• Home
• Guidance
• Business Continuity Management for Barristers Chambers - IT Panel Article 2006

Business Continuity Management for Barristers Chambers - IT Panel Article 2006

Would you be able to carry on working if your computer was stolen, or if you could not get into your chambers and your chambers it equipment ceased functioning? Clive Freedman discusses steps you should consider taking to ensure that you can continue your Practice.

Suppose the bomb which went off in a bus in Russell Square on 7 July 2005 had gone off in Fleet Street at the bottom of Chancery Lane, and suppose, by chance, that one of your Chambers computers had gone down soon after and needed to be rebooted, but no-one could get into the building. How would this have affected you? Would you still have been able to access your diary? Would you still have been able to receive emails?

BS 7799-1:2000 (Information technology - Code of practice for information security management) defines the objective of business continuity management as "to counteract interruptions to business activities and to protect critical business processes from the effects of major failures or disasters" (paragraph 11.1). BS 7799 goes on to identify the steps which a business should take to protect itself:

‘A business continuity management process should be implemented to reduce the disruption caused by disasters and security failures (which may be the result of, for example, natural disasters, accidents, equipment failures, and deliberate actions) to an acceptable level through a combination of preventative and recovery controls.

‘The consequences of disasters, security failures and loss of service should be analysed. Contingency plans should be developed and implemented to ensure that business processes can be restored within the required time-scales. Such plans should be maintained and practised to become an integral part of all other management processes’.

‘Business continuity management should include controls to identify and reduce risks, limit the consequences of damaging incidents, and ensure the timely of resumption of essential operations’.

BS 7799 sets out detailed guidance on how to set about carrying out a risk analysis, writing and implementing continuity plans, and testing maintaining and re-assessing business continuity plans.

The Seventh data Protection Principle requires that "appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data". Given the importance of it systems to legal practice in the twenty-first century the importance of taking these steps needs no elaboration. Sets of Chambers should, if they have not already done so, appoint an individual or a committee to consider the risks they face and to consider how those risks should be addressed, in conjunction with the Chambers IT consultant. Among the points to consider are the following:

Diary and Fees

The importance of making daily back-ups is well known. But where are the back-up tapes kept? Where will the back-up data be restored to if the Chambers premises are inaccessible? Consideration should be given to routine copying of data to a properly maintained server located off-site (the suppliers of Chambers fee/diary software can assist with this).

Written Work

Many of us have experienced the problems of losing a vital document just before the deadline for finishing it. If the document is stored on a Chambers server there is likely to be an overnight tape backup or a backup to a secure server located offsite, but a situation may arise in which the Chambers network is not accessible. If, on the other hand, the document is stored on the barristers own PC, that PC may suffer a hard disk failure or a virus attack, or it may be stolen. The answer is to store the document in more than one place, both on the Chambers network and on a PC which can be accessed if the network is unavailable (users of Microsoft Windows XP Pro should consider using the synchronization function to synchronize network folders with off-line folders). Facilities for backing up off-site are also becoming more readily available. Individuals should always ensure that they have backup copies of important documents in one form or another. If there is no Chambers network, alternatives are a USB memory stick or e-mailing the document to an email account which you access on another computer.

Malicious Activity by Third Parties

The importance of taking precautions against malicious activity by third parties is well known. This must be considered not only for computers in Chambers but also laptops and computers at home, especially where barristers use broadband at home or have wireless networks at home. The default configuration of a wireless router is usually not sufficiently secure, and most barristers are likely to need technical advice on securely configuring a broadband connection, firewall or wireless network. Barristers should also be encouraged to use the latest operating system and promptly install security updates, both in Chambers and at home. Anti-virus software and a firewall are essential, and antimalware software should also be considered.

E-Mail

Are your e-mails only accessible from the Chambers e-mail server, or is there some other way of accessing them?

Telephone and Fax

What contingency plans do you have if your incoming phone or fax lines fail, if your switchboard system fails, or if your fax machines fail?

Servers

Are Chambers IT services run from a single server or from more than one server? If there is only one server, then failure of that server would prevent any of those services (fees, email, internet access, etc) from operating. Consideration should be given to having more than one server

Office Premises

Consideration should be given to identifying alternative office space which could be used in an emergency, for example Chambers in the Temple could have a reciprocal arrangement with a set of Chambers in Lincolns Inn or Grays Inn, or outside London. Another possibility would be the home of a member of Chambers who has space and a broadband connection on a local area network.

Electricity

What would you do if there were no electrical power to the building?

Maintenance Contracts

Are all your essential technical services covered by adequate maintenance contracts?

Personnel

What would you do if a serious problem occurs while the person responsible for the security and maintenance of your IT system is ill or on holiday? Would you be able to locate the Administrator passwords for your servers?

Contact Details

If an important service fails, who should be contacted, and where are the contact details kept? Sets of Chambers need to analyse the risks they face and make appropriate plans in the light of the way in which their own technical systems are configured. Some technical precautions can be taken inexpensively using standard functions provided within Microsoft software.

Clive Freedman