Cybersecurity services for GDPR – LOCS:23. Specifically for legal practitioners. Exclusively offered by Oyster IMS.
LOCS:23, the first and currently only ICO certification scheme for legal services was launched in 2024. Since then, the first law firms, chambers and legal tech providers have successfully certified with many more either having booked in audit dates or started on the journey to certification.
12 March 2025 saw the final milestone in the development of the standard achieved as UKAS awarded approval to the Certification Body ADISA, enabling them to officially announce the recent certifications for Muckle LLP and The 36 Group Chambers as well as open application for new certifications.
LOCS:23 now sits alongside ISO 27001 and Cyber Essentials forming the ‘golden triangle’ for client data protection.
The LOCS:23 standard has five core modules that cover full UK GDPR requirements including governance, accountability, data subject rights, operational privacy and continuous improvement. It serves as the operational component of a robust data protection framework, encompassing both information security and cybersecurity compliance requirements.
The standard covers a range of aspects from policy to practice, including the implementation of multi-factor authentication, encryption, and secure information sharing, alongside other essentials.
The recent surge in AI usage has highlighted the significance of a firm’s data protection practices while also underscoring the need for technical safeguards to support this. For many firms, AI has become the most likely future cause for financial penalty or reputational damage with user error and insufficient or poorly configured technology protections posing the greatest risks. Whilst many of these organisations have internal data protection knowledge it is typically only the larger organisations that also have cyber expertise. As a consequence, many seek external validation of their compliance efforts.
For this reason and to assist those firms looking to prepare for LOCS:23 certification, we have partnered with Oyster IMS to provide Cyber LOCS; to enable compliance with relevant LOCS:23 security controls, while also offering the broader protections that firms require to safeguard client data effectively.
Josef Elliott, Managing Director of Oyster IMS commented:
“We are delighted to be a part of the Cyber LOCS program. I have known Tim Hyman for many years, and he has worked hard with the regulator to develop the LOCS:23 scheme and bring it to market. It is perfect for us as it brings together our data protection services and our information security offering under the leadership of David Francis, a specialist in both of these areas. I really feel that LOCS:23 will proliferate throughout the legal services industry and we at Oyster IMS look forward to helping as many organisations as we can to achieve the certification.”