In this resource, we describe system and behavioural controls that law practices should implement. We also define conduct that is capable of constituting unsatisfactory professional conduct or professional misconduct.

Not every law practice requires the same set of cybersecurity measures. Some actions we specify may not be relevant to your practice. For instance, controls related to the handling of trust money won’t apply to barristers or community legal centres, unless they operate a trust account.

However, it’s imperative that you review all the minimum expectations thoroughly, as we expect any controls relevant to your practice to be adopted as soon as is feasible.