In busy IT teams, some important but more challenging or mundane actions that require action sometimes fall through the net and, although some of these may not be urgent, they might come back to bite your business. It is therefore crucial that such actions are fully documented to ensure that systems are properly and securely maintained.

In larger firms, this may not be an issue as IT teams are able to allocate sufficient resources to ensure actions such as patching and documentation are tightly managed. However, in smaller firms where resources are more thinly spread, such tasks can get overlooked or sidelined by more urgent activities.

Here are some of the questions for you to consider which, while not an exhaustive list, may help if you plan to start reviewing the IT processes that are required to help keep your systems running safely and securely. If necessary, 3Kites would be able to assist with your review – please contact us using the details below.

“Do we have an up to date record of all our IT suppliers, the applications they provide, renewal dates for subscriptions/maintenance, notice periods, service level agreements (SLAs), etc?”

Knowing what contracts you have with which suppliers is an important part of managing and maintaining your IT service. As a minimum, you should have a schedule of renewal dates with a clear understanding of the term of any renewal (e.g. annual, every five years) and the notice period or termination procedure if you no longer need the service. Being able to forecast any likely uplifts in costs and when these may happen is also a consideration for an annual IT budgeting process. In addition to financial planning, you should know what to expect in terms of response time to support calls, SLAs and the escalation process if these are not met.

“Do we know if the latest patches have been applied to our systems (including firewalls, servers, PCs, laptops, etc)?”

Applying patches can be time consuming in terms of planning, testing and execution and may mean that systems are unavailable while these are applied. However, if patching is not undertaken regularly or as required by changing threats then this could, in some circumstances, make your firm vulnerable to a cyber attack which, if severe enough, could be an existential threat to your business.

“When was the last time the firm tested recovering from a system failure or cyber attack?”

Many of us are aware that systems need to be backed up, but how often do you test that such backups can actually be used to successfully restore from a system failure or a cyber attack? Testing the restoring of files or an application can be time consuming as usually it will be necessary to set up a test environment. However, it is vital that this process is documented and relevant personnel are familiar with the process at the point when it is needed, not least as any given situation is likely to present unforeseen challenges.

“Does the IT team know when the firm’s SSL certificates and authentication key(s) need renewing?”

Often overlooked, not just by the IT team but the suppliers as well, is a diary record of when security certificates need renewing. The first the IT team know about it is usually when users report that an application is not available. Although the issue can be remedied quite quickly, the issue would not have happened if the IT team or supplier had renewed the certificates in a timely manner.

“How confident am I that we have a complete record of the correct amount of licences for the applications the firm is using?”

Keeping track of licences can be taxing as some licence agreements can be more opaque than others. Nonetheless, it is important to remain compliant and to make sure that budgeting can be accurate, whether for more or fewer licences or additional products and the associated renewal dates for each.

3Kites Consulting has assisted several law firms with IT reviews to ensure that, among other things, procedures and documentation are recorded and actioned effectively. If you would like further information about how 3Kites can assist with your firm’s IT, please contact Michele Asbury (michele.asbury@3kites.com) or Jon Howells (jon.howells@3kites.com) or via https://www.3kites.com/contact-us.

Michele Asbury is a consultant at 3Kites and a former law firm IT director. This is the 31st article in the series Navigating Legaltech. 

--------------------

About 3Kites and Kemp IT Law  
3Kites is an independent consultancy, which is to say that we have no ties or arrangements with any suppliers so that we can provide our clients with unfettered advice. We have been operating since 2006 and our consultants include former law firm partners (one a managing partner), a GC, two law firm IT directors and an owner of a practice management company. This blend of skills and experience puts us in a unique position when providing advice on IT strategy, fractional IT management, knowledge management, product selections, process review (including the legal process) and more besides. 3Kites often works closely with Kemp IT Law (KITL), a boutique law firm offering its clients advice on IT services and related areas such as GDPR. Where relevant (eg when discussing cloud computing in a future article) this column may include content from the team at KITL to provide readers with a broader perspective including any regulatory considerations.