Fig Group certifies London barristers' chambers across the Inns of Court and the commercial sets around the Temple. Chambers are organised as partnerships of self-employed barristers, which creates a distinctive Cyber Essentials scoping question - what sits in chambers' scope versus in each tenant's own scope - that we have resolved hundreds of times. Certification is delivered on a published flat fee with six-hour turnaround for compliant submissions.
The pressure to certify
The BSB Handbook does not mandate Cyber Essentials, but instructing solicitors, professional-indemnity insurers, and lay clients in regulated sectors increasingly do. Criminal sets face an extra HMG-grade layer through CJSM and the Digital Case System.
The scoping challenge
Chambers operates shared infrastructure while each barrister runs their own kit. Fig Group resolves the chambers-as-partnership scoping question on the first call and certifies within six hours of a compliant submission.
Unlike a law firm, a barristers' chambers does not itself employ its lawyers. Each barrister is self-employed, pays chambers rent or a percentage, and remains personally responsible for their own practice. The Cyber Essentials scoping question is therefore: what counts as chambers' in-scope estate, and what belongs to the individual tenant?
Clerks' workstations, the case-management server or SaaS instance, chambers-issued email accounts, and the shared print/file environment all sit firmly in chambers' Cyber Essentials scope.
A tenant's own laptop, their own dictation stack, and any other equipment they bought themselves is excluded from chambers' certificate. Each tenant runs their own kit on their own terms.
Where chambers issues kit to a barrister - laptops, mobiles, encrypted USB tokens - that equipment IS in scope and is covered by chambers' certificate.
How we document the boundary
The scoping decision is recorded in the assessment narrative and declared explicitly to IASME at submission, so the certificate's coverage matches the chambers-vs-tenant split exactly. No ambiguity at renewal.
Criminal sets face an extra infrastructure layer. CJSM and the DCS bring HMG-grade expectations into a chambers' own kit, and the v3.3 MFA requirement applies on every account that accesses the court bundles.
Required for communication with the CPS and the courts. Chambers hosting their own CJSM connector need to ensure the surrounding endpoints are v3.3-compliant.
Provides remote access to prosecution material. Chambers-issued equipment that accesses DCS must enforce mandatory MFA on every account, in line with v3.3.
Every device accessing court bundles or CPS correspondence must meet v3.3 - including the mandatory MFA requirement on all in-scope user accounts from 28 April 2026.
Why criminal sets usually need Plus
Cyber Essentials Plus adds an external vulnerability scan of internet-facing infrastructure and a sampled endpoint audit. That evidence is exactly what instructing solicitors - and the Legal Aid Agency on serious-crime work - now request before funding a paper.
Commercial chambers around the Temple and Lincoln's Inn receive DDQs from the City firms they accept instructions from. Magic Circle and silver-circle firms increasingly list Cyber Essentials as an explicit supplier-standard line item - and for sensitive cross-border work it is no longer optional.
City firms list Cyber Essentials alongside ISO 27001 alignment and cyber insurance confirmation as explicit supplier-standard line items in their due-diligence questionnaires.
When a set is instructed on a Magic Circle cross-border dispute carrying sensitive client data, Cyber Essentials is no longer optional - it's a precondition of receiving the brief.
Chambers' professional-indemnity and cyber underwriters now apply higher retention loadings (or decline altogether) for sets that cannot evidence baseline cyber hygiene at renewal.
Working with Fig Group as chambers
Same published flat fee for chambers as for every other London client - no legal-sector premium. Our office at 167-169 Great Portland Street is a ten-minute walk from Holborn and fifteen minutes from the Temple, and we host in-person scoping sessions when chambers' clerks' room and IT provider both need to be in the room.
Issued within six hours of a compliant submission.
Published flat fee. Never quoted on revenue.
Authorised certification body for CE and CE Plus.
Included if remediation is needed.
The Bar Standards Board does not formally require Cyber Essentials. Solicitor firms, CPS counterparts, institutional lay clients, and insurers are increasingly asking for it. This guide covers how CE applies to a criminal barristers’ chambers in London and why the certification has become a practical necessity even without a formal mandate.
IndustryThe Legal Aid Agency now mandates Cyber Essentials for criminal legal aid contracts. The SRA expects appropriate cyber controls for all firms. Here is what solicitors and law firms need to know.
ComplianceA detailed comparison of Cyber Essentials and Cyber Essentials Plus certification levels. Understand the differences in assessment, cost, credibility, and which level is right for your organisation.
Fig Group certifies organisations across every London borough. These boroughs are the main clusters for barristers' chambers:
Fig Group guarantees Cyber Essentials certification within 6 hours of self-assessment submission for orders placed before midday, provided the submission is compliant. If corrections are needed, up to three rounds of structured feedback are included at no extra cost. Cyber Essentials Plus takes 1-3 working days due to the external technical verification requirement.
Cyber Essentials costs from £299.99 + VAT (micro, 1-9 employees) to £549.99 + VAT (large, 250+ employees). Cyber Essentials Plus costs from £1,499 + VAT to £4,499 + VAT. Fig Group pricing is fully inclusive - no hidden fees, no revenue-based quoting, no mandatory add-ons.
Cyber Essentials is required under PPN 014/21 for certain UK central-government contracts handling sensitive or personal data. It is also increasingly required by NHS supplier frameworks, local authorities, regulated financial-services counterparties and private-sector enterprise procurement teams as the baseline evidence of foundational cybersecurity.
Cyber Essentials is a self-assessed questionnaire reviewed by an IASME-licensed assessor. Cyber Essentials Plus adds an external vulnerability scan and a sampled technical audit of end-user devices, independently verifying that the five controls are operating in practice. Both certifications are valid for 12 months and carry the same NCSC badge.
Six-hour guarantee for compliant submissions. Three free review rounds. Published flat fee from £299.99 + VAT.
Tell us about your barristers' chambers organisation and we will come back with a fixed price and a target certification date.