 |
Business Continuity -
an easy solution...
Over the last few years, the modern law
firm has become increasingly reliant on
its IT systems to a point where many are
now wholly dependent on their proper
functioning in order to operate. Can you
imagine a day without access to your
case management and accounting systems,
a few hours without your email and DMS,
a minute without your BlackBerry?
The collateral damage of a disaster, IT
failure or outage can stretch way beyond
inconvenienced staff and lost
productivity to putting cases,
reputations, relationships and even
commercial futures in jeopardy.
Up to now, the risk-conscious and
operationally astute have taken steps to
address the challenge of business
continuity: from the basic precaution of
regularly auditing back-up tapes to more
complex arrangements involving
replicated data and servers in separate
locations e.g. branch office or third
party provider. The rigour and fitness
of those strategies may vary wildly but
some action has to be better than the
‘shall we, shan’t we?’ equivocation that
still afflicts many firms when
considering investment in business
continuity.
Except there can be no more
equivocation. With the arrival of the
Code of Conduct’s Rule 5 and Lexcel v4,
not only is business continuity now a
mandatory discipline within a firm but
one whose plans must be subject to an
annual review. It is not designed as a
box-ticking, ‘fit and forget’ exercise
but as a proactive, evolving and
continuously evaluated means to protect
the practice and its clients.
IT failure or damage to installations is
cited as a risk area and therefore that
risk has to be managed. Lexcel adds to
that by specifying best practice, which
includes an evaluation of potential
threats and the likelihood of their
impact; there is a way to reduce, avoid
and transfer the risk; and processes for
testing, checking and re-evaluating the
plan. So firms have their direction, now
they need to comply. But how best to do
that?
If you work on a worst case scenario
basis, you will never be under-prepared
but you may have to accept that you will
be investing in a fall-back that may
never get used to its full extent. So
think damage, disconnection and
dislocation and what are your options?
Servers on standby at another location
where back-up tapes can be taken and
uploaded is reasonably cost-effective
and simple but may not be sufficiently
flexible if staff need to work from a
number of remote locations. A better
option for those with branch offices
would be the replication of data to
another site; this would involve more
servers, with data sent across the
network in real time and that site
serving as a duplicate of the main
server. Staff could then decamp to that
office or if it was just an isolated
server failure, they could remain in
situ but utilise the other server.
The trouble with the DIY approach is
that, as we’ve noted above, it may be
overkill. What actually happens is
nothing like as bad as you’ve planned
for or worse, is a real curve ball that
you couldn’t have seen coming and is
consequently not catered for. So there’s
a strong possibility that a heavy
investment (in time, money, equipment
and resources) might never see any real
returns. Ideally, you want to cover
yourself against all eventualities but
you don’t want to pay to protect against
every permutation of disaster - you want
what you need when it happens and to pay
only for that.
Outsourcing all or part of the IT
solution is a most affective route to
introducing Business Continuity and
Disaster Recovery facilities to the
Firm. Data encryption, replication and
resilience should be standard within an
outsourced solution. Backing this up,
the hosting supplier should be expected
to provide Disaster Recovery facilities
through the implementation of multiple
server farms. These are then connected
by robust communications, in order to be
able to offer disaster recovery services
through immediate synchronisation of
data over disparate locations.
Particular benefits can accrue as these
capabilities apply to mobile users and
those working from home. Strong SLA’s
ensure that system and user availability
provides up time expectations of 99%
plus. It’s a real route one for
compliance but then business continuity
shouldn’t be seen as just a means of
conforming to the rulebook: it’s
fundamental to commercial best practice
and operational integrity – getting it
wrong is just too high a price to pay.
If you would like any further
information on any of the issues
discussed or would like to know how
e-know.net can help your Firm,
please call us on 01952 236236
or email
michael.pickford@e-know.net.
|
|
