Assurix verification proves your IT provider meets security and operational standards every day, not just on audit day. Only four MSPs in the UK currently hold it. Labyrinth Technology is one of them.
Why most IT provider claims are hard to verify
Every IT provider makes similar promises about their security and compliance. The problem is that most of those claims are impossible to verify between annual audits. You take their word for it, and find out whether that word was good when something goes wrong.
Assurix was built to address that. It is an independent UK trustmark that monitors IT providers continuously, using live data from the tools they use every day. If a provider’s standards slip and are not corrected within 30 days, their certification is suspended. That change in status is reflected publicly in the Assurix directory.
What does Assurix verification cover?

The Assurix framework covers 68 controls across three areas, with more than 20 tracked in real time.
Cybersecurity
Aligned to the NCSC Cyber Assessment Framework 4.0, this area looks at security fundamentals: how software is kept up to date, how access to systems is controlled, and what happens when a security issue is identified. These are the controls the UK government is building its regulatory expectations around.
Operational maturity
This looks at how a provider runs day to day. It covers whether SLAs are consistently met and whether the processes a provider says they follow are actually being followed. It is the area where the difference between what a provider says and what they do becomes measurable.
Business resilience
This covers backup integrity and restore testing. For a law firm, this is what shapes how quickly you can get back to work after a serious incident and whether your data is genuinely recoverable when you need it.
How is Assurix verification different from ISO 27001?
ISO 27001 is a well-respected standard and worth holding. It is also an annual assessment. A provider can pass in January and let things slip by April, and nobody outside the business will know until the following year’s audit.
Assurix monitors controls live. The public directory shows the current certification status of every verified provider, so you are not relying on a certificate with a date on it.
Why does Assurix verification matter for your law firm?

The SRA holds your firm responsible for the security of its systems, regardless of who manages them. If your firm’s IT support falls below the standard needed and a breach occurs, the regulatory exposure sits with you.
Choosing a provider with independently verified, continuously monitored standards is a compliance decision as much as a commercial one.
What questions should you ask your IT provider?
Can you show me a patch compliance report from the last 30 days?
Any provider actively managing your systems should produce this without hesitation. Regular, documented patch compliance is a basic requirement, and a provider who cannot evidence it is not managing your systems as proactively as they should be.
When was a full restore last tested, and what did it cover?
Backup testing is not optional. Ask your provider for a documented record of the last restore test: what was covered and how long recovery took. If that record does not exist, treating it as a priority to resolve is worthwhile. You can learn more about what a proper backup and disaster recovery arrangement looks like on our services page.
How are your standards independently verified between annual audits?
This is the most direct question you can ask. An annual certificate tells you a provider met a standard once. Ask them specifically how their performance is verified in the months between assessments. If they cannot give you a clear answer, you are working on trust rather than evidence.
How Labyrinth Technology can help
Labyrinth Technology is one of only four MSPs in the UK to hold the Assurix trustmark. That status is publicly verifiable through the Assurix directory and remains valid only while the underlying controls are maintained.
Our cyber security services and outsourced IT support are built around the same standards Assurix verifies. If you want to understand what that looks like for your firm, get in touch with the team.
Most firms only discover their IT provider’s standards have slipped when something goes wrong. By then, the SRA review and the client conversation are already unavoidable. Assurix verification is one way to make sure you are not finding that out under pressure.





