ILTA>ON: Redesigning the ARK – BC/DR plan review and improvements
2020 has been a year filled with disasters. Pandemic, floods, riots, hurricanes, murder hornets, the list goes on. Hosted by lead trial attorney and civic leader Johner Wilson III, this question and answer style discussion saw FisherBroyles partner Adriana Cara, VP & Industry Security Strategist at eSentire Mark Sangster, and Chief Information Officer at Perkins Coie Rick Howell, come together to consider business continuity and disaster recovery plans. The group presented their own strategies, discussed ways that others may be able to rethink their plans and provided some coverage on how the legal industry has been influenced by Covid-19.
Howell first presented his philosophy on and approach to disaster recovery, emphasising that he adopts what is essentially a business continuity plan. There are going to be interruptions and the starting point is understanding what the firm’s business needs are, and what services the firm needs to deliver both to internal customers – partners, and external partners – the clients. That starts by doing interviews to understand what outcome each business unit is looking for and what the sensitivities to disruption are. “When we begin to work with each of our business units, it’s ‘what services are you delivering that are client facing, and what services do you need that are coming internally to you?” said Howell. “What is the amount of time you can go without that service, and what is your recovery point; how much information would you have to recreate in order to still meet your client needs?’”
He adds: “Once we understand that we have a deep understanding around who does that work today. Most of what we find for business continuity is ensuring that people can deliver the service and legal advice they need to deliver.”
Following this, Howell works with the business units such as finance or HR, where they state what they need to do to alongside legal practitioners in the delivery of particular services.
This is what Howell refers to as ‘aligning the ecosystem’, a process which allows you to then decide where to invest in the technology stack from an infrastructure perspective: what needs to come up first and what can wait. This allows an effective deployment of sometimes limited resources and is part of an ongoing a continuously updated plan that will never stop.
Howell says that you should have a regular cadence to your plan which allows those who live the plan and will execute it to be engaged with it. Once a year, Perkins goes through a third of its offices and practice groups, who have to sit down and do their table top. On top of that he proposes that it should be revisited at any instance of changes to your environment. That might be a new hire, or where someone leaves a key role, or a new piece of technology is introduced, then you should revisit the disaster plan as these factors may influence the service that is being provided.
“That’s the hard part, and that’s the commitment,” Howell says. It is a process that begins with ensuring that you are committing sufficient resource, including carving out or allocating time from peoples’ jobs to ensure that there is direct responsibility for this. Perkins finds success in building it into the onboarding process: onboarding people and technology. The playbooks for those have a business continuity process.
However, you should also run a business continuity programme with your partners annually to look at how well the playbooks worked and what do we want to adjust.
When asked about the biggest challenge that he has encountered in this pandemic, Howell replied: “For us the challenge was how do we re-shift and flatten our own support curve to recognise that everyone’s habits are going to change, we needed to as an organisation adjust to say, those of you who will need the time in the morning to get your kids situated for school that’s ok, those of us who will be early risers we will have people there for you, those of us who will be late night people, we are going to have to flatten out how we do support in the industry to do that and be very intentional about from top to bottom in the leadership.”
Adriana Cara put forward her ideas on the ways in which the legal industry has had a change in philosophy because of Covid-19. Cara notes that fundamentally, law firms have had to rethink the office, with the building replaced by any space where an associate or partner can conduct their business, and at least somewhat in a virtual setting. Cara also notes issues in training associates, having been an associate herself, Cara points out that often a personal touch is needed to train an associate in some of the nuances and interaction with partners. However, she does suggest investment in programmes such as Microsoft teams as a potential way around this issue.
“Any firm that wishing to stay competitive, will more than likely change the way they operate,” Cara said. Whilst she doubts that all firms will become cloud based, Cara thinks they will consider operating in a hybrid manner, advocating that firms should invest in the technology and infrastructure which will allow them to operate in a similar future scenario.
Mark Sangster briefly built upon the ideas presented by Howell regarding prioritisation, but in the context of IT systems in a business. Here he advised that you should consider what is mission critical, typically things like customer facing portals or document management systems alongside some security tools. These should be prioritised when getting IT systems back up and running during a disaster recovery plan, whilst ‘less critical’ aspects such as marketing tools can wait.
When it comes to client relationships without face to face meetings, Sangster said that besides video conferencing, we should also consider other forms of communication, such as texting and chat rooms. However, in doing so, we should consider the regulatory issues, such as do we have clean backgrounds which do not reveal important information on whiteboards for example. Are we able to manage the tech to avoid events such as zoom bombings, or a crossover of clients into one call where confidential information may be being discussed.