Lex Sentry is a managed security and compliance practice built exclusively for South African law firms. We safeguard attorney–client privilege and operationalise POPIA, FICA/FIC, the Cybercrimes Act, and LPC obligations — so your firm can practise without pause.
Your matter files, trust account credentials, payment instructions, and client privilege carry asymmetric value to attackers. Business email compromise on a single transaction can wipe out a deposit in minutes. POPIA and FICA enforcement is no longer hypothetical — the Information Regulator and the Financial Intelligence Centre are actively investigating and inspecting firms.
Spoofed email instructions diverting deposits and bond payments away from the trust account — the single largest source of attorney-related theft losses in South Africa.
An encrypted matter management system halts billable work, exposes privileged communications, and triggers a notifiable security compromise under POPIA s22.
POPIA fines up to R10 million and imprisonment up to 10 years, plus FIC administrative penalties for accountable institutions — with personal liability for the Information Officer.
Lex Sentry operates as your outsourced security and compliance function. We deliver continuous protection across endpoints, email, identity, and data — with reporting templated for the LPC, the FIC, your Information Officer, and your professional indemnity insurer.
Continuous monitoring across endpoints, M365, and Google Workspace. Analyst-led triage, threat hunting, and incident containment with response SLAs aligned to the Cybercrimes Act 72-hour notification window.
DMARC, DKIM, SPF hardening; impersonation detection; out-of-band verification protocols for trust account instructions. Designed to neutralise the BEC tactics that target attorney trust-account transfers.
Information Officer support, data mapping, lawful-basis registers, operator agreements, PIAs, and breach-response playbooks. Built to evidence your "reasonable measures" obligation under POPIA s19.
For attorneys as accountable institutions: Risk Management & Compliance Programme (RMCP), FIC registration and goAML reporting, customer due diligence, beneficial-ownership records, and suspicious- and cash-threshold transaction reporting — with the dated audit trail the Financial Intelligence Centre expects on inspection.
MFA enforcement, conditional access, privileged-account vaulting, and joiner-mover-leaver workflows for partners, associates, candidate attorneys, and counsel. Audit trail preserved for LPC inspections.
Immutable, encrypted backups of matter files and accounting records. Tested ransomware recovery runbooks. Continuity planning aligned to the LPC's record-retention rules and PI insurance covenants.
Quarterly, role-relevant training for fee-earners and support staff. Simulated phishing campaigns with reporting that satisfies POPIA's "training as a reasonable measure" interpretation.
Generic security frameworks aren't designed for your obligations. Lex Sentry's compliance programme is mapped directly to the laws, codes, and guidelines that govern your practice — and produces the evidence the regulator, the FIC, and your auditor will ask for.
Our onboarding programme moves a firm from undocumented exposure to a fully monitored, regulator-ready posture — typically within ninety days. After go-live, we operate as your standing security and compliance team.
Confidential assessment of your current security posture, data flows, trust account workflows, and regulatory exposure. Delivered as a privileged report.
Prioritised plan with clear ownership, sequencing, and budget. Quick wins in weeks one to four; structural controls staged through ninety days.
Deployment of monitoring, identity, email defence, and backup systems. Information Officer support, policy library, and operator agreements activated.
Continuous SOC monitoring, monthly reporting to your management committee, quarterly compliance reviews, and on-call incident response.
An attorney's information is the lifeblood of the practice. Safeguarding it is no longer optional — it is professional duty.
A ninety-minute discovery conversation with a Lex Sentry principal. No obligation, no sales pressure — a candid assessment of your firm's exposure and the practical next steps. All discussions are conducted under non-disclosure.