LSSA - Legal Software Suppliers Associations

Code of Practice




LSSA represents Software Houses who develop original software specifically for the legal market in a substantial way or who are the sole distributors of such software.

Members agree to be bound by the Rules and Code of Practice of LSSA and to promote the highest standards of service.

In order to qualify for membership Applicants must comply with the Membership Procedures of LSSA and must:-

  • be developers or sole distributor in the UK of software for the legal market

  • be responsible for supporting their software in-house with a recognised hot-line/support department.

  • offer appropriate training and “consultancy” expertise to their clients.

  • have and maintain professional indemnity and product liability insurance adequate for the scope, value and volume of the business transacted

  • provide five relevant referees who have been users of their software for at least twelve months.

  • demonstrate two years continuous involvement in providing software for the legal market

  • provide such further information, including a bank reference, as may be required by LSSA from time to time.

  • undertake to comply with the Rules and Code of Conduct of LSSA in relation to all services supplied to the legal market.

  • continue to offer a significant service to the legal market



By adhering to the Code of Practice each Member undertakes to comply with the obligations set our below in order to promote the highest levels of service quality to the legal profession.

The Code of Practice will apply to all new and renewed contracts dated after the Member is elected to Membership of LSSA.

Failure to adhere to the Code of Practice or any part hereof is a disciplinary offence under the Rules of LSSA .


Members must:

  • inform customers of their membership of LSSA

  • inform customers of the contents of LSSA’s Code of Practice

  • inform customers of any material changes to LSSA’s Code of Practice

  • inform employees and subcontractors of the contents of LSSA’s Code of Practice

  • inform any distributor of the contents of LSSA’s Code of Practice

  • inform employees, subcontractors and distributors of any material changes to LSSA’s Code of Practice

  • ensure employees, subcontractors and distributors follow Code of Practice guidelines in all dealings with customers and other Members and provide satisfactory monitoring arrangements to ensure compliance

  • maintain professional indemnity and product liability insurance adequate for the scope, value and volume of the business transacted.

  • keep information relating to the customer’s business confidential

  • hold secure all passwords and other system safeguards from unauthorised parties

  • not obtain access to the customer’s computer system without prior permission and solely for the purpose of assisting the customer

  • ensure that ownership of any intellectual property and license terms are properly identified at the time of supply

  • not give any person a gift or other inducement for the purpose of influencing them in favour of the supplier

  • not without prior notice to the customer pay any commission directly or indirectly to any consultant or advisor appointed by the customer for business obtained

  • maintain Data Protection Act registration covering the scope of the business transacted

  • provide adequate training and ongoing support for their products.

  • give clear notice of the support arrangements to customers where bought-in components become obsolete.

  • maintain an Escrow or similar arrangement to enable its users to have access to the source code of their software in the event of a liquidation of the Member.

  • not make disparaging remarks or inaccurate statements relating to other Members or their products.

  • Act reasonably and fairly towards customers and other Members


Documentation and the setting of clear expectations

Members must:-

  • explore the customer’s expectations of the installation and document them adequately

  • provide the customer in writing with details of the actions only the customer can take before a contract is agreed

  • ensure that terms of trade clearly describe what is to be supplied, in what form and quantity and when.

  • ensure that terms of trade clearly describe limitations of use, ownership of intellectual property any transfer of ownership in the goods supplied, payment terms for initial and ongoing costs, warranties and any other conditions which may limit the customer’s freedom to use the products and services supplied.

  • ensure, where a system is provided under a lease or other financing agreement, that the customer receives the same information and service as a customer buying directly from the Member and that the Code of Practice is adhered to.

  • not undertake work or supply goods without first agreeing the terms and conditions of supply.

  • ensure, where goods or services are supplied on a time and materials basis, the contract contains a clear description of the work to be done with financial limits requiring written approval of the customer to exceed and also contains a clear statement of terms of payment

  • Provide any customer entering in to a Managed Service, Disaster Recovery or Business Continuity agreement with a Service Level Agreement which clearly sets out the agreed level of service to be expected as part of the contract, and clearly defines the roles and responsibilities of both parties

Where services are supplied by means of a hosted service

All Members must:-

  • Take all reasonable precautions to ensure the safety and integrity of customer’s data.

  • Make available to customers a copy of their data upon request, both during the term of the contract and at the point of termination either:

  1. So that a customer can download it themselves at any time as a standard function of the software, or
  2. By providing physical media upon request by the customer
  • Make clear in what format data will be supplied or made available for download.

  • Inform customers at the outset if they need to have particular software in order to read the data.

  • Where possible meet any request for provision of data in an alternative format to that offered and if possible agree to do so at a reasonable cost.

  • Enable data to be checked by the customer as long as they have the requisite systems to do so (which must be provided by the customer and at the customer’s cost).

  • Make clear to the customer that where data is supplied that it is their responsibility to check that they can read the data within 30 days of its supply.

  • In the event of termination make clear how long the data will be retained by them.

Members who provide customers with Physical media backups must:

  • Make clear at what cost (if any) and at what frequency requests for backups may be
  • Ensure that data is supplied in a reasonable time when requested
  • Supply the customer’s data at the end of the contract (in the agreed format) free of charge.
  • Ensure the safe transit of data between themselves and the customer.

Code of Conduct on releasing clients’ data to external authority such as Police, HMRC, etc under the provision of the Proceeds of Crime Act (covering data held in the UK only) under the following scenarios

  • Exposing data normally hosted at clients’ office but brought to Member by requestor
  • Exposing data by logging in to clients’ servers via remote access
  • Exposing data by logging in to clients’ data hosted by known third party based in UK
  • Exposing data hosted by Member
  1. Member must confirm identification of requestor
  2. Member must document request together with all dialogue surrounding the event, including why authority is not approaching client direct.
  3. Member must seek formal “Request for Information under Data Protection Act”. This should describe what data is being sought, from whom and why.
  4. Member should identify whether they have access to this data – if not report back and no further action is necessary.
  5. If yes, Member should consider whether they can seek permission from the client without “tipping off”
  6. If not, Member will need protection for breach of client confidentiality. Request a Court Production Order to release any data.
  7. Member should liaise fully with the requestor to agree the wording of the Court Production Order as only the data specified in this Order may be released.
  8. Once the Court Production Order has been acquired and a copy sent to the Member, they are free to release the data specified.

Code of Conduct on releasing data following an SRA Intervention of Members’ client.

  1. Request written confirmation from intervening practice of what has occurred
  2. Check with SRA Records Department that the intervention has taken place.
  3. Document everything.
  4. Release data according to your business terms.

None of the above covers cloud computing and Members must undertake their own due diligence as to the legalities of releasing such data.

Working relationships between Members

  • Where two or more members co-operate on a joint project they must:-

  • ensure that joint activities are performed to a satisfactory standard

  • assist in data transfer and conversion when a customer moves from one Member to another.

  • Following a written request detailing specific requirements the providing company will respond within 4 weeks of that request providing a price and timescale to carry out the work. If the parties are unable to agree on a timescale to carry out the work, LSSA will attempt to facilitate a solution if requested.

Where a dispute arises between members on a joint project they must:-

  • ensure the customer receives the quality of service expected.

  • resolve the dispute within a reasonable time or

  • refer the matter to LSSA for adjudication

  • accept the adjudication of LSSA


Complaints from customers in writing must be dealt with in accordance with the following timetable (unless otherwise agreed in writing with the customer):

  • acknowledge receipt of the complaint in writing within two working days

  • investigate the complaint and respond in writing within a further ten working days

  • undertake any remedial action to a time scale agreed by the customer and the Member or otherwise within twenty five working days of the customer’s acceptance of the remedial action.

  • Where the customer is not satisfied with the outcome of the complaint and the matter is referred to LSSA’s mediation system Members must:-

  • co-operate fully and promptly with any mediator appointed

  • abide by any award of the mediator agreed between the parties

  • comply with any undertaking given to the mediator within the time scale incorporated.