Peer to Peer Magazine

September 2012

The quarterly publication of the International Legal Technology Association

Issue link: http://read.uberflip.com/i/80353

Contents of this Issue

Navigation

Page 67 of 127

Information Is the New Oil: Protect Your Investment are revisiting the fundamental way information is stored within the firm. Practices have evolved so that information for all client matters — both documents and email messages — is typically stored and organized electronically in the firm's DMS. However, for most firms, this information is openly accessible to its entire staff by default, and it often includes email messages that might have been sent with the assumption that only those who were part of the original communication chain will have or seek access to content. As clients and other factors increase the focus on confidentiality, some are taking a second look at this approach, particularly as tools like enterprise search make it easier to find information. The risks of an "open by default" DMS include inadvertent leaks of client-matter information or violations of ethical screens, and departing lawyers taking documents to their new firms for know-how or other purposes. Well before the current spotlight on information security, Allen & Overy LLP, one of the largest law firms in the world, changed its DMS to a restricted access model. Today, in order for firm lawyers and staff to access client-matter information, they must be listed as part of the assigned matter team — no general access is permitted. As part of its efforts, the firm also secured ISO 27001 certification. Several other firms in the U.K. and U.S. are now seriously considering whether to follow suit and move to a "need-to-know" access model, reminiscent of an age of locked filing cabinets. But raising this topic tends to prompt significant objections, namely that security will be achieved at the expense of convenience and productivity. Conceptually, firms often view the change as the antithesis to the modern culture of sharing information and knowledge, with the associated broadening of perspective and client benefit such sharing can foster. In addition to a cultural shift, the closed model also imposes a new administrative overhead to ensure that the right people have access to matter information. This requires both an upfront investment in time and ongoing overhead. An exercise might be required before the switch to accurately identify individuals who work on each of the firm's matters (usually via time-recording history) so that matters are locked down to the correct teams. In addition, resources are required to manage ongoing access updates, or firms will impede the ability for matter teams to operate efficiently. with Business Priorities evaluate the RTO, upgrade the infrastructure to reduce the ART or consider a hot site option. Consider Quick Recovery Options Hot sites deliver the highest level of recovery capability with the least downtime by providing the same functionality as your primary site — equipment, applications, complete backups and even operational personnel if your people cannot get there to operate it. A hot site can be activated on demand and will get you up and running in just a few hours. Data replication is the current go-to recovery solution for companies who need a recovery time of a few hours or less. The cost of hardware, software and tech support for replication is significant. A hot site is also an expensive option (a hosted site is the most expensive), but that cost could pale in comparison to those associated with failing to recover your systems in a timely manner. Communicate the Plans The disaster recovery team needs to communicate with executive management to achieve the level of coordination that will enable the quickest recovery possible. HR should also be involved since the safety of your people is a primary consideration. Communication should be ongoing because a plan is never finished; it's always evolving. Make Sure It Works The only way to really know whether the RTOs and ARTs actually align is by testing both plans together about once a year. This will involve a lot of work and might require the ability to shut down systems for a period of time, but such testing will help you see if your plans will work and get you back up and running as desired. Peer to Peer 69

Articles in this issue

Archives of this issue

view archives of Peer to Peer Magazine - September 2012