Ransomware Risk Assessment: Our Information Security Questionnaire

Why was the questionnaire produced?

In collaboration with the Bar Association, we have developed this questionnaire to help our members understand the information security systems put in place by law firms.

We want to help law firms understand how the chambers they hear process information.

We hope that by having an agreed standardized questionnaire, the administrative burden will be significantly reduced both for the chambers answering the questionnaire and for the law firms evaluating these answers.

Who should use the questionnaire?

We recommend that law firms use this questionnaire to verify that the centralized IT systems managed by chambers are compliant with information security.

What does the questionnaire consist of?

The questionnaire contains 26 questions.

It is designed to be relevant in most circumstances.

The purpose of this questionnaire is to ensure chambers are information security compliant and to promote a culture of change across the legal profession regarding the way law firms teach lawyers.

The questionnaire focuses on central services that can be provided by chambers to lawyers and staff.

It therefore begins by seeking a definition of the scope of these centrally provided systems and services. It is then necessary to answer the remaining questions with regard to this defined scope.

The introductory paragraphs of the questionnaire give more details on how we expect it to be used.


The questionnaire aims to raise awareness of information security issues, including organizational security, and is not limited to the chamber’s use of technology.

The answers to the questionnaire are provided for information only and do not engage any contractual or tort liability on the part of the chambers or individual lawyers.

Neither the Law Society nor the Bar Council will maintain a repository of questionnaire responses which will remain confidential between the parties.