Most organizations understand that having some type of an approach to deal with unforeseen obstacles is a good idea, but a surprisingly large number of businesses don’t have a continuity plan. Legal teams may view the continuity planning process as an overwhelming task, but when approached systematically, even the smallest legal team can create a solid continuity plan.
Equally important, while a complete plan will ensure resilience against the widest array of potential challenges, preparedness will begin to improve as soon as the planning process gets underway and will improve throughout the journey. Once completed, a business continuity plan serves as the organization’s primary resource, supporting everything needed to ensure that critical teams can function during or after an incident. To accomplish this, business continuity plans include:
- A list of potential business risks and severity
- A compilation of the key business areas
- The critical functions performed within the business areas
- Dependencies between business areas and functions
- Acceptable downtime for each critical function
- Contact information and communication plans for internal teams and vendors
- A plan to maintain operations
- A testing plan and a cadence to evaluate and address new business risks
PREPARING FOR CONTINUITY PLANNING
Phase 1 – Gathering Critical Business Information
Understanding and Prioritizing Your Risks
The first step in building a continuity plan is to identify as many of the likely risks that could impact your firm or business. The list should be relevant to your location and business and should include risks of all sizes. Common risks include events like tornadoes, power outages, floods, cyber-terrorism, and, after the arrival of COVID-19, global pandemics. Once the risks are gathered, it is useful to rank them in terms of likelihood and severity to the business. For organizations that are tight on time or resources, the highly likely, highly severe risks are good targets to focus on initially.
Conducting an Impact Analysis
Paramount in business continuity planning is to identify and prioritize the business functions that need to be available to ensure the on-going viability of the business. It is common during this analysis to think in terms of time and/or money, i.e. How would we be impacted if our IP Management system was unavailable for an extended time, or what would the impacts be if we couldn’t send (or pay) invoices for a period of time? While creating this analysis, consider what technology resources are required, what dependencies exist for this function and how long this process or function could be unavailable before it would impact the business. From this list you will be able to develop a prioritized list of systems, capabilities and recovery timelines which will be used in the next phase of the planning process. This is also a good time to identify and gather contact information of key vendors, function owners and team members.
NEXT WEEK: Building Your Legal Ops Continuity Plan. We'll cover the next stages of continuity plan development: the Plan Development Phase and the Monitoring, Testing and Execution Phase. We will also provide templates to assist you in developing continuity strategies and an incident awareness plan.
About the Hyperion Legal Ops Continuity Series
Throughout this series, we’ll explore best practices for ensuring readiness and continuity, while also highlighting lessons learned from law firms and corporate legal teams (both positive and negative) over the last several months. By the end of this series, you will have an in-depth understanding of each of the keys to successful continuity planning and execution.
Additionally, we will be publishing a series of operational checklists which will walk you through the steps needed to put each concept into action. At the end of the series, we will also compile all of the checklists, frameworks and lessons learned into a Legal Operations Readiness Resource kit.