Legal ny 2010 business continuity and disaster recovery session by dave cunningham feb 2 2010

Uploaded on


More in: Business , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Business Continuity and Disaster Recovery Planning A panel discussion on recovery planning and related key issues Panel: David Cunningham, Hildebrandt Baker Robbins Nick L. Krishnani, Paul, Weiss, Rifkind, Wharton & Garrison LLP Cliff Forrester, Shearman & Sterling, LLP February 2, 2010 2:30pm – 3:45pm LegalTech New York 2010
  • 2. Panel Members
    • Nick L. Krishnani
      • Head of Global Infrastructure and Security
      • Paul, Weiss, Rifkind, Wharton & Garrison LLP
    • Cliff Forrester
      • IT Manager, Head of IT Shared Services
      • Shearman & Sterling, LLP
    • David Cunningham
      • Managing Director, Co-Leader, Strategic Technology and Risk Practices
      • Hildebrandt Baker Robbins
  • 3. Law Firm IT Continuity Benchmark (excerpt) Infrastructure Management [Firm Name] Median Firm High Firm Infrastructure Operations Facilities Management Security Management Service Continuity Management + Smooth transitions to EMS for e-mail failures + Crisis communications plans underway + Actual recovery efforts successful  Key systems do not meet RTOs and RPOs  Document Mgmt and Litigation recoveries untested  Annual DR exercises; no actual tests User Management Database Management Desktop Management
  • 4. Scope of Legal Risk Management
    • Law Firm Assets at Risk
    Data Transfer Agreements Consistency
    • Conflicts
    • Laterals, Mergers
    • Conf. Matters
    • Regulatory Compliance
    • Protective Orders
    • Discovery
    Security Confidentiality Integrity Access Data Data IT Systems Continuity Recovery Access/Security Third-Party Suppliers Data Facilities Security Damage Environmental Resource Access Data Litigation Support Evidence Chain of Custody Access/Security Vendor Mgmt Data Client Engagements Profitability Quality Scope Control Resource Mgmt Records Mgmt Legal Holds Disaggregation Project Management Data Client Relationships Know Your Client Communications Clients Going Bad Ethical Walls Data Firm Reputation Directors and Officers Communications Insurance Mediation Data Environment Natural Disasters Epidemics Resource Access Data Market Commoditization Pricing Pressure New Competition Outsourcing Decline in Market Demand Data Practice Profitability Lateral Lawyers Rogue Partners Bad Clients Talent Monitoring Bar Admission Monitoring Data Lawyer Professional Responsibility Malpractice Conflicts Professional Development Data Money Audit Internal Controls Anti-Money Laundering Counter Terrorist Financing Data Employees Employment Fraud Privacy Theft
  • 5. Key Planning Questions
    • How were people outside the IT department involved in the Business Impact Analysis?
    • How is your effort split across creating a “high availability” environment versus “fast recovery” capabilities?
    • For mission critical applications, what RTOs and RPOs do you believe are realistic for law firms?
    • How do you see that cloud computing vendors (and other third party services) are changing the nature of high availability and disaster recovery planning?
    • How can the cost and complexity of continuity and recovery be reduced?
    • How is your role evolving to address data confidentiality needs?
    • How have the needs of litigation support, including changes in the Federal Rules of Civil Procedure, affected your recovery plans?
  • 6. Sample Business Continuity Planning Process
  • 7. Availability Targets Based on 8,760 hours in a year less 48 hours for planned downtime = 8,712 hours of availability per year 5 min 21.8 min 4.4 hrs 99.95% 2 min 8.7 min 1.7 hrs 99.98% 1 min 4.4 min 52 min 99.99% 10.5 min 43.5 min 8.7 hrs 99.9% 20 min 1.5 hrs 17 hrs 99.8% 50 min 3.6 hrs 44 hrs 99.5% 1.7 hrs 7.3 hrs 3.6 days 99% 3.4 hrs 14.5 hrs 7.3 days 98% 8.4 hrs 1.5 days 18 days 95% Weekly Downtime Monthly Downtime Annual Downtime Availability
  • 8. Sample Technology Recovery Objectives for a Law Firm High Availability Applications Legal Research –Online Access to Accounts Printing Help Desk – Full Support Help Desk – Incident Support Other Marketing Public Web Site and Client Extranets User Remote Access Other Litigation Litigation and Trial Support Most Practice-Specific Applications Key Practice-Specific Applications Docketing Systems Financial Reporting Human Resources Systems Network File Shares - documents Performance Management Payroll Document Management System Library Systems Cost Recovery System Records System Network / WAN Access Recruiting Systems Intranet Conflicts/New Business Intake Internet Access Event Hosting System Expense Systems Accounting Systems – Billing, AP, AR, GL Email Messaging Conf Room Scheduling Imaging System Time Entry CRM – Client Contacts Phone Systems Tier 5 Low Priority RTO = N/A RPO ≤ 1 day Tier 4 Supporting RTO = 1 week RPO = 4 hr – 1 day Tier 3 Important RTO = 2-3 days RPO ≤ 1-4 hour Tier 2 Essential RTO ≤ 1 day RPO ≤ 1-4 hour Tier 1 Critical RTO < 1 – 4 hours RPO ≤ 1 hour
  • 9. Data Confidentiality
    • Aspects considered
      • Search engine readiness
      • HIPAA compliance
      • Red Flag Rule
      • EU Data / Safe Harbor
      • ISO 27001
      • Discovery chain of custody
      • Preservation orders / litigation holds
      • Ethical walls
      • Outsourced legal services
      • Client privacy expectations
      • Private firm documents
      • International Traffic in Arms Regulations (ITAR)
    • Data sets
      • Accounting
      • Cloud vendor
      • Conflicts
      • Document management
      • E-Mail
      • eRecords
      • Home systems (esp. separated staff)
      • Human resources
      • Lateral hire data
      • Litigation
      • Marketing
      • Shared Drives
  • 10.
    • Nick L. Krishnani
    • Head of Global Infrastructure and Security
    • Paul, Weiss, Rifkind, Wharton & Garrison LLP
    • [email_address]
    • Cliff Forrester
    • IT Manager, Head of IT Shared Services
    • Shearman & Sterling
    • [email_address]
    • David Cunningham
    • Managing Director, Co-Lead of Strategic Technology and Risk Practices
    • Hildebrandt Baker Robbins
    • [email_address]