Ten Old Square – Our Cyber Security Protocols
Our Cyber security protocols enable the effective implementation of protective digital privacy measures to prevent any unauthorized access to our computers, mobile devices, databases and to our website.
Our Chambers’ data security and privacy measures are aligned to effectively implement client data privacy protections.
We take the security of the data we control and process very seriously and we have the following measures in place to ensure that the data we are entrusted with is kept safe and secure.
Ten Old Square achieved “Cyber Essentials” accreditation in 2001 from the National Cyber Security Centre and, since then, we have migrated all our administrative, client and casefile data onto the industry-leading, cloud based Microsoft Azure platform with enterprise-level security and protection.
We do not maintain any hardware or servers on Chambers’ premises (or remotely) to store any Chambers’ data or client data.
We “stress-test” our domain (@tenoldsquare.com) and our email systems to pinpoint any vulnerabilities.
Our principal IT provider, Advanced Legal, have ISO 27001 accreditation and only supply National Cyber Security Centre compliant services.
Access to email is also within the Azure environment. All Chambers’ email (i.e. mail to/from @tenoldsquare.com) is protected by Mimecast, the leading email security firm with multiple (global) security accreditations including ISO 27001.
We currently use Dropbox “case collaboration” to store and access any client data that’s provided to us by our professional clients. All Chambers’ Dropbox data is stored on servers held at Dropbox’s EU Data Centre.
Barristers can only access data held on the client-specific casefiles assigned to them by the Clerks using multi-factor authentication. The Clerks have exclusive access and control over general Chambers’ data. The Senior Clerk, Keith Plowman, is our Data Protection Manager.
The Clerks’ devices in Chambers (and remotely) are protected by the managed (Endpoint) anti-virus/anti-malware service provided by Sophos.
UK GDPR and Cyber Security Training
Every member of Chambers is offered annual UK GDPR-training and certification as well as annual Cyber Security training. An online register of all UK GDPR-certified barristers is available here.
All our staff are Cyber Security and UK GDPR-trained and tested and certified annually.
We use the Bar Council-approved Briefed training programs and the entire workforce has access to Briefed’s advisors and online UK GDPR toolkit in the event of data breaches and security threats.
Barristers are data controllers, Chambers is the data processor (and data controller for internal management purposes) and our staff are employees of the data processor.
Chambers has extensive data protection policies, plans and registries in place which are regularly reviewed, maintained and implemented.
Full details of these can be provided upon written request to the Senior Clerk or by email to email@example.com. Access to this information will be provided by the Senior Clerk at his discretion based on his assessment of need.
Any questions that you may have regarding our data security measures should be directed to our Senior Clerk.