The firm has a plan to ensure continuity of the firm’s operations in the event of an interruption. The plan provides for contingencies that could potentially affect physical property, data, personnel and client confidence. The plan provides for the re-establishment of critical business functions and the continued functioning of necessary operations or services on a priority basis. Development, implementation, testing, and when necessary, adjustment and revision of the plan are the responsibility of the Administrative and Management Teams. The degree and complexity of potential emergencies requires flexible contingency plans.
The following general business continuity strategies are currently in place firm-wide in response to risk assessment and associated business impact analysis:
A. BACKUP POWER GENERATION
The firm has installed standby generators in the Burlington and St. Johnsbury facilities to:
• support mission critical wide area network and telephony equipment/service,
• ensure that key legal staff may continue to meet client deadlines
• support critical accounting, finance, intake and conflict-checking functions, and to provide workstations for employees who may be displaced from other firm offices through a short or prolonged outage.
B. FIRE PROTECTION
Four of the five office facilities are sprinklered and the fifth facility has an extensive smoke detection system.
EMPLOYEE ACTION: Be aware of your surroundings and participate in office evacuation drills.
C. COMPREHENSIVE CAPABILITY FOR WORKING REMOTELY
To address a disruption that compromises employees’ access to one or more facilities without impacting WAN availability, the firm has invested in infrastructure and training to facilitate employees’ ability to work securely, collaboratively and productively from home or other remote locations. This technology includes a fleet of laptops, VPN for remote connectivity, cloud-based Office 365 for continuity of email, calendaring and contacts, cloud-based document management, Mimecast for virus protection and email security, and cloud-based conference calling/online meeting functionality.
- Bring your laptop home each and every day.
- Use Office 365 remotely via VPN to securely access email, contacts, calendar and documents.
- Use MicroSoft Teams for online collaboration – meetings, sharing of documents, chat and activity tracking.
D. FOCUS ON ELECTRONIC RECORDS
Through its application and hardware infrastructure, the firm encourages employees to rely on electronic rather than paper records. In-process client documents are filed and secured in a central document management system and completed client documents are archived and secured in a central records management system. Hard copy originals are scanned and filed electronically. These materials are available to a properly credentialed user from anywhere via a secure internet connection.
EMPLOYEE ACTION: Be diligent about filing client records in iManage.
E. MULTIPLE FACILITIES
The firm has five office facilities and one records storage warehouse located within a 160 mile radius. While these facilities utilize a common wide area network, they are otherwise physically separate and can function as stand-alone alternate sites. In the event of a loss of access to one facility, in addition to the use remote work, employees would be able to relocate to an efficient and familiar work environment that is within a 45 to 90 minute drive from their regular workplace.
F. ACTIVE MANAGEMENT STRUCTURE
The firm’s management team meets weekly to mitigate and treat practice-related risks as they arise. The practice group management structure ensures that the practice group chair has knowledge of and ability to re-allocate the group’s existing work in the event of death or disability of a principal.
The firm maintains the insurance policies necessary to manage the risks associated with business operation in general and for disaster recovery.
H. EMERGENCY NOTIFICATION SYSTEM
The firm maintains an emergency messaging service to communicate with employees via text message.
EMPLOYEE ACTION: Maintain accurate mobile phone contact number with firm manager. Watch for text messages from DRM’s Emergency Notification System during an incident.
I. IT RESILIENCY
The firm is vigilant about IT resiliency and security, and strives to improve the firm’s position with each hardware and application upgrade or purchase. The IT Interruption Response Plan documents the many provisions that have been implemented to ensure IT continuity, and outlines the restoration of data and continuation of client work in the event of an equipment failure, cybercrime, or other emergency causing failure of lack of accessibility of DRM IT systems.
- Keep mobile device operating systems up to date.
- Stay current with IT Security Training
- Always think before you click.
J. PROACTIVE OFFICE SECURITY
The firm has security, surveillance and panic/distress communication systems in each office to help mitigate the impact of a violent intruder incident. The firm offers online training to all employees on the current best practices for how to respond to and survive an active shooter incident. Four out of five offices have some degree of lockdown capability.
- Complete active shooter response training and participate in drills.
- Be aware of surroundings and of panic/distress communication options.
- See something, say something. Report safety concerns or potential threats to your manager .