From: Small Firm Innovation, October 2013
Every law firm needs a disaster recovery plan, because "disaster” is not a question of if, but rather of when – only the type, timing and dimensions are unknown. A catastrophic storm, a burst water pipe, a computer system meltdown or a data security breach are disasters that can mean an unprepared firm’s demise. A disaster recovery plan ensures survival, and is essential even if never used. The U.S. Department of Labor estimates over 40% of businesses never reopen following a disaster, and at least 25% of the ones will close within 2 years. Few if any of these companies had a disaster plan.
Before creating a plan, take four steps to build the framework that will make a plan possible:
- Review each practice area in the firm separately, ask how long it can afford to be "out of business” and what resources it would need to get up and running.
- Assume a widespread disaster, one that can wipe out cell phone coverage or destroy files kept offsite but still nearby. A widespread disaster also will overwhelm the the local disaster recovery infrastructure, from extra office space to temporary staffing.
- Think outside your local area. Geographically dispersed firms with multiple offices can in principle provide service and office space backup. Small firms or sole practitioners can create relationships with peers in other cities, using Bar Associations as a resource
- Take off the organizational blinders. Don’t be so focused on accounting and technology backups that you neglect conflict files or personnel records. Any of these files may be password protected, and there should be multiple repositories for those passwords.
Creating an effective plan takes acceptance, involvement and suport from a broad crossection of the firm. All key stakeholders and leaders must provide their full support; without an investment in the plan’s creation, they won’t push for implementation. Do not create a large, unwieldy group to develop the disaster recovery plan. Instead, have a small task force, populated with people who have power to make decisions. Make the group as diverse as it can be, and to show its work is important pay participants extra compensation, give them resources and treat them with respect. Evolve toward complex solutions but don’t start with them. Look for initiatives that can be implemented quickly and have a high likelihood of success as the best way to build momentum for full acceptance.
No matter how good a disaster recovery plan is on paper, it must be regularly reviewed and tested to keep it viable. Senior firm leaders must support the plan, even with actions as simple as participating in drills. Getting everyone to take the plan seriously is the best way to ensure that it will work, and that the firm will survive, if and when disaster strikes.
