Ensuring that your firm meets compliance for business continuity and disaster recovery is no longer a matter of ticking a box. Outcomes Focused Regulation has brought a new approach to mitigating risk and there can be few risks as serious as your business grinding to a halt in the wake of an IT failure. Of the ten principles outlined in the SRA Handbook, Principles 5, 8 and 10 are all impacted by IT as these relate to: services to clients, risk management and protection of assets. As a compliant law firm you are required to:
- Provide robust systems that can handle the pressures of shifting work loads and demands;
- Deliver a cast iron guarantee to your clients that they won’t be affected by IT down time or mini-disasters (such as extreme weather) preventing your staff getting into work;
- Deliver failsafe systems for the handling of money and assets
There are also specific requirements for firms seeking quality kitemarks such as the Law Society’s Conveyancing Quality Scheme (CQS). Membership of the CQS establishes a level of credibility for firms with stakeholders based upon the integrity of the Senior Responsible Officer and other key conveyancing staff, the firm’s adherence to good practice management standards and adherence to prudent and efficient conveyancing procedures through the scheme protocol. This is where disaster recovery and business continuity (DR and BC) come to the fore.
Firms who have been awarded CQS accreditation must also have a proven DR/BC plan and procedures, whilst ‘proven’ means being able to demonstrate to the regulators that the plan will work.
Failure to do so puts the firm at risk of losing their CQS accreditation which may ultimately have serious consequences for membership of lending panels.
During 2013/14 CQS stepped up the number of desktop audits it carried out, with many coming mid-term and at short notice. As maintaining these new standards can be challenging for many firms, this is where the right hosted IT solution can help mitigate IT risks. Hosted service providers can deliver the necessary back up, recovery and continuity support by storing the law firm’s data, software and even hardware in dedicated ultra-secure UK based data centres.
Yet these providers must themselves adhere to the SRA’s principles and thus CQS, if you are to remain compliant. If you are considering a hosted solution, ask if the partner meets all the SRA requirements and get an independent opinion from a recognised compliance expert such as Legal Eye. Finally, be aware that risk changes and develops over time and a regular systematic review and test of your systems is essential.
For a FREE copy of “Cloud and Compliance – Your IT Questions answered” booklet, Email: firstname.lastname@example.org