

  • Arrow Icon

    Any cyber security risk assessments you might have previously conducted

  • Arrow Icon

    The policy for staff training on cyber security

  • Arrow Icon

    Staff training records

  • Arrow Icon

    Reporting and monitoring procedures

  • Arrow Icon

    Senior management and DPO reports on cyber controls

  • Arrow Icon

    Software and permitted apps registers

  • Arrow Icon

    Registers of personal data

Step 2 - Onsite Visit and Audit

After the desktop review has been completed, we usually follow up with a visit to your offices to examine the controls in action.

We then add our findings to the Gap Analysis Report to provide you with a written narrative as to where your practice stands with its cyber security controls and next steps to resolve the gaps. The list of aspects that we examine is long and thorough, and includes;

  • Arrow Icon

    Conducting file reviews to examine the conduct of cyber security controls in the ‘real world’

  • Arrow Icon

    Taking stock of the office premises, to consider physical factors that impact upon information/data security

  • Arrow Icon

    Examination of the training records and training programme that supports cyber security controls

  • Arrow Icon

    Examination of the risk register

  • Arrow Icon

    Examination of the register of breaches, near misses and the regular reviews of risk data

  • Arrow Icon

    Reviewing historical cyber security findings/trends

  • Arrow Icon

    Meeting with staff to understand their perspective and to test their application and experience of controls

  • Arrow Icon

    Meeting with supervisors, Heads of Department, and others in responsible roles

Pricing


We strive to provide you with unparalleled value through services that are bespoke to your practice.

Our pricing is competitive and transparent. And, it’s tailored according to the scope of the work that that we do for you.

Wherever possible, we conduct work on a fixed fee basis.

Join our free Best Practice Group and save:

Members of our free-to-join Best Practice Group receive a substantial discount on all of our services.

Once the audit has been completed, we can also support you with resolving any issues through our cyber security consultancy services, and training.

Additional Auditing Support


In addition to cyber security audits, we can also provide auditing for other related areas such as:
leaf Icon Learn More
leaf Icon Learn More
leaf Icon Learn More
leaf Icon Learn More
leaf Iconv

Why Work With PDA Legal?

The PDA Legal Team:

  • Arrow icon

    Is proud to have over 25 years experience in the legal sector

  • Arrow icon

    Has supported over 500 legal organisations

  • Arrow icon

    Conducts all discussions with you in strict confidence

  • Arrow icon

    Operates, wherever possible, on a fixed price model and project scheduling

  • Arrow icon

    Offers a free, no obligation initial consultation

Get in touch for a free no obligation quote today
  • Law Society Lexcel Assessor. Legal Practice Quality Mark.
  • Cyber Essentials  logo
  • Information Commissioner's Office logo
  • ISO logo
  • Legal Aid Agency logo
  • Solicitors Regulation Authority