Skip to content
Law Society of Scotland
Search
Find a Solicitor
Contact us
About us
Sign in
Search
Find a Solicitor
Contact us
About us
Sign in
  • For members

    • For members

    • CPD & Training

    • Membership and fees

    • Rules and guidance

    • Regulation and compliance

    • Journal

    • Business support

    • Career growth

    • Member benefits

    • Professional support

    • Lawscot Wellbeing

    • Lawscot Sustainability

  • News and events

    • News and events

    • Law Society news

    • Blogs & opinions

    • CPD & Training

    • Events

  • Qualifying and education

    • Qualifying and education

    • Qualifying as a Scottish solicitor

    • Career support and advice

    • Our work with schools

    • Lawscot Foundation

    • Funding your education

    • Social mobility

  • Research and policy

    • Research and policy

    • Research

    • Influencing the law and policy

    • Equality and diversity

    • Our international work

    • Legal Services Review

    • Meet the Policy team

  • For the public

    • For the public

    • What solicitors can do for you

    • Making a complaint

    • Client protection

    • Find a Solicitor

    • Frequently asked questions

    • Your Scottish solicitor

  • About us

    • About us

    • Contact us

    • Who we are

    • Our strategy, reports and plans

    • Help and advice

    • Our standards

    • Work with us

    • Our logo and branding

    • Equality and diversity

  1. Home
  2. For members
  3. Business support
  4. Guide to IT Procurement
  5. Accreditations, insurances and data protection

Accreditations, insurances and data protection

Ensuring that the vendor has the right accreditations and insurances is an important part of the procurement process as these will help protect you as a customer. You also need to find out about their cyber security and data protection policies to ensure your data will be kept safe.

If you are transferring data outside of the EEA, the GDPR imposes some restrictions. This is important if you are handling client data. It is also important to undertake an independent assessment of the cyber security risks which any new technology introduces.

Example questions

Accreditation and insurance
  • Do you currently hold accreditation under ISO 27001 international standard for information security systems? If you do not, do you plan to obtain it and when?
  • If trading partners are used, please specify their names, addresses, and roles.
  • Which of these organisations, if any, are accredited to BS7799 /ISO 17799:2000?
  • Please provide a list of any other accreditations that you consider relevant and important to the submission.
  • Please provide copies of current insurance policies which would be relevant (including for instance professional indemnity and business interruption).
Data protection and cyber security
  • What is your organisation’s Data Protection Registration Number?
  • Please provide a short statement about the security measures you have in place to protect and manage personal data, addressing Article 5 and in particular Article 5 (2) of GDPR.
  • Where is your data stored? If it is held offsite, please provide full details of where it is stored?
  • Do you hold Cyber Essentials or Cyber Essentials Plus certification?
  • What security configuration and additional controls will be necessary as part of the system set up? How will they be maintained and by whom?
  • Please provide a short statement on the business continuity plans you have in place to protect your organisation and its continued business function.
  • What are your protocols if you suffer a data breach? When and how will you inform us?

IT Procurement Guide

Download a full pdf version of the guide

Read more about IT Procurement Guide
Add To Favorites

Additional

Members Business support: In association with Amiqus

Find out more about Members Business support: In association with Amiqus

Mitigo

Find out more about Mitigo
Law Society of Scotland
Atria One, 144 Morrison Street
Edinburgh
EH3 8EX
If you’re looking for a solicitor, visit FindaSolicitor.scot
T: +44(0) 131 226 7411
E: lawscot@lawscot.org.uk
About us
  • Contact us
  • Who we are
  • Strategy reports plans
  • Help and advice
  • Our standards
  • Work with us
Useful links
  • Find a Solicitor
  • Sign in
  • CPD & Training
  • Rules and guidance
  • Website terms and conditions
Law Society of Scotland | © 2025
Made by Gecko Agency Limited