Planning for "business as usual" has become a priority for many businesses.  Having witnessed the devastation of the recent hurricanes in the U.S. and other catastrophic events worldwide, and living with the specter of terrorism that brought chaos, destruction and fear to London in July 2005, preparations for conducting "business as usual," albeit at a possibly diminished capacity, have acquired a sense of urgency.

Serious considerations of having a dynamic, current, workable recovery plan in place have often been put on hold because of the perceived high cost.  The reality of the "cost" of not being prepared for a disaster has been exposed all too frequently in recent months and years.

The breadth and depth of how much you invest to protect your business depends on several factors, but your firm or law department's risk tolerance and long-term executive level support are sometimes the most formidable obstacles.

Considering the current state of the business world, it is imperative that any organization that serves a customer base generating moderate to significant revenue have some current, usable contingency and recovery plans in place.  And even though it is easier said than done, following are some considerations in crafting your plans.

Before You Proceed
Remember that a BC/DR plan is not just about the money or technology; it also serves for the continuation of the business operation.

You will need long-term executive level support and the associated support from the financial, human resources and training groups within your organization.

Consequences of Not Planning
Potential loss of clients because clients cannot be served.

Potential associated loss of revenue due to the loss of clients.

Potential loss of key personnel due to the aforementioned.

Potential loss of business reputation and corporate image.

Questions to Ponder
Does the plan bring the organization back to expected operational capacity?  Is the cost to recover in line with the financial risk to which you are exposed?

Does the business continuity/disaster recovery plan recover the systems and applications to the firm's expectations?  Who defined the expectations?

Benefits of Planning
Performing due diligence and being proactive makes clients happy.

Current workable plans help protect the assets of your firm.

Current workable plans help protect client assets.

Taking less time to recover and minimize losses gives you a competitive edge over organizations that do not have anything in place.

Financial Aspects
The cost may be more palatable if it is considered a cost of doing business.

The cost will include initial, recurring and operational costs.

It does not have to be expensive; there are a number of resources available on the Internet that can help you get started from a planning, risk-assessment and business-impact analysis perspective, all of which are foundational to any business continuity/disaster recovery program.

The Human Factor
Take care of your staff; it is imperative!

Address morale issues before they become a problem.

Provide constant, consistent, clear and concise communications to your staff during and after a business interruption or disaster event.

Alleviate stress as much as humanly possible by providing comforts such as food, drinks, rest areas and immediate access to some type of employee assistance program.

Provide proactive education and training so that there is a level of readiness in the event something does happen.

Ensure someone from the very top-level of the organization is out in front and accessible by the staff in the event of a business interruption or disaster event.  A visible sign of top-level leadership gives confidence to the staff.

Logistics
Make sure you have provisions to work from home in case there is an event that prevents people from working together in close proximity.

Establish availability of predetermined alternate work facilities, if necessary.

Do not rely on one source of service support; always have a backup.

Take into consideration distance and the problems associated with it when people have to travel during a business interruption or catastrophic event.

Associated Dependencies
Determine how you would work with co-counsel or other entities on time-critical collaborative efforts.

Count on the fact that your general staffing will be marginal in the event of a catastrophic event or prolonged widespread business interruption.

Provide for workarounds.  Utility availability may be sparse in certain areas including your office.

Make sure you have enforceable Service Level Agreements with mission-critical third-party service providers.

Options
Identify alternate work space that can be rented on very short notice that will support the necessary infrastructure and support staff, in the event your primary office is unavailable for an extended period of time.  Prior user-awareness training will prove invaluable in setting the expectations of what an alternate work facility would look like and/or consist of before any type of physical relocation.

Develop reciprocal or mutual aid agreements with firms that have a working relationship with you.  These types of arrangements benefit both parties and can greatly reduce the overall cost of any type of disaster-recovery effort.

Crisis Management
Someone has to determine who will provide oversight for any recovery effort, and ideally that decision will come from someone at the executive level.

Media relations will have to be dealt with carefully.  One person designated by executive level management should be the only person authorized to speak to the media.

An internal and external predetermined location for an Incident Command and Control Center should be in place that is easily equipped with the necessary communications, computers and other equipment.

Current Trends
More and more clients are requiring that their legal counsel have a current, workable, tested contingency plan in place.  They are also looking at information system security best practices and policies, proven adherence to and audits of those best practices and policies.

Mutual aid and reciprocal agreements are becoming a cost-effective way for contingency and recovery efforts for smaller firms.

Internal data replication is becoming a more cost-effective recovery measure.  Larger firms are turning to this method rather than depending on a business resumption vendor to provide it.  Some of the reasons are control, some long-term cost and time savings and the use of inhouse expertise.

Firms are also using their remote offices as alternate disaster-recovery facilities.

With attorneys and staff who travel frequently, remote access for users who have the equipment and means to access the systems from outside the office are becoming a more common and accepted practice.

Additional Resources
Contingency Planning Management:  www.contingencyplanning.com
Disaster Recovery Journal:  www.drj.com
Continuity Insights:  www.continuityinsights.com

About our author . . .

Atlas Lee is Director of Business Continuity for Shook, Hardy & Bacon L.L.P.  He has been with the firm for 18 years and has 22 years' experience in the information technology field.  Atlas is a frequent speaker on business continuity planning, disaster preparedness / recovery and information systems security, and he has authored several white papers on those subjects.  Atlas is a Certified Business Continuity Professional (CBCP).  He can be reached at alee@shb.com.