Your SlideShare is downloading. ×
0
Legal ny 2010 business continuity and disaster recovery session   facilitated by dave cunningham feb 2 2010
Legal ny 2010 business continuity and disaster recovery session   facilitated by dave cunningham feb 2 2010
Legal ny 2010 business continuity and disaster recovery session   facilitated by dave cunningham feb 2 2010
Legal ny 2010 business continuity and disaster recovery session   facilitated by dave cunningham feb 2 2010
Legal ny 2010 business continuity and disaster recovery session   facilitated by dave cunningham feb 2 2010
Legal ny 2010 business continuity and disaster recovery session   facilitated by dave cunningham feb 2 2010
Legal ny 2010 business continuity and disaster recovery session   facilitated by dave cunningham feb 2 2010
Legal ny 2010 business continuity and disaster recovery session   facilitated by dave cunningham feb 2 2010
Legal ny 2010 business continuity and disaster recovery session   facilitated by dave cunningham feb 2 2010
Legal ny 2010 business continuity and disaster recovery session   facilitated by dave cunningham feb 2 2010
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Legal ny 2010 business continuity and disaster recovery session facilitated by dave cunningham feb 2 2010

275

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
275
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Business Continuity and Disaster Recovery Planning A panel discussion on recovery planning and related key issues Panel: David Cunningham, Hildebrandt Baker Robbins Nick L. Krishnani, Paul, Weiss, Rifkind, Wharton & Garrison LLP Cliff Forrester, Shearman & Sterling, LLP February 2, 2010 2:30pm – 3:45pm LegalTech New York 2010
  • 2. Panel Members <ul><li>Nick L. Krishnani </li></ul><ul><ul><li>Head of Global Infrastructure and Security </li></ul></ul><ul><ul><li>Paul, Weiss, Rifkind, Wharton &amp; Garrison LLP </li></ul></ul><ul><li>Cliff Forrester </li></ul><ul><ul><li>IT Manager, Head of IT Shared Services </li></ul></ul><ul><ul><li>Shearman &amp; Sterling, LLP </li></ul></ul><ul><li>David Cunningham </li></ul><ul><ul><li>Managing Director, Co-Leader, Strategic Technology and Risk Practices </li></ul></ul><ul><ul><li>Hildebrandt Baker Robbins </li></ul></ul>
  • 3. Law Firm IT Continuity Benchmark (excerpt) Infrastructure Management [Firm Name] Median Firm High Firm Infrastructure Operations Facilities Management Security Management Service Continuity Management + Smooth transitions to EMS for e-mail failures + Crisis communications plans underway + Actual recovery efforts successful  Key systems do not meet RTOs and RPOs  Document Mgmt and Litigation recoveries untested  Annual DR exercises; no actual tests User Management Database Management Desktop Management
  • 4. Scope of Legal Risk Management <ul><li>Law Firm Assets at Risk </li></ul>Data Transfer Agreements Consistency <ul><li>Conflicts </li></ul><ul><li>Laterals, Mergers </li></ul><ul><li>Conf. Matters </li></ul><ul><li>Regulatory Compliance </li></ul><ul><li>Protective Orders </li></ul><ul><li>Discovery </li></ul>Security Confidentiality Integrity Access Data Data IT Systems Continuity Recovery Access/Security Third-Party Suppliers Data Facilities Security Damage Environmental Resource Access Data Litigation Support Evidence Chain of Custody Access/Security Vendor Mgmt Data Client Engagements Profitability Quality Scope Control Resource Mgmt Records Mgmt Legal Holds Disaggregation Project Management Data Client Relationships Know Your Client Communications Clients Going Bad Ethical Walls Data Firm Reputation Directors and Officers Communications Insurance Mediation Data Environment Natural Disasters Epidemics Resource Access Data Market Commoditization Pricing Pressure New Competition Outsourcing Decline in Market Demand Data Practice Profitability Lateral Lawyers Rogue Partners Bad Clients Talent Monitoring Bar Admission Monitoring Data Lawyer Professional Responsibility Malpractice Conflicts Professional Development Data Money Audit Internal Controls Anti-Money Laundering Counter Terrorist Financing Data Employees Employment Fraud Privacy Theft
  • 5. Key Planning Questions <ul><li>How were people outside the IT department involved in the Business Impact Analysis? </li></ul><ul><li>How is your effort split across creating a “high availability” environment versus “fast recovery” capabilities? </li></ul><ul><li>For mission critical applications, what RTOs and RPOs do you believe are realistic for law firms? </li></ul><ul><li>How do you see that cloud computing vendors (and other third party services) are changing the nature of high availability and disaster recovery planning? </li></ul><ul><li>How can the cost and complexity of continuity and recovery be reduced? </li></ul><ul><li>How is your role evolving to address data confidentiality needs? </li></ul><ul><li>How have the needs of litigation support, including changes in the Federal Rules of Civil Procedure, affected your recovery plans? </li></ul>
  • 6. Sample Business Continuity Planning Process
  • 7. Availability Targets Based on 8,760 hours in a year less 48 hours for planned downtime = 8,712 hours of availability per year Availability Annual Downtime Monthly Downtime Weekly Downtime 95% 18 days 1.5 days 8.4 hrs 98% 7.3 days 14.5 hrs 3.4 hrs 99% 3.6 days 7.3 hrs 1.7 hrs 99.5% 44 hrs 3.6 hrs 50 min 99.8% 17 hrs 1.5 hrs 20 min 99.9% 8.7 hrs 43.5 min 10.5 min 99.95% 4.4 hrs 21.8 min 5 min 99.98% 1.7 hrs 8.7 min 2 min 99.99% 52 min 4.4 min 1 min
  • 8. Sample Technology Recovery Objectives for a Law Firm High Availability Applications Tier 1 Critical RTO &lt; 1 – 4 hours RPO ≤ 1 hour Tier 2 Essential RTO ≤ 1 day RPO ≤ 1-4 hour Tier 3 Important RTO = 2-3 days RPO ≤ 1-4 hour Tier 4 Supporting RTO = 1 week RPO = 4 hr – 1 day Tier 5 Low Priority RTO = N/A RPO ≤ 1 day Phone Systems CRM – Client Contacts Time Entry Imaging System Conf Room Scheduling Email Messaging Accounting Systems – Billing, AP, AR, GL Expense Systems Event Hosting System Internet Access Conflicts/New Business Intake Intranet Recruiting Systems Network / WAN Access Records System Cost Recovery System Library Systems Document Management System Payroll Performance Management Network File Shares - documents Human Resources Systems Financial Reporting Docketing Systems Key Practice-Specific Applications Most Practice-Specific Applications Litigation and Trial Support Other Litigation User Remote Access Public Web Site and Client Extranets Other Marketing Help Desk – Incident Support Help Desk – Full Support Printing Legal Research –Online Access to Accounts
  • 9. Data Confidentiality <ul><li>Aspects considered </li></ul><ul><ul><li>Search engine readiness </li></ul></ul><ul><ul><li>HIPAA compliance </li></ul></ul><ul><ul><li>Red Flag Rule </li></ul></ul><ul><ul><li>EU Data / Safe Harbor </li></ul></ul><ul><ul><li>ISO 27001 </li></ul></ul><ul><ul><li>Discovery chain of custody </li></ul></ul><ul><ul><li>Preservation orders / litigation holds </li></ul></ul><ul><ul><li>Ethical walls </li></ul></ul><ul><ul><li>Outsourced legal services </li></ul></ul><ul><ul><li>Client privacy expectations </li></ul></ul><ul><ul><li>Private firm documents </li></ul></ul><ul><ul><li>International Traffic in Arms Regulations (ITAR) </li></ul></ul><ul><li>Data sets </li></ul><ul><ul><li>Accounting </li></ul></ul><ul><ul><li>Cloud vendor </li></ul></ul><ul><ul><li>Conflicts </li></ul></ul><ul><ul><li>Document management </li></ul></ul><ul><ul><li>E-Mail </li></ul></ul><ul><ul><li>eRecords </li></ul></ul><ul><ul><li>Home systems (esp. separated staff) </li></ul></ul><ul><ul><li>Human resources </li></ul></ul><ul><ul><li>Lateral hire data </li></ul></ul><ul><ul><li>Litigation </li></ul></ul><ul><ul><li>Marketing </li></ul></ul><ul><ul><li>Shared Drives </li></ul></ul>
  • 10. <ul><li>Nick L. Krishnani </li></ul><ul><li>Head of Global Infrastructure and Security </li></ul><ul><li>Paul, Weiss, Rifkind, Wharton &amp; Garrison LLP </li></ul><ul><li>[email_address] </li></ul><ul><li>Cliff Forrester </li></ul><ul><li>IT Manager, Head of IT Shared Services </li></ul><ul><li>Shearman &amp; Sterling </li></ul><ul><li>[email_address] </li></ul><ul><li>David Cunningham </li></ul><ul><li>Managing Director, Co-Lead of Strategic Technology and Risk Practices </li></ul><ul><li>Hildebrandt Baker Robbins </li></ul><ul><li>[email_address] </li></ul>

×