We’re thrilled to share that Arx Alliance is one of the first Approved Solutions for the LOCS:23 standard. We will also be the exclusive solution to assist legal service providers in achieving LOCS:23 through helping them enhance the management of their third-party risks.


The Legal Services Operational Privacy Certification Scheme (LOCS) is the first sector-wide GDPR certification standard approved by the ICO and is set to become the industry’s default requirement. The standard supports legal service providers in their UK GDPR obligations and evidence to clients that their data is properly and legally protected. The certification reflects best practice for protecting client personal data whilst meeting UK GDPR requirements.


Until now, it has been incredibly difficult for legal service providers to track, monitor and prove that they are putting in the measures and taking the correct actions to remain compliant with UK GDPR. LOCS:23 will enable organisations to develop a “robust and manageable accountability framework” that is able to be easily measured and audited. 


Andre Turville, Arx Alliance CEO/founder,  has commented on this achievement;

“It’s very exciting news! It shows Arx Alliance is leading the way for law firms and practitioners raising the bar on infosec. We look forward to working with legal service providers by enhancing their third party risk processes by helping them on their way to achieve the LOCS:23 certification”


To become an Approved Solution, the provider must show the scheme owner its ability to help a firm meet the required controls for LOCS:23 compliance. Organisations should use Approved Solution’s as it can help become part of the evidence needed to meet the certification auditor’s requirements.


Arx is proud to be the exclusive approved solution to aid data controllers and processors in managing their third party risk. Through using the Arx platform, organisations will be able to prove that they are managing their third party cyber risk effectively. Actively engaging with the platform will be proof of this when it comes to getting audited for the certification.


Tim Hyman, LOCS:23 scheme owner, commented;

“There are two key objectives of the first ICO approved UK GDPR certification for legal services; promoting client trust that firms are compliant in protecting their personal data and ensuring that these protections are included, measured and monitored in the entire processing lifecycle. It is this vendor engagement activity where Arx provides a unique and innovative solution that not only ensures data protection standards are assessed but does so in a way that standardises the approach and takes the administrative burden away from law firms.


We see the Arx platform as complimentary to all that LOCS:23 has set out to achieve and for that reason are pleased to welcome them as an Approved Solution to the LOCS ecosystem.”


We will be releasing a series of articles explaining LOCS:23, why it is important and how Arx can help you on your journey to certification. To learn more in the meantime pay a visit to the LOCS:23 website here.


If you would like to discuss how Arx can help you on the road to achieving LOCS:23 contact one of our team who would be more than happy to help.



Protect your firm with Arx Alliance

The Arx platform is unique. Our approach is collaborative rather than prescriptive. We give you the tools and the framework to create robust, secure supply chains in a way that is effective, and cuts through the noise and jargon of a complex industry.

Over time, through a guided step-by-step process, we can help you identify and mitigate risks inside your own organisation, and collaborate with your suppliers to create robust, secure supply chain relationships.

Arx provides your firm and suppliers with a suite of tools:

  • Visibility of the organisation’s attack surfaces
  • Efficient control of cyber policies and standards
  • Central place for managing standards and controls
  • Continuous monitoring of all touch points
  • Situational awareness for all tiers of supply chain
  • Risk scored suppliers to highlight weak links