Lexcel Guidance For In-House Practices

Lexcel England and Wales v6.
1
Guidance notes for in-house legal departments
Excellence in practice management and client care
Lexcel England and Wales v6.1
Contents
Introduction..................................................................................................................................................................................................................... 3
PART ONE - GUIDANCE AGAINST LEXCEL STANDARD REQUIREMENTS ............................................................................................................... 4

1 - Structure and strategy ................................................................................................................................................................................................. 4
2 - Financial management ................................................................................................................................................................................................ 8
3 - Information management ........................................................................................................................................................................................... 11
4 - People management ................................................................................................................................................................................................. 18
5 - Risk management...................................................................................................................................................................................................... 24
6 - Client care ................................................................................................................................................................................................................. 33
7 - File and case management ....................................................................................................................................................................................... 38
PART TWO - PRACTICAL GUIDANCE ......................................................................................................................................................................... 41

1 - Preparing for an application ....................................................................................................................................................................................... 41
2 - Lexcel assessment bodies and assessors ................................................................................................................................................................. 41
3 - The application process ............................................................................................................................................................................................. 43
4 - Assessment timescales ............................................................................................................................................................................................. 46
5 - Planning for an assessment ...................................................................................................................................................................................... 47
6 - On-site assessment ................................................................................................................................................................................................... 49
© The Law Society 2018 Version: June 2018 Page 2 of 51

Introduction
• This document provides specific guidance for requirements in the Lexcel Standard for England and Wales v6.1 for in-house legal departments. These notes are
aimed at in-house legal departments that have already gained Lexcel accreditation, as well as those working towards accreditation for the first time. Please read in
conjunction with the Lexcel England and Wales v6.1 Standard for in-house legal departments, and the Scheme rules for v6.1.
• There are two parts to these notes, Part One and Part Two.
• Part One
o Part One includes the Standard requirements and highlights the defined terms as listed in the Standard document.
o It aims to clarify the meaning of the Standard requirements as well as provide further support in how to approach and implement policies, procedures and
other activities to meet each
o Guidance notes are broken down by the following categories: general guidance, internal clients and external clients. If a category is omitted it is because
there is no specific guidance for that category. Key to tables:
General guidance Guidance is a general comment
Internal clients Guidance is applicable for departments with internal clients
External clients Guidance is applicable for departments with external clients
• Part Two
o Part Two provides general guidance and support for applying for Lexcel. It gives guidance on preparing for an assessment, who the Assessment bodies
are, and the role of the assessor. It explains the application process and timescales and provides suggestions on planning for an assessment as well as
the assessment process itself.
Questions?
• If, after reading the Standard, scheme rules and guidance notes, you have any questions regarding Lexcel, please do not hesitate to contact us:
Tel: +44 (0)20 7320 5933 Email: lexcel@lawsociety.org.uk

PART ONE - GUIDANCE AGAINST LEXCEL STANDARD REQUIREMENTS

1 - Structure and strategy
1.1 The department must have documentation setting out the:
Requirement
a. management structure which designates the responsibilities of individuals and their accountability.
General guidance notes
The management structure may just apply to a department or the whole of the organisation of which it forms part. This information may be presented in a wide variety
of forms, for example, in an organisational chart and/or in personnel profiles on the intranet.
1.2 The department or its organisation must have a strategic plan. Where the department relies upon their
organisation’s strategic plan this must set out the departments’ objectives. The plan should include:
a. objectives for at least the next 12 months
b. the identification of resources required to meet the objectives
Requirement c. the services the department wishes to offer

d. the client groups to be served
e. how services will be delivered and marketed
f. a documented risk evaluation of objectives
g. procedures for regular reporting on performance.
If departments have a departmental plan or contributes significantly to their organisation’s strategic plan, then they should be aware that strategy is dynamic in nature
and that a strategic plan should be regularly reviewed and updated.
Departments are required to review their plan at least annually. However, the frequency of review should take into consideration macro environmental factors and
internal changes within departments or their organisation, which may impact on their organisation’s ability to meet its set objectives. Therefore, departments should

avoid using the review period simply to meet Lexcel requirements and instead ensure that the review period takes into consideration changes that may impact on a
department’s ability to meet its objectives.
When setting objectives, departments should consider using the SMART (Specific, Measurable, Achievable, Realistic, Time-bound) format. An example of a SMART
objective would be to reduce the time between a client making contact with a department and being allocated a legal advisor, to two days, to be introduced/implemented
within the next six months.
As part of the process of setting the strategy, departments should consider their current resources and then identify any gaps that they need to address in order to meet
their objectives. The main resources to consider are:
• People (HR);
• Finance;
• Technology; and
• Facilities.
Departments should consider using a SWOT (Strengths, Weaknesses, Opportunities and Threats) analysis to assist them in understanding their department and
evaluating risk, as required by 1.2.f.
There are other forms of analysis that departments can undertake such as PEST (Political, Environment, Social and Technological), which may be helpful when
developing their department’s strategy and understanding risks.
Guidance notes by type of client
Internal clients External clients
Departments must have a documented strategic plan or be included in their The objectives referred to at 1.2.a should include information concerning
organisation’s strategic plan, ensuring that their objectives are defined for at least marketing activities if departments propose to deliver legal advice to new clients.
the next 12 months.
As part of a department’s strategy and business planning, particularly in defining
The requirements in 1.2.a to 1.2.g are not necessarily appropriate as many target groups and geographical locations, departments may outline plans to
departments only advise and act for internal clients and so may have little choice promote access to their services by diverse groups, taking account of language,
over the services they wish to offer and the client groups to be served. Therefore, cultural background, religion and disability.
not all of the requirements in 1.2. may be directly relevant to every department. In
If equality, diversity and inclusion initiatives are part of a department’s strategy to
the scenario described above it is acceptable for the departments to disregard the
win new business or to develop its existing client base, the strategy and business
requirements set out in 1.2.a to 1.2.g. Departments do not need to document the
plan should identify ways in which it can participate in such initiatives in the local
reasons why they believe that the requirements are not appropriate but
and wider community. Ideally, departments should indicate the steps that have
departments should be able to explain their decision to their assessor.
been taken towards reaching this goal. This could also be included as part of an
organisation’s Corporate Social Responsibility (CSR) policy in section 1.4.

Departments that act for external clients should refer to Part One (1.2) above, as it
is likely that departments will benefit from meeting the requirements as set out
above for legal departments.
1.3 The organisation must have a business continuity plan that encompasses the department, which should include:
a. an evaluation of potential risks that could lead to business interruption
Requirement b. ways to reduce, avoid and/or transfer the risks
c. key people relevant to the implementation of the plan
d. a procedure to test the plan annually, to verify that it would be effective in the event of a business interruption.
If departments have a separate Business Continuity Plan ('BCP') or significantly contribute to their organisation’s BCP, the key areas of risk that should be addressed in
the plan are as follows:
• Geographic location (flood, fire, terrorist attacks);
• Loss of key personnel; and
• Loss of facilities (IT, access to the building).
The Law Society produces a free department note in relation to business continuity, which can be found at the following link:
http://www.lawsociety.org.uk/advice/practice-notes/business-continuity/
Departments may be encompassed by their organisation’s BCP or have their own If departments act for external clients it is recommended that they comply with the
plan. requirements in 1.3.a to d, as far as possible. However, it is recognised that
departments may have organisational constraints that prevent them from fully
Some departments may not directly feature in their organisation’s plan with little or
meeting all of these requirements.
no direct reference being made to them therein.

Requirement 1.4 The department should have a policy in relation to corporate social responsibility.
This is an optional requirement and therefore departments will not receive a non-compliance if they do not have a documented policy in place. However, departments
might contribute significantly to the local community and may wish to document this in their CSR policy.
Pro Bono
The Law Society has recently produced two new tools designed to help law firms and in-house teams develop the capacity and strategic presence of pro bono work to
improve access to justice and meet unmet legal needs.
The Pro Bono Manual sets out the steps legal practices may take in order to develop a strategic pro bono programme and includes template policies, engagement
letters, memorandums of understanding as well as best practice guidance and information about strategic partners within the sector. The manual is primarily aimed at
mid-sized law firms, but there is also a section for in-house solicitors, and most of the chapters are applicable to in-house teams. To download your free copy of the
Manual, please visit www.lawsociety.org.uk/support-services/practice-management/pro-bono/pro-bono-manual/
The Law Society also launched it’s Pro Bono Charter in November 2016. The Charter is a statement of commitment that firms and in-house teams can endorse and is a
public commitment by legal practices to promote pro bono opportunities throughout their business, to help support this goal. It is a great opportunity to highlight your law
firm or organisation’s pro bono work. By signing the Statement of Commitment, your law firm or organisation is demonstrating its commitment to improving access to
justice for those individuals and organisations who have legal needs and are ineligible for legal aid and unable to afford to pay for legal services. There are many
benefits to endorsing the Pro Bono Charter including access to additional tools and information and invitations to attend four Law Society pro bono forums per year. To
find out more information about the Pro Bono Charter and how to sign up, please visit www.lawsociety.org.uk/support-services/practice-management/pro-bono/pro-
bono-charter/General guidance notes

2 - Financial management
2.1 The organisation must document the person who has overall responsibility for financial management of the
Requirement department.
The person who is responsible for the financial management of a department does not have to be a member of that department.
It is acceptable to name either the person or the role for the purposes of Lexcel.
2.2 The department should be able to provide documentary evidence of their financial management procedure,
including:
Requirement a. annual budget including income and expenditure
b. variance analysis conducted at least quarterly of income and expenditure against budgets.
The majority of departments will usually have an allocated budget or may be in the process of bidding for a budget or funding and must produce this information to their
assessor. However, there may be some departments that do not have an allocated budget or where the legal advisors are part of a wider department. In these
circumstances, departments will not need to comply with these requirements.

Requirement 2.3 The department should have a time recording procedure.
Even if departments do not bill clients on a time basis, they may still wish to This is an optional requirement. However, if departments bill clients on a time
consider time recording, as it can provide useful management information in basis it is crucial to accurately record time.
relation to productivity.
2.4 If appropriate, the department should have a procedure in relation to billing clients which, should, include:
a. the frequency and terms for billing clients
Requirement
b. credit limits for new and existing clients
c. debt management.
If departments act for internal clients and do not have billing arrangements in If departments advise or act for external clients and bill these clients, they
place, they can disregard these requirements as they are not applicable to such should ensure that client expectations are managed from the outset in relation
departments. to 2.4.a.
Credit limits in 2.4.b usually refer to the value of work that departments are
willing to undertake before issuing their client with a bill. It is acceptable to set
out a general procedure for all clients or matter types or decide this on a case
by case basis.
2.4.c requires departments to set out the steps to be taken in the event that a
bill is not paid on time.
It is accepted that acting for external clients does not automatically necessitate
billing clients, for example, many not for profit organisations that offer legal

services do not bill their clients. In these circumstances departments would not
need to comply with 2.4.
2.5 Departments handling financial transactions, should have a procedure, which should include:
a. the transfer of funds
Requirement
b. the management of funds received by the department
c. authorisations.
Departments that do not handle financial transactions do not need to have such a procedure.
Authorisations should be construed widely. Details of how financial transactions are authorised must be encompassed within the procedure, for example, in respect of
authorised signatories, disbursements, cheque requests, client to office and office to client transfers and write off requests.

3 - Information management
3.1 The department or the organisation must have a policy to manage personal data which ensures compliance with
data protection legislation, which should include:
a. the appointment of an appropriate person of sufficient seniority and authority who is responsible for data
protection within the department and to liaise with the organisation’s Data Protection Officer (DPO) or other
person, if one exists
b. keeping appropriate records of processing activities and additionally, the lawful bais for processing categories of
data and providing information to data subjects including information about data transfers to third countries
c. a procedure for data subject access requests
Requirement
d. a procedure to manage and report data breaches
e. regular data protection training for all staff
f. a policy for reviewing processing operations in light of the obligation of data protection by design and default
which should include:
i) a procedure for identifying when a data protection privacy impact assessment should be carried out
g. a procedure for identifying and periodically reviewing data retention timescales.
Designation of a DPO
Where a mandatory or voluntary appointment of a DPO has been made, assessors will interview the DPO or one of their team to confirm that they are fulfilling the
requirements of the role as set out in GDPR Chapter 4, Section 4.
Where an appointment has not been made the assessor will request written evidence of the decision not to make a mandatory or voluntary appointment which should
also include details of the suitable alternative arrangements that have been put in place.
Law Society guidance is that data protection compliance, within the department, should be led by a suitably senior and qualified person with access to the necessary
resources to ensure compliance. This person will be interviewed, and it will be confirmed that they are carrying out the necessary duties and are liaising with the
organisation’s DPO or other person if one exists.
Record keeping

Keeping appropriate records of processing activities means keeping a record that contains all the information set out in Article 30(1) (a)-(g) of the GDPR. These records
have to be kept by most data controllers under the GDPR. Lexcel practices have an additional requirement of keeping a record of the lawful basis on which they are
processing each category of data set out in Article 30(1)(c). For processing of data to be lawful at least one of the grounds set out in Article 6 (1) (a)-(f) must be met; for
processing of special categories of personal data as defined in Article 9(1) to be lawful, one of the grounds in Article 9(2)(a)-(j) must be satisfied. The record of the lawful
basis for processing may be kept as part of the Article 30 record. Article 30(1)(f) requires data controllers where possible to keep, as part of the record, the envisaged
time limits for erasure of the different categories of data. Lexcel regards this obligation as important and there is a high expectation that it should be possible to identify
envisaged time-limits for most categories of data. Where it is not Lexcel practices should provide a clear justification.
The requirements for the provision of information to data subjects are set out in Articles 13 and 14 of the GDPR.
Assessors should request a copy of these records and confirm that it has been completed in respect of each of the requirements set out in 30(1)(a)-(g).
Any apparent omissions will be clarified with the DPO or other person responsible for data protection compliance.
Data subject access

Assessors will request the procedure for responding to data subject access requests. This should set out how all staff have been trained to identify data subject access
requests, the action they should then take and who is responsible for responding within the time limit. The responsibilities of the DPO or other person responsible for
data protection compliance should be clearly set out.
Data breach notification

Assessors will request the procedure for making mandatory data breach notifications. As with data subject access requests, the procedure should set out how all staff
have been trained to identify data breaches, the action they should then take and who is responsible for making notifications within the time limits. The responsibilities of
the DPO or other person responsible for data protection compliance should be clearly set out.
Data protection training

The frequency of training will depend on each organisation’s circumstances and would need to take account of any systems changes and profile of client base i.e.
engagement with vulnerable clients, but should be undertaken at least once a year.
DPIAs and data protection by design and by default

Assessors will request the policy for ensuring data protection by design and by default, which should include a procedure for identifying when DPIAs must be carried out
as set out in Article 35. The policy should be written after consultation with the DPO and systems/technology resource.
Examples of historic DPIAs should be requested along with any examples of the application of data protection by design and by default.
Data retention timescales
The procedure should include how retention periods for different categories of data are initially identified and how these anticipated retention periods are to be reviewed
from time to time (and not less than once a year). It should also include procedures for reviewing cases as appropriate within each category.

Any management records of historic data subject access responses or data breach notifications will be examined.
The Law Society produces general guidance on GDPR, which can be found at the following link:
http://www.lawsociety.org.uk/support-services/practice-management/gdpr-preparation/general-guidance-on-gdpr/
3.2 The department or the organisation must have an information management and security policy and should be
accredited against Cyber Essentials. The policy should incorporate the following controls:
a. a register of relevant information assets
b. procedures for the protection and security of the information assets
c. procedures for the retention and disposal of information
d. the use of firewalls
Requirement e. procedures for the secure configuration of network devices
f. procedures to manage user accounts
g. procedures to detect and remove malicious software
h. a register of all software used
i. training for personnel on information security
j. a plan for the updating and monitoring of software.
The information management and security policy essentially needs to address how the department and/or organisation ensures that information is kept confidential, its
integrity is maintained and it is accessible. This is critical on a day to day basis and also needs to be considered in the context of the business continuity requirements
that are set out in section 1.3 above. The policy must encompass information that is held electronically and physically. The requirements of 3.2.a - j provide a
framework to address the key issues that will help the department/organisation form its policy. Although the sub-clauses of 3.2 are optional, to reflect that some
departments will be bound by an organisational wide policy that does not necessarily adopt the same sub-clauses as Lexcel, it is unlikely that the department or
organisation will have an effective policy unless it addresses all of the sub-clauses in 3.2.

‘Information assets’ comprise both personal and non-personal data. Personal data are defined in data protection legislation and must be processed accordingly. Non-
personal data are not subject to data protection legislation but may be subject to a duty of confidentiality and other rights including intellectual property rights.
The government has introduced the Cyber Essentials Scheme to help business deal with cyber security issues. Follow the link below to find out more information about
the scheme. We recommend that departments carry out a free self-assessment against cyber essentials as this acts as a good starting point for departments in
considering what cyber security measures they need to deploy.
https://www.cyberessentials.ncsc.gov.uk
Training for personnel on information security (3.2i) should be appropriate and relevant to the role and should take place at least annually.
Further information and training can be found from the following sources:
http://cpdcentre.lawsociety.org.uk/course/6707/cyber-security-for-legal-and-accountancy-professionals
http://www.iso.org/iso/home/standards/management-standards/iso27001.htm
http://www.lawsociety.org.uk/advice/practice-notes/data-protection/
http://www.lawsociety.org.uk/advice/practice-notes/information-security/
http://www.lawsociety.org.uk/advice/practice-notes/cloud-computing/
3.3 The organisation must have an e-mail policy that encompasses the department, or the department must have its
own policy, which should include:
Requirement a. the scope of permitted and prohibited use

b. procedures for monitoring personnel using e-mail
c. procedures for the storage and destruction of emails.
The email policy may be part of a general communication policy or be part of the information management and security policy.
3.3.b does not require a department/organisation to monitor emails, only that it sets out what its policy is in relation to monitoring. Therefore, a department/organisation
may or may not chose to monitor emails. This information should be communicated to personnel via the policy.
Departments/organisations may wish to consult the Information Commissioner’s guidance on monitoring employee emails to ensure that it is in compliance with relevant
legislation.

3.4 If the department is featured on the organisation’s website, the department must be encompassed by the
organisation’s website management policy, which must include:
a. consideration of accessibility requirements for disabled clients
Requirement and should include:

b. a procedure for content approval, publishing and removal
c. the scope of permitted and prohibited content
d. procedures for the management of its security.
It is unlikely that a department that advises and acts for internal clients will be This requirement does not make it mandatory to have a website. However, if the
featured on the organisation's website. Therefore 3.4 is unlikely to be relevant to department or organisation does have a website then the
the department in such circumstances. department/organisation must ensure that it is managed in accordance with the
policy. 3.4.d relates to information security and therefore the
department/organisation should ensure that the policy in 3.4 is consistent with
3.2 above.
In order to meet the requirements of 3.4.a the department/organisation may wish
to access the following information:
How to meet Web Content Accessibility Guidelines 2.0
http://www.w3.org/WAI/WCAG20/quickref/
A guide to understanding and implementing Web Content Accessibility
Guidelines 2.0
http://www.w3.org/TR/UNDERSTANDING-WCAG20/

3.5 The organisation must have an internet access policy that encompasses the department, or the department must
have a policy that is particular to their department, this should include:
Requirement a. the scope of permitted and prohibited use
b. procedures for monitoring personnel accessing the internet.
Issues such as downloading information and programs should be addressed in the policy.
3.5.b does not require departments/organisations to monitor personnel accessing the internet. However, the policy must state whether or not the organisation monitors
internet use. If an organisation chooses to monitor internet access use, then it must ensure that it considers an individual’s right to privacy and it must take a
proportional approach. There is the possibility of using software to assist with monitoring. Departments/organisations may wish to access further guidance in relation to
monitoring personnel by visiting the Information Commissioner’s Office website, to help ensure that the policy complies with current legislation and good practice. A link
can be found below:
http://ico.org.uk/
3.6 If the department participates in social media, the organisation must have a social media policy that encompasses
the department, or the department must have its own policy, which should include:
Requirement a. a procedure for participating in social media on behalf of the organisation
b. the scope of permitted and prohibited content.
The policy should address key issues, such as:

• scope of the policy;
• roles and responsibilities;
• forms of social media;
• how the policy applies to business and personal use;

• consequences of breaching the policy; and

• how to give feedback on the policy.
Internal clients
It is unlikely that a department that advises and acts for internal clients will participate in social media. Therefore 3.5 is unlikely to be relevant to such departments.
3.7 The organisation or department must have:

a. a register of each plan, policy and procedure that is contained in the Lexcel Standard
Requirement
b. the named person responsible for each policy, plan and procedure that is contained in the Lexcel Standard
c. a procedure for the review of each policy, plan and procedure that is contained in the Lexcel Standard.
The requirements of 3.7 relate to all plans, policies and procedures in sections 1 to 7 of the Standard.

4 - People management
Requirement 4.1 The department or the organisation must have a health and safety policy.
The department will usually be subject to the organisation’s policy. However, if the organisation does not have a policy then the department must have its own policy.
The policy should incorporate the department’s obligations under health and safety legislation. For information about these obligations please see the Health and
Safety Executive website which can be found at the following link:
http://www.hse.gov.uk/business/index.htm
4.2 The department or the organisation must have an equality and diversity policy, which should include:
a. recruitment, selection and progression
b. a procedure to deal with complaints and disciplinary issues in breach of the policy
Requirement
c. a procedure to monitor diversity and collate equality data
d. training of all personnel on compliance with equality and diversity requirements
e. procedures for reasonable adjustments for personnel.
A department or organisation’s equality and diversity policy must cover recruitment, selection, progression, retention and pay. A department or its organisation should
have regard to Outcome 2.1 and 2.2 of Chapter 2, Principle 9 of the SRA Handbook and equality legislation to ensure that its policy is effective.
A department/organisation must be aware of its obligations to ensure reasonable adjustments are made for disabled employees in accordance with Outcome 2.1 and
2.2, Chapter 2, Principle 9 of the SRA Handbook. The equality & diversity policy should set out what steps a department/organisation intends to take to identify and
manage reasonable adjustment requests from personnel who have a disability. A list of the types of adjustment a department/organisation can offer may be included in
the policy.

4.3 The department must be encompassed by the organisation’s learning and development policy, which should
include:
a. ensuring that appropriate training is provided to personnel
Requirement b. ensuring that all supervisors and managers receive appropriate training
c. a procedure to evaluate training
d. a learning and development plan for all personnel.
Departments may be subject to their organisation’s policy or may have their own policy.
4.4 The organisation or department must list the tasks to be undertaken by all personnel within the department usually
Requirement in the form of a role profile.
It is acceptable to have job descriptions or specifications as an alternative to role profiles, or to include the tasks to be undertaken by personnel in their contract of
employment.
It is good practice to review the role profile/job description as part of the annual performance review.
4.5 The department must be encompassed by the organisation’s procedures to deal effectively with recruitment
selection and progression, or have procedures particular to the department, which should include:
Requirement a. the identification of vacancies

b. the drafting of the job documentation
c. methods of attracting candidates

d. clear and transparent selection

e. storage, retention and destruction of records
f. references and ID checking
g. where appropriate, the checking of disciplinary records.
The department/organisation must have fair and transparent recruitment processes (this applies to both those used internally by the organisation and those that are
outsourced to recruitment agencies). Inclusive language must be used. There should also be a fair, formal and transparent process relating to promotion and
progression within the department/organisation. The procedures may include clear role specifications for all role types, scoring candidates on essential and desirable
criteria based on experience and qualifications, which candidates can demonstrate in the application and interview process.
There are very few circumstances in which a department would not undertake the checks referred to at 4.5.g. If appropriate, a department may wish to ask the legal
advisor or member of personnel to confirm details of their disciplinary record, held by their regulator.
4.6 The department must be encompassed by the organisation’s induction arrangements for personnel, or have
arrangements particular to the department, including those transferring roles within the organisation and should
cover:
a. the management structure and the individual’s responsibilities
Requirement
b. terms and conditions of employment
c. immediate training requirements
d. key policies.
Personnel joining a department may be required to attend a general induction held by the organisation or a specific induction held by the department. Typically there is
a combination of both.
The induction held by a department would typically cover the following key areas:
• Information security;

• Email and internet access;

• Social media;
• Health and safety;
• Equality and diversity;
• Risk management policy;
• Anti-money laundering policy (if applicable);
• Anti-bribery; and
• Client care.
4.7 The department or their organisations must have a procedure which details the steps to be followed when a
member of personnel ceases to be an employee, which should include:
Requirement a. the handover of work

b. exit interviews
c. the return of property belonging to the organisation.
The procedure should refer to whether handover notes should be prepared by the departing member of personnel and whether there is a handover period.
Exit interviews are not always appropriate, for example, where a member of personnel is being made redundant or being dismissed.

4.8 The department must be encompassed by the organisation’s performance management policy or have a policy
that is particular to the department, which should include:
Requirement a. the organisation or department’s approach to performance management
b. performance review periods and timescales.
The performance management policy should include the following information:

• How performance is reviewed;
• Further development of personnel;
• Set objectives that should align with the organisation’s/department’s strategic plan (see 1.2 above);
• Available support and resources; and
• Training needs.
Requirement 4.9 The department or the organisations must have a whistleblowing policy.
A department will usually be subject to the organisation’s whistleblowing policy. However, if there is no organisation wide policy, a department must have its own policy.
The whistleblowing policy should set out the type of issues that should be reported, what is unacceptable in respect thereto and to whom any such concerns should be
reported. In addition, the policy should set out whether personnel should initially contact their line manager and to whom they should report the matter if it relates to
their line manager.
The policy should make reference to key legislation such as the Public Interest Disclosure Act 1998 (PIDA). Departments should be aware of subsequent legislation
such as the Enterprise and Regulatory Reform Act of 2013 as well as the public interest test which was introduced by the government on the 25 June 2013.

Requirement 4.10 The department or the organisations must have a flexible working policy.
Organisations/departments must take steps to ensure that the flexible working policy adheres to current legislation.
Issues that should be addressed as part of the policy include the following:
• Flexibility as to where personnel are based;
• When and at what times personnel work; and
• The total number of hours that personnel work.
For more information on flexible working please see the Law Society's Practice Note on Flexible Working, which can be found at the following link:
http://www.lawsociety.org.uk/advice/practice-notes/flexible-working/

5 - Risk management
5.1 The department must be encompassed by the organisation’s risk management policy, or have a policy that is
particular to the department, which should include:
a. a compliance plan, if relevant
Requirement b. a risk register
c. defined risk management roles and responsibilities
d. arrangements for communicating risk information.
A compliance plan should set out the ways in which a department will comply with its regulatory obligations, such as:
• SRA;
• Health and safety;
• Anti-money laundering;
• Anti-bribery; and
• Data protection.
The risk register often divides the risks into the following categories:
• Strategic;
• Financial;
• Operational;
• Compliance; and
• Breaches (material and non-material).
If a department only advises and acts for internal clients, the risk management If a department advises and acts for external clients, the risk management policy
policy should include details of how it will manage any risks that may damage the should include details of how risks are to be managed in order to reduce the
organisation’s reputation. likelihood of complaints and claims being made against the organisation.

5.2 The department must be encompassed by the organisation’s outsourced activities policy or have a policy that is
Requirement a. details of all outsourced activities including providers

b. procedures to check the quality of outsourced work
c. procedures to ensure providers have taken appropriate precautions to ensure information will be protected.
In order to comply with 5.2.a, departments may wish to keep a register of all the information on outsourced activities.
Requirement 5.3 There must be a named supervisor for each area of work undertaken by the department.
It is acceptable to make reference to roles rather than to name individuals, provided that, those being supervised are aware of by whom they are being supervised. This
information may already be set out in the management structure required at 1.1.a.
5.4 The department must have procedures to manage instructions which may be undertaken even though they have a
Requirement higher risk profile, including unusual supervisory and reporting requirements or contingency planning.
The procedures must set out the types of matters that departments typically define as high risk and also have specific procedures to mitigate the risk, for example by
having more frequent reviews of the matter file with a supervisor.

5.5 The department should maintain lists of work that it will and will not undertake. This information should be
Requirement communicated to all relevant personnel and should be updated when changes occur.
Departments that only act for internal clients may choose to have a very broad It is also acceptable to capture this information on an organisation's website, if a
description of the work that they will undertake, as they may be obliged to accept department has external clients.
all instructions from clients. It is acceptable for this information to be contained in
the organisation’s intranet.
5.6 If the department acts or advises external clients, they must maintain details of the generic risks and causes of
Requirement claims associated with the area(s) of work undertaken by the department. This information must be communicated
to all relevant personnel.

External clients
Each area of law presents different risks, which change over time. It is often helpful to draw upon a legal advisor’s experiences and perception of what can cause claims
in his or her area(s) of work, when departments are formulating the list of risks.
5.7 The department must have a procedure to monitor key dates, or be encompassed by the organisation’s procedure,
which must include:
Requirement a. the definition of key dates by work type for the department
b. ensuring that key dates are recorded on the file and in a back-up system.

Key dates must be highly visible to both the fee earner and anyone who undertakes work on the file.
5.8 The department must be encompassed by the organisation’s policy on the handling of conflicts, or have a policy
that is particular to the department, which should include:
Requirement a. the definition of conflicts

b. training for all relevant personnel to identify conflicts
c. steps to be followed when a conflict is identified.
The most common conflict situations that departments should be aware of and be If a department acts for external clients there is a greater likelihood that a conflict
able to recognise are own interest conflict situations. The conflict of interest policy of interest may arise between the department's clients. Therefore conflict of
should include details of how to identify a conflict and how records are to be interest checks should be undertaken in a systematic fashion and the results
maintained. For example, in a personal interests register. recorded.
5.9 The department must be encompassed by the organisation’s procedure to ensure that all personnel, both
permanent and temporary, are actively supervised, or have procedures that are particular to their department. Such
procedures must include:
a. checks on incoming and outgoing correspondence, where appropriate
Requirement b. departmental, team and office meetings and communication structures, where appropriate
c. reviews of matter details in order to ensure good financial controls and the appropriate allocation of workloads,
where appropriate
d. the exercise of devolved powers in publicly funded work, where appropriate

e. the availability of a supervisor

f. allocation of new work and reallocation of existing work, if necessary.
Departments should be aware that the onus is on the supervisor to be available and actively supervising personnel. This includes ensuring that those under supervision
have a manageable workload and are carrying out work that is at an appropriate level commensurate with their qualification and experience.
The reference to 'devolved powers' at section 5.9.d should be read as 'delegated functions'.
5.10 The department must have a procedure to ensure that all those doing legal work check their files regularly for
Requirement inactivity.
It is acceptable for matters to be inactive, if there is a valid reason for such inactivity.
5.11 The department must have a procedure for regular, independent file reviews of either the management of the file or
its substantive legal content, or both. In relation to file reviews, the department must:
a. define and explain file selection criteria
b. define and explain the number and frequency of reviews
Requirement c. retain a record of the file review on the matter file and centrally
d. ensure any corrective action, which is identified in a file review, is acted upon within 28 days and verified
e. ensure that the designated supervisor reviews and monitors the data generated by file reviews
f. conduct a review at least annually of the data generated by file reviews.

The file selection criteria should set out the reasoning behind why and how files are selected for review. When defining the file selection criteria it is appropriate to
consider the following:
• How to select a representative sample of the legal advisor’s files;
• Whether files should be selected randomly;
• If the legal advisor is managing high risk matters, then whether those files should be reviewed more frequently;
• Whether to select files based on activity or lack of activity; and
• Whether files which are at different stages of completion, should be selected.
In respect of 5.11.c, the requirement is not that the full review be held on the matter file, but rather that it be apparent from the file that it has been reviewed and where
the central record of such review may be found. It is increasingly common to have a central record of file reviews, which is in an electronic format. This will be
compliant, provided that it is apparent from the matter file that it has been subject to a file review and that the outcome of the file review can be easily traced.
5.12 Operational risk must be considered and recorded in all matters before, during and after the processing of
instructions. Before the matter is undertaken the legal advisor must:
a. consider if a new client and/or matter is accepted by the department, in accordance with section 6.1 and 6.7
below
b. assess the risk profile of all new instructions and notify the supervisor, in accordance with procedures under
5.4, of any unusual or high risk considerations in order that appropriate action may be taken.
During the retainer the legal advisor must:
Requirement c. consider any change to the risk profile of the matter and report and advise on such circumstances without delay,
informing the supervisor if appropriate
d. inform the client in all cases where an adverse costs order is made against the organisation in relation to the
matter in question.
At the end of the matter the legal advisor must:
e. undertake a concluding risk assessment by considering if the client’s objectives have been achieved.
f. notify the supervisor of all such circumstances in accordance with documented procedures in section 5.4
above.

The purpose of the concluding risk assessment should be to consider the following:
• Whether the client's objectives have been met;
• Whether the client is likely to complain; and
• If the department acts for external clients, whether the legal advisor, who is dealing with the matter, is aware of any circumstances that may give rise to a
negligence claim that have not already been notified to his or her supervisor.
A closing risk assessment should always be recorded on the matter file.
5.13 If anti-money laundering legislation applies to the organisation, the department must be encompassed by the
organisation’s policy to mitigate and manage money laundering and terrorist financing risks and to ensure
compliance with anti-money laundering (AML) legislation, or have a policy that is particular to the department. The
policy should be approved by senior management and must include:
a. a documented, risk assessment that identifies and assesses the risks of money laundering and terrorist financing
to which the department is subject
b. the appointment of a nominated officer usually referred to as a Money Laundering Reporting Officer (MLRO)
c. a procedure for making disclosures within the organisation and by the MLRO to the authorities
Requirement d. a procedure for checking the identity of the department’s clients, if appropriate
e. a plan for the training of personnel
f. procedures for the proper maintenance of records
g. a system for responding rapidly to AML enquiries from the authorities
h. where appropriate with regard to the size and nature of the department:
i. appoint a person of sufficient seniority as the officer responsible for the department’s compliance wih the
current money laundering regulations
ii. ensure that the organisation carries out screening of relevant employees

iii. establish an independent audit function to evaluate, monitor compliance with and improve the
effectiveness of the organisation’s AML policies, controls and procedures if no such function exists within
the organisation
Otherwise, the department must document why 5.13h (i-iii) above are not appropriate.
The current money laundering regulations are the Money Laundering Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
The Legal Sector Affinity Group has produced guidance on Anti-Money Laundering, please follow the link below.
http://www.lawsociety.org.uk/policy-campaigns/articles/draft-anti-money-laundering-guidance/
5.14 The department must be encompassed by the organisation’s policy setting out the procedures to prevent bribery in
Requirement accordance with current legislation or have a policy particular to the department.
Departments must ensure that the policy addresses current legal obligations. For further information, please see the Law Society's anti-bribery practice note by
following the link below.
http://www.lawsociety.org.uk/advice/practice-notes/bribery-act-2010/
5.15 The department should have a policy setting out the procedures to prevent facilitation of criminal tax evasion by associated
Requirement persons in accordance with current legislation.

The Law Society has produced guidance for the corporate offence of failure to prevent the facilitation of tax evasion:
https://www.lawsociety.org.uk/support-services/advice/practice-notes/criminal-finances-act-2017/
5.16 The department must be included in the organisation’s analysis of risk assessment data that is generated or
undertake an analysis of risk data particular to their department. This should include:
a. any indemnity insurance claims (where applicable)
b. an analysis of client complaints trends
Requirement c. data generated by file reviews

d. any breaches that have been notified to the SRA
e. situations where the department acted where a conflict existed (where applicable)
f. the identification of remedial action.
g. risk of non-compliance with current policy to manage personal date.
By compiling all of the information set out in this requirement, departments should be able to identify trends across their department and to take appropriate steps to
improve their risk profile.

6 - Client care
6.1 The department must have a policy for client care, which should include:
a. how enquiries from potential clients will be dealt with
b. ensuring that before taking on a client, the department has sufficient resources and competence to deal with the
matter
Requirement c. protecting client confidentiality including their data protection rights
d. a timely response is made to telephone calls and correspondence from the client and others
e. a procedure for referring clients to third parties
f. the provision of reasonable adjustments for disabled clients.
In relation to 6.1.f, departments must comply with their obligations to ensure reasonable adjustments are made for disabled clients and personnel. The duty to make
reasonable adjustments applies to the provision of services in the same way as it applies in an employer, employee situation.
There is no set formula to determine whether an adjustment is reasonable. In the majority of cases, the provider of the services will be expected to make every effort to
accommodate the needs of those with a disability.
When departments consider reasonable adjustments, they must give careful consideration as to whether a disabled client will be at a 'substantial disadvantage', if the
adjustment is not made. This term is defined in the current legislation as being 'more than minor or trivial'.
In addition to this, chapter 2, Outcome 2.3 of the SRA Code requires departments to make adjustments for disabled clients without passing on the cost of such
adjustments to the client.
In some circumstances, it may be useful to obtain advice from expert disability organisations who can assist with guidance, signposting and other forms of support.
The Law Society has produced a practice note that provides additional guidance. The practice note can be found at the following link:
http://www.lawsociety.org.uk/advice/practice-notes/equality-and-diversity-requirements--sra-handbook/.

If a department advises and acts for internal clients only, it may not need to include It is vital to manage client expectations and to deliver a consistent level of service.
all the 6.1 sub-clauses in its client care policy. However, Lexcel can often help to The client care policy sets boundaries for personnel to work within. If a
improve relationships between departments, by considering how best to deal with department acts for external clients, it is strongly recommended that it complies
internal clients and establishing a client care policy. with 6.1.a to f.
6.2 The department must communicate the following to clients in writing, unless an alternative form of communication is
deemed more appropriate:
a. where appropriate, establish the client’s requirements and objectives
b. provide a clear explanation of the issues involved and the options available to the client
c. explain what the legal advisor will and will not do
d. agree with the client the next steps to be taken
e. keep the client informed of progress, as agreed
f. establish in what timescale that matter will be dealt with
Requirement g. where appropriate, establish the method of funding
h. where appropriate, consider whether the intended action would be merited on a cost benefit analysis
i. agree an appropriate level of service
j. explain the department’s responsibilities and the client’s
k. provide the client with the name and status of the person dealing with their matter
l. where appropriate, provide the client with the name and status of the person responsible for the overall
supervision of their matter
m. where appropriate, explain to the client their rights as data subjects and provide the client with the name of the
person responsible for data protection.

Departments that act for internal clients must confirm in writing the information The information referred to at 6.2.a-m, in essence forms the basis of the client
referred to at 6.2, unless they deem an alternative method of communication to be care letter or terms of business. The legal advisor must ensure that due regard
more appropriate. It is acceptable for some of the information to be omitted, such is given to the SRA handbook, particularly Chapter 1 of the Code of Conduct.
as 6.2.g and/or 6.2.h, as there are circumstances where the provision of such The Law Society's practice note can be found at the following link:
information is not appropriate.
http://www.lawsociety.org.uk/advice/practice-notes/client-care-letters/
6.3 Where appropriate, the department should have a service level or similar agreement with their client departments.
Requirement There should be a procedure to regularly review such agreements to ensure they are in plain English.
If it is appropriate to have a service level agreement or similar agreement, departments should ensure that it addresses the relevant issues in 6.2.
6.4 Where appropriate, the department must give clients the best information possible about the likely overall cost of the
matter, both at the outset and when appropriate, as the matter progresses, in particular the department should:
a. advise the client of the basis of the department's charging
Requirement b. advise the client where the organisation will receive a financial benefit as a result of accepting instructions
c. advise the client if the charging rates are to be increased
d. advise the client of likely payments which the department or the client may need to make to others
e. discuss with the client how they will pay

f. advise the client that there are circumstances where the department may be entitled to exercise a lien for unpaid
costs
g. advise the client of their potential liability for any other party’s costs.
For departments that act for internal clients, the key cost issues that need to be Departments that act for external clients should address all the issues referred to
communicated to the client departments will most likely relate to 6.4.d and 6.4.g. in 6.4.
6.5 The department must be encompassed by the organisation’s complaints handling procedure or have a procedure
a. the definition of what the organisation regards as a complaint
b. informing the client at the outset of the matter, that in the event of a problem they are entitled to complain
c. the name of the person with overall responsibility for complaints
d. providing the client with a copy of the organisation’s or department’s complaints procedure, if requested
Requirement
e. once a complaint has been made, the person complaining is informed in writing:
(i) how the complaint will be handled; and
(ii) in what time they will be given an initial and/or substantive response
f. recording and reporting centrally all complaints received from clients
g. identifying the cause of any problems of which the client has complained, offering any appropriate redress, and
correcting any unsatisfactory procedures.

The organisation will usually have a complaints handling procedure that the If departments act for external clients, the Legal Ombudsman's website contains
department will be subject to. However, if not, the department should establish its a large amount of information that should assist departments in formulating their
own procedure. As it is dealing with internal clients, it may be appropriate to complaints handling procedure.
involve the HR department, as there may be wider performance issues involved.
For more information, please follow the link set out below.
http://www.legalombudsman.org.uk/
Departments/organisations should ideally review the analysis of complaints, as
this will indicate the areas in which they are most at risk of receiving a complaint
and where additional training or other support may be required.
6.6 The department must be encompassed by the organisation’s procedure to monitor client satisfaction or have a
Requirement procedure that is particular to the department.
The method of monitoring can vary, for example, face to face meetings may be most appropriate for internal clients, but questionnaires may be most appropriate for
external clients.
6.7 Where appropriate, the department must have a procedure to accept or decline instructions, which should include:
a. how decisions are made to accept instructions from new and existing clients
Requirement
b. how decisions are made to stop acting for an existing client
c. how decisions are made to decline instructions.

There may be little scope for declining instructions from internal clients due to the The procedure referred to at 6.7 should reflect and be consistent with the risk
organisation’s structure and purpose. policy referred to at 5.1.
7 - File and case management

7.1 The department must ensure that the strategy for a matter is always apparent on the matter file and that in complex
Requirement cases a project plan is developed.
It is for departments to define what a complex matter/case is. However, departments often consider the following issues when deciding whether to create a complex
case plan:
• Whether it is subject to high court jurisdiction;
• The level of costs or potential costs; and
• Whether it is, or is likely to be a multi-party action.
Requirement 7.2 The department must document procedures for the giving, monitoring and discharge of undertakings.
The procedures should address, who within a department is permitted to give undertakings and the consequences for personnel, should they be found to be in breach
of the procedures.
Departments may decide to subdivide the procedures for undertakings by department, as the type and frequency of undertakings can significantly vary by work type.

7.3 The department must be encompassed by the organisation’s procedure or have a procedure particular to the
department to:
a. list open and closed matters
b. ensure that they are able to identify and trace any documents, files, deeds, wills or any other items relating to the
Requirement matter
c. safeguard the confidentiality of matter files and all other client information
d. ensure that the status of the matter and the action taken can be easily checked by other members of the
department
e. ensure that documents are stored on the matter file(s) in an orderly way.
As a general rule all records relating to a matter should be capable of being traced by either being on the file itself or by being referred to thereon.
7.4 The department will have procedures to ensure that matters are progressed in an appropriate manner. In particular:
a. key information must be recorded on the file
b. a timely response is made to telephone calls and correspondence from the client and others
Requirement
c. where appropriate, continuing cost information is provided
d. clients are informed in writing if the person with conduct of their matter changes, or there is a change of person to
whom any problem with service may be addressed.
The requirements set out in 7.4 are closely aligned to those in section 6, which deals with client care, particularly the client care policy requirements in 6.1.

7.5 The department must be encompassed by the organisation’s documented procedure for using barristers, expert
witnesses and other external advisers who are involved in the delivery of legal services, or have a procedure
particular to the department, which should include provision for the following:
a. use of clear selection criteria in line with the equality and diversity policy
b. where appropriate, consult with the client in relation to selection of advocate or other professional
c. advising the clients of the name and status of the person being instructed, how long she/he might take to respond
and, where disbursements are to be paid by the client, the cost involved
Requirement
d. maintenance of records on barristers and experts used, including evidence of assessment against the criteria
e. evaluation of performance, for the information of other members of the department or organisation
f. giving clear instructions
g. checking of opinions and reports received to ensure they adequately provide the information sought (and, in
litigation matters, comply with the rules of court and any court orders)
h. payment of fees.
The selection criteria for experts and barristers must comply with the equality and diversity policy under 4.2.
7.6 The department must have procedures to ensure that, at the end of the matter, the department:
a. if required, reports to the client on the outcome and explains any further action that the client is required to take in
the matter and what (if anything) the department will do
b. where appropriate, accounts to the client for any outstanding money
Requirement c. returns to the client any original documents or other property belonging to the client, if required
d. if appropriate, advises the client about arrangements for storage and retrieval of papers and other items retained
(in so far as this has not already been dealt with, for example, in terms of business) and any charges to be made
in this regard
e. advises the client whether it is appropriate to review the matter in future and, if so, when and why

f. archives and destroys files in an appropriate manner.
This requirement assists departments in concluding matters for clients in a systematic manner, providing a framework of the key elements.
PART TWO - PRACTICAL GUIDANCE

1 - Preparing for an application
Support materials
There are a wide range of supportive materials available for departments interested in gaining Lexcel accreditation. These can be found at :
http://www.lawsociety.org.uk/support-services/accreditation/lexcel/publications/
The accreditation office recommends each department completes the self-assessment checklist before any application. This will help identify any areas of compliance,
non-compliance and areas for improvement or development. For departments applying for the first time, the checklist will give a good gauge as to how near to
compliance the department is.
2 - Lexcel assessment bodies and assessors
Assessment bodies and assessors
Assessments are conducted by independent licensed assessment bodies. Lexcel assessors are employed by one of three licensed assessment bodies. Assessors are
trained on the Lexcel Standard and Scheme rules by the accreditation office.
Assessment bodies are not allowed to provide consultancy and assessment services to the same department. They can provide consultancy or an assessment only.
For details of the Lexcel assessment bodies, please visit:

Centre for Assessment at http://www.centreforassessment.co.uk/

Inspiring Business Performance at http://www.inspiringbusinessperformance.co.uk/
Recognising Excellence at http://www.recognisingexcellence.co.uk/
Confidentiality
It is a priority for the Law Society to ensure that each assessment is conducted in a confidential manner. We have, therefore, robust confidentiality criteria in all
assessment body licence agreements to protect both confidentiality of the department and clients of the department. Each assessment body in turn has contracts with
each of its assessors and clients. Assessors are all bound to ensure that the assessment is conducted in a confidential manner as set out in the Lexcel assessment
body licence agreement.
Assessors may be asked to sign a confidentiality agreement with the client directly. This is for the assessor and client to arrange and agree on.
Assessors are responsible for adequately preparing for an assessment. The assessor must check in advance of the on-site assessment whether or not they have
permission to access client files directly or via the fee earner. In some circumstances departments may not be able to allow inspection of some or all matter files. This
may be because the client has not provided consent or the department may exercise their professional judgement. For example, in cases involving highly sensitive
material.
If the department cannot allow access to case files, the fee earner with conduct of the matter will have to answer specific questions on file management so the
assessor can obtain satisfactory evidence that the Lexcel requirements are being met. It is likely that alternative methods will take longer to assess, and will increase
the cost of any assessment.
The department may not be able to show the assessor a client’s letter of refusal to allow disclosure as the letter will contain the client’s name and it would breach client
confidentiality to reveal it.
The department may decline to show the assessor sensitive data, in particular, financial information. In this situation, the department must produce a signed letter from
an accountant that confirms all the specific requirements are being met by the department.
Any department concerned about the confidentiality of information provided to or viewed by the accreditation office or an assessment body should contact the relevant
organisation to discuss the issue.
The role of the assessor
Assessors are all bound to ensure that the assessment is conducted in a confidential and independent manner as described in the assessment body licence
agreement. Each assessor must be contracted with a licensed assessment body, have relevant experience and undertaken all preparatory requirements as laid out by

the accreditation office to maintain assessor status. Assessors that have been employed by the department as consultants are not eligible to conduct assessments for
the department.
Assessors must confine themselves to the requirements of the Standard when conducting a Lexcel assessment.
The Lexcel Standard is applicable to all types and sizes of legal practices and in-house legal departments in all jurisdictions. Assessors should be able to appreciate
how the Standard applies to and is complied with by different types of departments.
We acknowledge that assessors need flexibility to exercise their professional judgement in the context of each assessment. Consistency in approach and quality of
Lexcel assessments is extremely important. The accreditation office undertakes various quality assurance activities to review performance and compliance across all
assessors. Any issues or anomalies arising from the assessment process, by any assessor, will be investigated by the accreditation office.
Assessors must support compliance with the Lexcel assessment body licence agreement. In particular, this requires assessors to support compliance with:
• Complaint information
• Client feedback
• Application timescales
• 30 day assessment notice
• Approval to proceed requirement
• Duration guidelines
• Assessment and corrective action report deadlines.
Assessor observation
All Lexcel assessors must comply with requirements and follow guidance provided by the accreditation office. The accreditation office shadows all new assessors
before they can be a lead assessor for Lexcel. In addition, the accreditation office shadows assessors on a targeted and random basis. This will include shadowing
assessors with minimal notice. For example, informing the departments and assessor no later than two days before an assessment. These shadowing activities are
intended to ensure we are actively looking at the quality and consistency of assessments. They are not a reflection on the department in any way.
3 - The application process
Timescales for adoption

On average it takes approximately six months from deciding to apply for Lexcel to actually submitting their application form.
Departments must bear in mind all Lexcel requirements must be embedded when an assessment takes place. For initial applicants, the requirements must be in place
at least three months prior to the assessment date.
Departments should plan assessment dates no earlier than six weeks from submitting an application form. As assessment bodies serve multiple clients, the
accreditation office recommends contacting the chosen body at least three months prior to an application.
Key steps to gaining accreditation
There are key steps in the Lexcel process which must be adhered to when submitting an application and undertaking assessment. Check that the following steps
have been completed:
All requirements must be in place at least three months before the date of
 Ensure the requirements are embedded assessment
 Arrange an assessment date Between eight and twelve weeks prior to an assessment
 Submit a Lexcel application form with all information required Six weeks to three months prior to assessment date
Departments must not have an assessment without receiving approval to

 Wait for approval
proceed to assessment from the accreditation office
 If approval given, undertake an assessment Duration depends on size of department
 Assessor submits assessment report Within two weeks of last on-site day to accreditation office
 Complete any corrective action Three weeks for minor non-compliances, three months for major non-compliance
 Assessor submits corrective action report Within two weeks of non-compliance deadline
Assessment bodies verify the report and make a

 recommendation to the accreditation office
Four week turn around
accreditation office makes a decision as to whether or not to

 grant Lexcel accreditation
Four week turn around.

The application form
Departments must complete a Lexcel application form and send to the accreditation office. All sections of the form must be completed. The information will be used to
administer the application and accreditation process, as well as conduct any required checks.
Application forms should be sent in to the accreditation office no later than six to twelve weeks prior to an assessment. This allows sufficient time for all checks to be
completed by the accreditation office. Any department(s) submitting an application after this time, will be asked to rearrange their assessment date and confirm the
new date to the accreditation office at least six weeks prior to the assessment date.
Each application form must be signed off by the Senior Responsible Officer (SRO) for the in-house legal department(s). Please see Lexcel v6.1 Scheme rules for
further details on SRO http://lawsociety.org.uk/support-services/accreditation/documents/lexcel-v6.1-scheme-rules/
Supporting documentation
A key objective of the application process is to ensure the integrity of the Lexcel Standard and Scheme rules are maintained. We do, therefore, require departments to
disclose any information which may impact on the Lexcel Scheme’s reputation. Any non-disclosure or mis-representation may result in an automatic suspension of an
application, renewal or award of accreditation.
Departments applying for Lexcel must submit:
• Details of any complaint or conduct matter that has arisen at the department. This must include information such as regulator investigations or visits, complaints
from a client that were dealt with internally or referred to the relevant complaint body.
• Adverse publicity information which may bring Lexcel or the Law Society’s brands into disrepute.
• Personnel list including names, job titles, department, location and date of joining.
The accreditation office reviews all applications thoroughly. Departments must wait to receive written confirmation from the accreditation office that we have approved
the application so that the assessment can proceed. If the accreditation office has additional questions or issues with an application, these must be resolved prior to an
assessment taking place. By failing to wait for receipt of the proceed letter, departments put at risk the valuable time and money invested in the assessment and may
result in the department not being awarded with the Lexcel Standard.
Each conduct or disciplinary matters disclosed by the department will be reviewed and checked. Where precedents exist in terms of conduct or disciplinary matters,
the accreditation office must support these, but having one claim for example, does not automatically mean an application will be declined.
Please note: Checks are completed on all initial applicants irrespective of whether disclosure has been made. A random sample of 20% of re-accreditation
applications who state there are no matters will also be checked. This is to help quality assurance and the accuracy of the data being provided.
Approval to proceed to assessment

The accreditation office will issue one of two decisions following the review of each application form:
• Approval to proceed – this means a department can undertake their assessment
• Refuse Lexcel – The practice will not be authorised to proceed to assessment. The practice may appeal against this decision to the Accreditation Appeal
Panel. Read our Appeals Policy.
4 - Assessment timescales
Factors affecting durations
The duration and sample guidelines apply to the department as a whole. The total number of fee earners and support personnel must be added across all branch
offices.
The main factors affecting the length of the assessment are the number of:
• Personnel
• Department areas
• Other quality standards held (e.g. Investors in People or ISO9001).
Duration and sample guidelines
Lexcel assessments must follow the Lexcel duration and sample guidelines. Only the accreditation office can approve any changes to the duration and/or samples of
an assessment. Approval must be sought by the department and gained from the accreditation office prior to an assessment. If approval is not obtained, additional
assessment time may need to be conducted or refunds made to the client.
The Lexcel duration and samples tables to calculate timings are available at http://www.lawsociety.org.uk/support-services/accreditation/documents/lexcel-duration-
sample-guidelines/ or by emailing the accreditation office.
Preparation and report writing time

Preparing for an assessment is an important element of the assessment process. Assessors should allow a total of between half and one day preparation and report
writing time for initial, annual maintenance visits (AMVs) and full re-assessments.
Preparation should include reviewing the office manual or equivalent, selecting the interview and file samples, and drafting the assessment plan.
Travel time
The Lexcel guidelines do not reflect travel time to and from the on-site assessment. If the department has multiple offices the assessment body and department
should agree how much time will be allocated to the assessor for travel and the associated cost. Assessors must not include travel time as part of the onsite
assessment duration in the Lexcel assessment report.
Office and works areas
All offices and work areas must be included in all initial, AMVs and full re-assessments. It is compulsory for all offices to be visited by the assessor. Interviews and file
samples must also cover each office.
In very exceptional circumstances, it may be possible to conduct telephone interviews and view documentation and files remotely, rather than attending an office. This
request must be submitted to the accreditation office for review prior to any agreement with the client. The accreditation office will approve, decline or amend the
request.
5 - Planning for an assessment
Planning essentials
Departments and assessors must check that a Lexcel application form has been submitted to the accreditation office six to twelve weeks prior to an assessment. This
ensures up-to-date information is reviewed as part of the application process. Assessors must also check that the application has been processed, reviewed and
approved (via an Approval to Proceed letter/e-mail) by the accreditation office prior to an assessment starting.
Please note: without the approval to proceed to assessment from the accreditation office, any subsequent assessment, report and recommendation may be deemed
invalid. Assessment bodies, assessors and consultants cannot approve a Lexcel application.

Documentation review
The Lexcel self-assessment checklist must be completed for all initial assessments. Completed checklists must be sent to the assessor prior to an initial assessment,
ideally at least two weeks before. This will help create awareness of overall compliance, file locations and may be an indicator of the assessment being premature.
Assessors are expected to conduct a thorough review of any office procedure manual (OPM) or equivalent documentation in advance of arriving on-site to conduct the
assessment. By reviewing the documentation the assessor should be in a position to note documentary non-compliances and areas of concern. This will form the
start of an audit trail once the assessor arrives on-site. This can help assessors in finding non-compliances while on-site. Departments must send this to their
assessor before the assessment, ideally at least two weeks in advance.
Please note: in the worst case scenario, the self-assessment checklist and OPM can indicate if an assessment is premature. If an assessor believes an assessment
is premature, they must contact the relevant assessment body immediately to organise a postponement.
When seeking clarification or documentation, the onus is on the department to produce evidence requested by the assessor. The assessor will then consider the
evidence to ensure it satisfies Lexcel’s requirements.
If the assessment is an AMV or full re-assessment, the previous year’s assessment report must be reviewed. This will enable the assessor to check that any non-
compliances raised at the previous assessment have received due attention to ensure the corrective action has bedded down appropriately over the last twelve
months. It will also give the assessor the opportunity to review whether the department has taken up any of the suggested areas for improvement that were found at
the previous assessment.
Assessment plan
The assessor must formulate a clear plan of the assessment and communicate it to the department. The plan must include the following:
• Confirmation of assessment date(s), time(s) and location(s)
• Assessor(s) and assessment body name
• Time and duration of the opening meeting with suggestions of personnel to attend
• Timings for documentary reviews
• Schedule for file reviews
• List of personnel to be interviewed and schedule for the interviews
• Time for assessor to summarise assessment outcome/write report
• Time of the closing meeting with suggestions of personnel to attend
• Time for breaks to review interview material
• Comfort break requirements.
The assessor should ensure that the duration and sample sizes are correct and in accordance with the Lexcel assessment duration guidelines. Any deviation must be
approved by the accreditation office before the assessor arrives on site.

It is compulsory for every office and department area to be included in each assessment. The assessor must go onsite at each office. There are circumstances when
it may be impractical to physically visit each office. If the department and assessor believe there may be a good reason for conducting telephone interviews and
reviewing documentation remotely, then they must contact the accreditation office for approval prior to the assessment. It may be possible to agree to vary the
standard approach in advance of the assessment.
If there are concerns that the duration guidelines do not allow sufficient time to interview a sample of personnel from each department area, the assessor must contact
the accreditation office prior to the assessment to discuss the issue. The accreditation office will consider then issue a decision on the request.
File selection
The department should only be made aware of the files that will be reviewed at the opening meeting. At an initial assessment the assessor should ascertain the date
the department became Lexcel compliant and select files from this date forward.
The assessor should request a matter list for the personnel that they have selected to interview and select the majority of their file sample from these lists. The
assessor should take steps to ensure that if the fee earner has a range of work that the sample includes a file from that range. For example, if the person focuses on
contentious and non-contentious employment work then the assessor should see a file from both disciplines.
Within the file sample there should also be a selection of files that demonstrate the departments ability to deal with high risk matters, complaints and undertakings.
These files should be selected on-site following the review of the risk management, complaints handling and undertaking information.
Closed matter
The assessor should check with the department whether or not closed matters are held at the department’s premises or off-site. If the files are held off site then the
assessor should inform the department of the closed files they wish to audit to ensure that they are available at the assessment. Assessors only need to review the
closing elements of the Lexcel requirements when they audit the closed files.
Electronic files
If a department has electronic matter files then the assessor should be given access to the files, either directly or via the fee earner if confidentiality is an issue. It is
not necessary for the department to have paper files for Lexcel purposes but electronic files must meet all the Lexcel requirements.
6 - On-site assessment

Opening meeting
The assessor should invite the department’s key management personnel to the opening meeting. It is undesirable to conduct the opening meeting with the Lexcel
contact alone as it is important that the department appreciates that all personnel have a responsibility to ensuring compliance with Lexcel and that full compliance
can’t be left to one person. The opening meeting is an opportunity to explain the methods and intentions of the assessment process.
Personnel to request for an in-house department opening meeting:
• Head of legal or legal director
• Department director or manager
• Lexcel champions or team leaders
• Person(s) with responsibility for risk, compliance and complaints.
In addition to the above, assessor should ask if any management level representatives from within the parent organisation (external to legal) wish to attend.
Format and expectations
Assessors must ensure that the department fully understands the assessment plan and all possible outcomes. As the vast majority of departments have non-
compliances, this helps to manage the department’s expectations from the outset.
It is the assessor’s responsibility to direct the meeting in a timely manner. Assessors should ensure there is a clear understanding of what will happen and be required
during the assessment. The meeting should also encourage questions and interaction with the department’s personnel as this is an ideal time to enable any
uncertainties to be raised then answered or resolved before the assessment starts.
During the meeting, the assessor should inform the department which files they have selected to audit. This will enable the department to obtain the files for the
assessment in sufficient time.
Documentation
• Files
The assessor should assess the files in advance of interviewing the fee earner. This will allow the assessor to focus their questions during the interview and reduce
the interruption and cost to the department.
For example, if the client care letters are fully compliant when the file reviews are undertaken, there is little value in asking the fee earner about the information they
give to clients at the outset of matters.

Assessors should undertake the file reviews without the fee earner whenever possible as one of the tests of a well managed file is that the information is readily
available. If the fee earner has to be present to explain where information is to be found, the assessor will need to question whether the file is well managed file and
therefore compliant.
Assessors should only review the files with the fee earner if client confidentiality is an issue as set out in section 6.
The assessor should use the Lexcel case management checklist provided by the accreditation office as this will ensure all the relevant requirements are included in
the file assessment. Completion of this form is not mandatory but assessors must produce and keep a clear record of the information assessed.
Assessors can be asked to produce notes from an assessment by the accreditation office. Failure to produce information relating to file reviews may invalidate the
assessment report which can have negative impacts on an assessor, assessment body or their client.
Please note: assessors do not need to submit these notes with each assessment report unless requested by the accreditation office.
• Central records, plans and annual reviews
The assessor should check that there is documentation to verify that the annual reviews have taken place of all policies. Assessors must seek evidence that plans
exist and have been reviewed. Central records will also need to be verified.
• Interview questions
It is vital for assessors to ask a consistent set of question across the department to evaluate compliance against the Standard. This will enable an overall review to be
completed against similar, if not identical, questions.
Assessors can be asked to produce notes from an assessment by the accreditation office. Failure to produce information relating to interviews may invalidate the
assessment report which can have negative impacts on an assessor, assessment body or their client.
Audit trails
Audit trails may arise as a result of documentary reviews or interviews that the assessor undertakes. Assessors are expected to follow audit trails to their conclusion
in order to substantiate that each requirement of the Standard has been met.

Lexcel Guidance For In-House Practices

Uploaded by

Copyright:

Available Formats

Lexcel Guidance For In-House Practices

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lexcel Guidance For In-House Practices

Uploaded by

Copyright:

Available Formats

Lexcel England and Wales v6.

PART ONE - GUIDANCE AGAINST LEXCEL STANDARD REQUIREMENTS ............................................................................................................... 4

PART TWO - PRACTICAL GUIDANCE ......................................................................................................................................................................... 41

© The Law Society 2018 Version: June 2018 Page 2 of 51

General guidance Guidance is a general comment

Internal clients Guidance is applicable for departments with internal clients

External clients Guidance is applicable for departments with external clients

© The Law Society 2018 Version: June 2018 Page 3 of 51

PART ONE - GUIDANCE AGAINST LEXCEL STANDARD REQUIREMENTS

General guidance notes

Requirement c. the services the department wishes to offer

General guidance notes

© The Law Society 2018 Version: June 2018 Page 4 of 51

Guidance notes by type of client

Internal clients External clients

© The Law Society 2018 Version: June 2018 Page 5 of 51

General guidance notes

Guidance notes by type of client

Internal clients External clients

© The Law Society 2018 Version: June 2018 Page 6 of 51

General guidance notes

© The Law Society 2018 Version: June 2018 Page 7 of 51

General guidance notes

General guidance notes

© The Law Society 2018 Version: June 2018 Page 8 of 51

Requirement 2.3 The department should have a time recording procedure.

Guidance notes by type of client

Internal clients External clients

Guidance notes by type of client

Internal clients External clients

© The Law Society 2018 Version: June 2018 Page 9 of 51

General guidance notes

© The Law Society 2018 Version: June 2018 Page 10 of 51

General guidance notes

© The Law Society 2018 Version: June 2018 Page 11 of 51

Data subject access

Data breach notification

Data protection training

DPIAs and data protection by design and by default

Data retention timescales

© The Law Society 2018 Version: June 2018 Page 12 of 51

General guidance notes

© The Law Society 2018 Version: June 2018 Page 13 of 51

Requirement a. the scope of permitted and prohibited use

General guidance notes

© The Law Society 2018 Version: June 2018 Page 14 of 51

Requirement and should include:

Guidance notes by type of client

Internal clients External clients

© The Law Society 2018 Version: June 2018 Page 15 of 51

General guidance notes

General guidance notes

The policy should address key issues, such as:

© The Law Society 2018 Version: June 2018 Page 16 of 51

• consequences of breaching the policy; and

Guidance notes by type of client

3.7 The organisation or department must have:

General guidance notes

© The Law Society 2018 Version: June 2018 Page 17 of 51