IT support for solicitors and law firms.

SRA compliance, built into the infrastructure

The SRA Standards and Regulations set out clear duties on confidentiality, competence and client-money protection. Our job is to make those duties achievable day-to-day. That means MFA on every mailbox, Conditional Access on every device, audit logs retained for six years, and a documented process for anything that touches the Compliance Officer for Legal Practice.

Lexcel-ready documentation

Lexcel v6.1 expects written IT controls around access, data protection, business continuity and supplier management. We produce the supporting documentation as part of onboarding — asset register, access matrix, patching policy, backup policy and incident-response plan — in a format your Lexcel assessor will recognise.

Conveyancing email security and Friday afternoon fraud

Conveyancing is the single biggest fraud risk in a UK law firm. Completion-day payment diversions — "Friday afternoon fraud" — rely on compromised or spoofed mailboxes. We harden the email layer end-to-end.

• DMARC, DKIM and SPF configured and monitored — not just created and forgotten
• Defender for Office 365 with impersonation protection on partners and fee earners
• External-sender banners on every inbound email, with explicit flags on lookalike domains
• MFA enforced on every mailbox — no exceptions for "the partner who doesn't like it"
• A documented completion-day callback procedure, rolled into client care letters

Matter-level retention

Your matter retention schedule already says how long each file type must be kept. We translate that into technical enforcement — SharePoint retention labels per matter type, immutable backups that survive ransomware, and a clean deletion workflow when the period expires. No more files lingering in former employees' OneDrives.

AML document handling

Anti-money-laundering checks generate sensitive personal data — passports, utility bills, corporate structures — that needs strict access control and clear retention. We configure SharePoint so CDD documents live in a per-client library with access limited to the matter team, and retention set to run automatically once the engagement ends and the regulatory window has passed.