It’s budget time in the legal services industry and decision makers everywhere are hashing out the details of their plans. How much should your firm earmark for disaster recovery and business continuity? In my last post, I emphasized why now is the time to prepare for the worst. In this post, I’ll offer some guidance on what to factor into your planning.
As you know, disaster recovery (DR) deals with catastrophic interruptions, for example, if all your servers are destroyed by a hurricane or a terrorist attack. Business continuity (BC) deals with temporary interruptions to your technology systems. For example, it addresses what happens when the Internet goes down or if the office building loses electricity for a day or two. Both necessitate a plan. That’s the only way to help ensure that the firm can continue to do business and bill clients should either type of interruption occur. Where should your firm begin?
Understand your vulnerabilities
The first and most important step in planning for DR/BC is knowledge. Before you can fully assess your needs, you must understand your vulnerabilities. Many firms don’t fully appreciate how crucial it is to secure the firm’s data and how important it is to be able to quickly recover. Earlier in my career, I was a consultant in the financial services industry focusing on database administration. I experienced the frenzy of recovering an entire data center that disappeared on 9/11. Without a doubt – the threats are real and being prepared helps minimize the impact on your business.
Understanding your vulnerabilities comes with an understanding of internal and external threats, and an assessment of your ability to deal with those threats. Without this basic understanding, the potential risks associated with being under prepared cannot be fully appreciated. In many cases, gaining this understanding requires a change in culture. Achieving a change in culture requires training – either offered by a third-party consultant or an informed member of your IT team.
Assess your readiness
Every firm is at a different level of readiness. Meeting with a security advisor can help you assess if your level of readiness is adequate. Some firms have no procedures in place. If not, the advisor can help the firm develop procedures based on the firm’s specific hardware/software setup, recovery objectives, and BC needs.
If the firm has policies in place, an advisor can assess the policies to verify that the planned recovery is adequate to handle DR for complex software architectures. Every application is different. The firm’s internal IT team may not necessarily know every application as well as an external consultant. If no plan exists, an advisor can recommend the best path forward based on the firm’s objectives and operating environment.
Create a test plan and run it
Large firms typically have DR/BC plans but do not test them regularly. Smaller firms usually rely on colocation data center providers or ignore the issue altogether. Others look for cookie-cutter solutions, not realizing that many legal applications have very unique recovery scenarios.
Whether the firm is large or small, the reality is your recovery is only as good as your last recovery test, or possibly worse. If you’re not testing at least annually, you’re either going to spend a lot more money recovering your information than necessary or you’re not going to recover all the data you need to recover.
An advisor can develop test plans and help conduct those tests to assure that the procedures are valid, adequate, and up to date. The benefit of working with an outside consultant is that the tests can be run during downtime at the firm. A member of your internal IT team may not want to work over a long holiday weekend to perform DR/BC tests. An outside consultant will.
For assistance in assessing your DR/BC readiness, call on Wilson Allen. We have an experienced team of legal IT professionals who can help you tackle the most complicated DR/BC scenarios. Contact us to schedule up to 60 minutes of no-cost consulting to assess your readiness.