Many of the law firms and solicitors practices that I work with have no in-house CIO, and as such sometimes I find that the senior partners are incorrectly reassured by the presence of an IT disaster recovery plan that was perhaps put together some years ago and has sat in the fireproof safe ever since. This is a myth that I wanted to expel, as unfortunately, my experience is that this document needs to be constantly evolving, as our use of technology in the industry has moved on apace, and what was an acceptable recovery plan a couple of years ago may now be totally inadequate. In addition, our systems are constantly changing, with software updates and security fixes being installed on a regular basis, all of which can impact on the technical success of a recovery. So in order to ensure ongoing compliance and relevance, I always recommend to the Partners of law firms that we work with to continually re-assess and test their plans around resilience, backup and disaster recovery, against the operational needs of their firm and regulatory compliance requirements. Some points to consider would include:-
With ever increasing regulatory and market-driven pressures, the advancement of technology and changes to working practices, coupled with constantly evolving cyber security threats , my experience is that the disaster recovery plan needs to be a living, breathing document that is constantly reviewed and re-assessed to reflect the changing landscape in which law firms operate.
If you would like help with reviewing or testing your disaster recovery plans to make sure that they meet your current regulatory and business requirements, please do not hesitate to contact me on (01494) 444065 or email firstname.lastname@example.org