Outsourcing Policy (Dec25)

Introduction

Outsourcing is an important area in legal service delivery. It is, essentially, a means of transferring responsibility for a business function to a third-party supplier through use of an outsourcing agreement and can be one of the most important commercial contracts for allowing the scaling of your business whilst keeping costs, such as recruitment, down. It allows a firm like ours to instruct other businesses to perform parts of our services or other business functions so that we can focus on the core aspects of our services. This increases efficiency and can reduce overheads and, as such, can be a significant cost-saving measure

However, whenever third parties become involved in legal services, we must have regard to the fulfilment of our regulatory obligations and the protection of our reputation.

Purpose

This policy aims to inform you about how we manage and monitor outsourced activities and who our outsourced providers are and of the standards expected from outsourced providers.

Scope

This policy applies to all staff, including managers, consultants and any third-party that it has been communicated to.

Responsibility

The COLP is responsible for this policy and for managing and monitoring all outsourced activities across the firm.

All of us (and any third-party to whom this policy applies) are responsible for ensuring that we comply with this policy when dealing with outsourcing activities. Any concerns must be reported to the COLP, without delay. Failure to do so may result in disciplinary action.

We must also bear in mind that the firm remains responsible for any work that is outsourced.  Outsourcing does not abrogate our regulatory responsibilities or our duties to the client.

What is outsourcing?

The Solicitors Regulation Authority (SRA) has stated that rules about outsourcing “are aimed at firms or in-house solicitors who use a third party to undertake work that the firm or in-house solicitor would normally do themselves and for which the firm or in-house solicitor remains responsible.”  These are examples of the type of activities which would come under that definition:

  • activities which would normally be conducted by a lawyer or paralegal (e.g. initial drafting of contracts, proofreading, research, document review, etc.);
  • legal secretarial services such as digital dictation to an outsourced secretarial service for word-processing or typing;
  • Companies House filing;
  • legal due diligence, such as in connection with the purchase of a company;
  • IT functions which support the delivery of legal activities;
  • business process outsourcing; and
  • bookkeeping/accounts. However, merely using an accountant to provide advice or finalise tax returns is not outsourcing.

What is not outsourcing?

Relying on third parties for the following would not amount to outsourcing and is not covered by this note.

  • Back-office functions such as:
    • cleaning;
    • call-answering;
    • office maintenance;
    • IT maintenance;
    • graphics and design;
    • branding activities; and
    • social media activities.
  • Using independent professionals such as:
    Instructing counsel, expert witnesses, accountants, process servers and costs draftsmen will not amount to outsourcing. These service providers do not perform functions which you would normally do within your firm and for which you remain responsible. Using self-employed temporary secretarial staff, or locum solicitors, who operate from your premises, under your management control, would also not normally amount to outsourcing.

Outsourced activities

We outsource the following activities, to the following providers:

  • IT Support – CB IT
  • Confidential Shredding – Shred Pro
  • Offsite Closed File Storage – Box-It

Agreements

All of our outsourced activities are subject to written contractual arrangements. These contracts stipulate the standards expected of the provider and the steps that the provider must take to ensure that they do not put us in breach of our regulatory obligations.

In particular, all of our providers must agree:

  • To allow the SRA to obtain information from, inspect the records of, or enter into the premises of, the provider, in relation to the outsourced activities or function;
  • to provide us with adequate opportunities to monitor the services provided and the ability to terminate the outsourcing arrangement, if that should be necessary;
  • not to do anything to try and affect our obligations to our clients (where applicable); and
  • to have arrangements to detect and deal with any conflicts of interest (where applicable).

We should also include appropriate provisions, in our standard client care letter(s) and terms of business, to inform clients that some aspects of our services may be outsourced.

Confidentiality and data protection

Outsourcing can create risks to confidentiality and data protection if the outsourced activities are not managed properly.

We cannot disclose confidential client information to outsourced activity providers unless we have the client’s consent. We will usually obtain such consent from clients at the outset of a matter through our client care documents. Or, if it is proposed that confidential client information should be provided to a provider at a later stage in the matter, the client’s consent should be sought through a clear form of authority.

In addition to this, we are obliged to take all necessary steps to ensure that the provider will keep clients’ information confidential. We require all providers to sign a confidentiality agreement as part of the main service contract and make enquiries into the technical and organisational measures that the provider has in place to protect confidential information. We also reserve the right to audit such measure at any time.

Risk assessments

Outsourcing arrangements can pose a range of risks to the firm and these risks must be considered before any final decision is made to outsource a particular activity, especially those that are critical to our delivery of legal services. Risks that are specific to outsourcing include:

  • The reputation of the outsourcing provider – it is necessary to investigate the background of the company and to establish reputation by suitable enquiry, including the taking of references, if necessary, reviews of the company’s systems for key concerns outlined below, such as security of data and protection of client confidentiality. Assurances are also required as to the qualifications and competence of those who will be undertaking the work and their supervision and ethical standards,
  • Our business – linked to the above, a failure to deliver on the part of an outsourcing provider poses a risk to our business in terms of reputation and negligence actions.
  • SRA compliance – outsourcing providers (particularly those providing services outside of the realms of traditional specialist services for law firms, such as counsel and experts instructed in litigation matters) may not be constrained by the same professional duties as solicitors.
  • Client care – outsourcing may not be in the client’s best interests, if for example there is a risk that it will result in us being unable to provide the expected standard of service. The firm remains responsible for the service overall, including the choice of outsourcing provider.
  • Confidentiality and data protection breaches – as outlined above, there is a risk that confidentiality and data protection requirements will not be complied with and information could be disclosed to third parties. The outsourcing provider’s data protection policies need to be aligned with ours.
  • Conflicts of interest – the limited number of outsourced providers increases the risk of the provider being involved in the same matter and possibly compromising our independence.

The COLP is responsible for ensuring that risk assessments, which address the risk areas outlined above, are undertaken before any outsourcing arrangement is agreed. The COLP will also ensure that the risk assessment is reviewed periodically and, in any event, not less than annually, to check that the level of risk has not increased and, if it has, to determine what action can be taken to reduce or avoid this risk.

Where appropriate, we may require and check that providers of outsourced services have suitable liability insurance.

Equality and diversity

The criteria for selecting an outsourced activities provider includes:

  • its reputation and history;
  • quality of services provided to other customers;
  • recommendations from reliable sources; and
  • any quality assurance and information security standards obtained (i.e. certified compliance with ISO 9001: 2015 and ISO/IEC 27001).

The selection criteria must comply with our Equality and Diversity Policy.

Quality of outsourced activities

We maintain a central record of all outsourced activities and the COLP is responsible for monitoring and updating this as appropriate.

We review the performance of all our outsourced activities providers periodically, or at least annually. The review is noted on the central record.

You are encouraged to report any feedback that you have in relation to a provider’s performance to the COLP as and when you form an opinion about the performance of the provider.

Review of this policy

This policy will be reviewed, at least annually by Timothy Halliday (COLP).

December 2025

Go Back
01538 755 761
Email Us

©eric-whitehead 2026. All rights reserved