Please select an article or news story from the list on the left.
Business Continuity
- taken from the Law Society Gazette, October 2007
Risk management and business continuity apply to all firms irrespective of size, location and work-type. And what, for years, has been commercial common sense is now mandatory for solicitors following the introduction of the new Code of Conduct.
A business continuity programme needs ownership by the management of the firm. It also needs dedicated time and resources to develop, test, monitor and amend process and procedure and, along with customer relationship management (CRM), become a culture and way of life.
Vanessa Shenton of The Compliance Partner consultancy explains why this is now so important for law firms. As part of the 'arrangements for the effective management of the firm', rule 5 of the code requires principals to provide for the continuation of the practice of the firm in the event of absences and emergencies, she says, with a minimum interruption to clients and business, and the management of risk.
Principals will need to ensure supervision continues when people are absent, or even if key staff die or are permanently disabled. Risk management arrangements should extend beyond risks of professional negligence claims, potentially including IT failure or abuse or damage to offices.
'With the emergence of a new BSI standard dedicated to business continuity, and the Lexcel quality mark now including business continuity as a mandatory requirement, this subject is one which firms should consider, not only as a matter of compliance but also of good practice if not business survival,' Ms Shenton says.
The next certainty is that business continuity will not be achievable without the use of IT. If any of the following were suddenly unavailable, how your firm would cope is down to how well prepared it is: case and matter management for Lexcel or best practice standards, client letters, estimates, billing, money laundering, credit limits, profitability, collections, work in progress triggers, management information about own fee-earner performance and client true value across all matters, CRM, HR systems, files and locations management, deeds and wills filing and location management, email archiving, client access, home working and so much more.
There is always a new risk that could bring down IT systems.
Preventative Measures
There is a host of IT options available for firms of all sizes, and it is an excellent time for all firms to consider these. Starting with communications costs are now more competitive following deregulation with services from BT, its wholesalers and competitors. The introduction of virtual private networks and others incorporating thin-client technology, ADSL back-ups and prioritising data in transit are a good start to enhancing business continuity. It is a very good time to look at communications contracts and alternatives.
For the management of in-house databases, again the options are multiplying and becoming increasingly cost-effective. The following pointers should help any law firm build better disaster recovery and business continuity:
Ensure your back-up routines are effective and being done; check and audit, dont assume. Test they can be restored on a different machine to the one that created them;
In the case of a server failure, be aware of the procedures and timeframes involved in configuring and installing a replacement, and making the backed-up data live again, and have an agreed process for catching up work;
Get your IT team or supplier to confirm that your system configuration can be restored in an acceptable timeframe. Set the standards for recovery of the website, email, the accounts system, time recording and case management;
Ensure that you have back-up power supplies that can maintain your system sufficiently in the event of a significant power cut; and
Consider the installation of a storage area network (SAN). A SAN should increase uptime and performance of main processing. Prices have reduced considerably over the past few years and can be a small price to pay compared to downtime.
Any of the above, unaddressed, could be a point of failure, although effects can be mitigated by having a SAN. After events in the UK in the past few years, we now have to consider catastrophic situations and service-level needs. In this case, there are now a whole range of options coupled with enhancements in communication systems available:
The simplest, cheapest and least effective option would be to have configured servers on standby at another site so that back-up tapes can be transported and uploaded and connectivity restored;
A big improvement would see data replicated to another site belonging to the firm. This involves servers at the other site, and data sent across the network in real time and being a duplicate of the main server. In the event of catastrophe, then users have their PCs and laptops pointed at the alternate site;
Data can be replicated to third-party disaster recovery sites where the firm has its own servers housed, managed by the disaster recovery company with a guaranteed availability of desks for key workers identified in the continuity plan; and
Data can be replicated to a managed service provider (MSP). These are large organisations operating 24 hours a day which receive replicated data and maintain it on behalf of the law firm and can serve this data if necessary. A number of large firms use this and their internal IT team audits the performance of the MSP on a regular basis.
How Outsourcing Can Help
This last is similar in nature to a method potentially very useful and cost-efficient for medium to small firms outsourcing. Decide on the service levels needed for performance and disaster recovery, and get an application service provider (ASP) or MSP to host your servers and manage your network. Reduce the IT team and allow those who remain to add value to the firm and client support, and focus on the training of users in applications.
Let the ASP guarantee performance, monitor and manage the network, the web and necessary security, and interface with application providers and support users in the office or at home. Billing can be monthly and extra staff costs predictable. ASPs and MSPs come in a number of guises and with experience in the legal sector.
Philip Mitchell of London firm Finers Stephens Innocent, a practice whose plan is kept and updated on an outsourced web-based service says 'small firms may struggle to implement effective business continuity management schemes due to the cost and manpower requirements'. From Mr Mitchells perspective, the key elements are 'planning, reviewing and testing the management processes'. The firm is advancing to an online back-up at its data recovery centre for all servers to make recovery more straightforward, and it is considering the installation of a SAN to enhance resilience in-house.
Depending on circumstances, I have seen the cost of this alternative to be at least cost-neutral or even beneficial, as well as removing a big headache.
Case study - Pannone is ready for anything
The Manchester firm takes business continuity extremely seriously.
Pannone is a full-service Manchester law firm with more than 300 solicitors and over 700 staff in total. It has taken the subject of business continuity very seriously for many years it has been an extension of commercial common sense in the protection of its business, is an extension of best practice and has been of increasing importance to clients of all shapes and sizes for a number of years.
Pannone commissioned a dedicated disaster recovery site in 2005, designed to allow 100 key workers to transfer offices and start working two hours after a disaster stops work. If the disaster looks to be long term, within a short period connectivity can be created for the rest of the firm from other sites or from employees' homes.
Andrea Cohen, previously a partner in commercial litigation at the firm, is business continuity co-ordinator and training partner. She sits on the firm's management team in this role. The role is broad, covering all aspects of business continuity, and Ms Cohen continuously updates plans, co-ordinates testing and organises regular induction and training. There is full buy-in from partners and department heads for business continuity, and compliance tasks and business processes are mandated throughout the firm, as is education. This stimulates the understanding of risk management, which is complemented by best practice, business performance and enhanced client relationships.
Pannone's data is held on a SAN. The SAN is then replicated in real time to the disaster recovery site, so all databases and files are available in a separate and secure location over a mile away from the city centre.Ms Cohen says that, for any firm, business continuity is a major task. She also recognises that many smaller firms have a lot of catching up to do and many are without continuity plans.
Ms Cohen believes that the Solicitors Regulation Authority has the power to ensure compliance and smaller firms have to get started, firstly by writing down what they do and then asking for advice along the way when the authority visits. Start with the little things, she says, by securing file storage, having staff records available and lists of who to contact in case of emergency, as well as ensuring that IT back-up routines are adhered to (including the testing on or restoration of different servers).
Click here to view the Business Continuity Article (PDF)
Business Continuity
- taken from the Law Society Gazette, October 2007
Risk management and business continuity apply to all firms irrespective of size, location and work-type. And what, for years, has been commercial common sense is now mandatory for solicitors following the introduction of the new Code of Conduct.
A business continuity programme needs ownership by the management of the firm. It also needs dedicated time and resources to develop, test, monitor and amend process and procedure and, along with customer relationship management (CRM), become a culture and way of life.
Vanessa Shenton of The Compliance Partner consultancy explains why this is now so important for law firms. As part of the 'arrangements for the effective management of the firm', rule 5 of the code requires principals to provide for the continuation of the practice of the firm in the event of absences and emergencies, she says, with a minimum interruption to clients and business, and the management of risk.
Principals will need to ensure supervision continues when people are absent, or even if key staff die or are permanently disabled. Risk management arrangements should extend beyond risks of professional negligence claims, potentially including IT failure or abuse or damage to offices.
'With the emergence of a new BSI standard dedicated to business continuity, and the Lexcel quality mark now including business continuity as a mandatory requirement, this subject is one which firms should consider, not only as a matter of compliance but also of good practice if not business survival,' Ms Shenton says.
The next certainty is that business continuity will not be achievable without the use of IT. If any of the following were suddenly unavailable, how your firm would cope is down to how well prepared it is: case and matter management for Lexcel or best practice standards, client letters, estimates, billing, money laundering, credit limits, profitability, collections, work in progress triggers, management information about own fee-earner performance and client true value across all matters, CRM, HR systems, files and locations management, deeds and wills filing and location management, email archiving, client access, home working and so much more.
There is always a new risk that could bring down IT systems.
Preventative Measures
There is a host of IT options available for firms of all sizes, and it is an excellent time for all firms to consider these. Starting with communications costs are now more competitive following deregulation with services from BT, its wholesalers and competitors. The introduction of virtual private networks and others incorporating thin-client technology, ADSL back-ups and prioritising data in transit are a good start to enhancing business continuity. It is a very good time to look at communications contracts and alternatives.
For the management of in-house databases, again the options are multiplying and becoming increasingly cost-effective. The following pointers should help any law firm build better disaster recovery and business continuity:
Ensure your back-up routines are effective and being done; check and audit, dont assume. Test they can be restored on a different machine to the one that created them;
In the case of a server failure, be aware of the procedures and timeframes involved in configuring and installing a replacement, and making the backed-up data live again, and have an agreed process for catching up work;
Get your IT team or supplier to confirm that your system configuration can be restored in an acceptable timeframe. Set the standards for recovery of the website, email, the accounts system, time recording and case management;
Ensure that you have back-up power supplies that can maintain your system sufficiently in the event of a significant power cut; and
Consider the installation of a storage area network (SAN). A SAN should increase uptime and performance of main processing. Prices have reduced considerably over the past few years and can be a small price to pay compared to downtime.
Any of the above, unaddressed, could be a point of failure, although effects can be mitigated by having a SAN. After events in the UK in the past few years, we now have to consider catastrophic situations and service-level needs. In this case, there are now a whole range of options coupled with enhancements in communication systems available:
The simplest, cheapest and least effective option would be to have configured servers on standby at another site so that back-up tapes can be transported and uploaded and connectivity restored;
A big improvement would see data replicated to another site belonging to the firm. This involves servers at the other site, and data sent across the network in real time and being a duplicate of the main server. In the event of catastrophe, then users have their PCs and laptops pointed at the alternate site;
Data can be replicated to third-party disaster recovery sites where the firm has its own servers housed, managed by the disaster recovery company with a guaranteed availability of desks for key workers identified in the continuity plan; and
Data can be replicated to a managed service provider (MSP). These are large organisations operating 24 hours a day which receive replicated data and maintain it on behalf of the law firm and can serve this data if necessary. A number of large firms use this and their internal IT team audits the performance of the MSP on a regular basis.
How Outsourcing Can Help
This last is similar in nature to a method potentially very useful and cost-efficient for medium to small firms outsourcing. Decide on the service levels needed for performance and disaster recovery, and get an application service provider (ASP) or MSP to host your servers and manage your network. Reduce the IT team and allow those who remain to add value to the firm and client support, and focus on the training of users in applications.
Let the ASP guarantee performance, monitor and manage the network, the web and necessary security, and interface with application providers and support users in the office or at home. Billing can be monthly and extra staff costs predictable. ASPs and MSPs come in a number of guises and with experience in the legal sector.
Philip Mitchell of London firm Finers Stephens Innocent, a practice whose plan is kept and updated on an outsourced web-based service says 'small firms may struggle to implement effective business continuity management schemes due to the cost and manpower requirements'. From Mr Mitchells perspective, the key elements are 'planning, reviewing and testing the management processes'. The firm is advancing to an online back-up at its data recovery centre for all servers to make recovery more straightforward, and it is considering the installation of a SAN to enhance resilience in-house.
Depending on circumstances, I have seen the cost of this alternative to be at least cost-neutral or even beneficial, as well as removing a big headache.
Case study - Pannone is ready for anything
The Manchester firm takes business continuity extremely seriously.
Pannone is a full-service Manchester law firm with more than 300 solicitors and over 700 staff in total. It has taken the subject of business continuity very seriously for many years it has been an extension of commercial common sense in the protection of its business, is an extension of best practice and has been of increasing importance to clients of all shapes and sizes for a number of years.
Pannone commissioned a dedicated disaster recovery site in 2005, designed to allow 100 key workers to transfer offices and start working two hours after a disaster stops work. If the disaster looks to be long term, within a short period connectivity can be created for the rest of the firm from other sites or from employees' homes.
Andrea Cohen, previously a partner in commercial litigation at the firm, is business continuity co-ordinator and training partner. She sits on the firm's management team in this role. The role is broad, covering all aspects of business continuity, and Ms Cohen continuously updates plans, co-ordinates testing and organises regular induction and training. There is full buy-in from partners and department heads for business continuity, and compliance tasks and business processes are mandated throughout the firm, as is education. This stimulates the understanding of risk management, which is complemented by best practice, business performance and enhanced client relationships.
Pannone's data is held on a SAN. The SAN is then replicated in real time to the disaster recovery site, so all databases and files are available in a separate and secure location over a mile away from the city centre.Ms Cohen says that, for any firm, business continuity is a major task. She also recognises that many smaller firms have a lot of catching up to do and many are without continuity plans.
Ms Cohen believes that the Solicitors Regulation Authority has the power to ensure compliance and smaller firms have to get started, firstly by writing down what they do and then asking for advice along the way when the authority visits. Start with the little things, she says, by securing file storage, having staff records available and lists of who to contact in case of emergency, as well as ensuring that IT back-up routines are adhered to (including the testing on or restoration of different servers).
Click here to view the Business Continuity Article (PDF)