A cloud-based IT storage solution brings numerous rewards, but firms must ensure they
continue to comply with SRA principles, says
Aaron Naisbitt
O
utcomes focused regulation (OFR) has
brought a newapproach tomitigating
risk and there can be few risks as serious
as your business grinding to a halt in thewake of
an IT failure.
Ensuring that your firmmeets compliance for
business continuity (BC) and disaster recovery (DR),
a key feature of a cloud service, is no longer amatter
of ticking a box.
Of the ten principles outlined in the SRA
Handbook, principles 5, 8 and 10 are all impacted by
amove to the cloud, as these relate to services to
clients, riskmanagement and protection of assets.
As a compliant lawfirmyou are required to:
n
provide robust systems that can handle the
pressures of shiftingworkloads and demands;
n
deliver a cast-iron guarantee to your clients that
theywon’t be affected by IT downtime or
mini-disasters (such as extremeweather)
preventing your staff getting intowork; and,
n
deliver failsafe systems for the handling of money
and assets.
There is a commonmisconception that cloud
computing is insecure, but when you look carefully
into the layers of a hosted IT solution, it can deliver
greater flexibility, reduce capital outlay and improve
security of data for your firm (see box).
‘The cloud’is one of those buzzwords that seems
to dominate any discussion of technology now. It is
a catch-all term for computer services and data
storage via theweb. But before you ditch the
hardware and dive into the cloud, make sure you
have covered your compliance questions. Lawfirms
must complywith the SRA Code of Conduct, OFR,
and quality kitemarks such as Lexcel.
What specifics dofirms need to take into
consideration?
Chapter 7 of the Code of Conduct, outcome 7.10,
states the requirements that must bemet for
outsourcing any functions that are critical to the
provision of legal services. Firmsmust ensure that:
n
An outsourced solution does not adversely affect
the ability to complywith, or the SRA’s ability
tomonitor compliancewith, obligations in the
handbook.
Comment: far fromadversely affecting your ability to
comply, a cloud solution supports compliance.
n
The SRA , or its agents, can inspect the records of,
or enter the premises of, any outsourced provider.
Comment: considerwhich cloud supplier youuse – this
iswhere international suppliersmay not provide the
best solution, as theymay be accountable to
international regulationondatadisclosure that
conflictswith these requirements.
n
An outsourced solution does not alter obligations
to clients.
Comment: far fromadversely affecting your obligation
to clients, a cloud solution canunderpinandguarantee
delivery of that obligation.With cloud, an internet
connection is all youneed toaccess all your dataand
applications, removing the risk of downtime through
local disruptionanddisaster, andguaranteeinga
continuous level of service to clients.
n
The outsourced solution does not interferewith
your ability to remain authorised.
Comment: when consideringa cloud supplier, look for
onewith experience in the legal sector. Ask themto
explain the infrastructure of their proposeddata
centre, specifics about the owner, its capacity, disaster
recovery failsafe and security.With the correct due
diligence, cloudnot only helps youavoidbreaching the
code, it can support youwith compliance.
The cloud increases data security as therewill have
been huge investments in anti-virus and anti-spam
systems, as well as increased physical security,
meaning unauthorised personnel cannot access the
data stored in the data centre.
Aaron Naisbitt is the business
development manager at
Converge Technology Specialists
SJ
Technology Focus
23
Compliance
in the cloud
TECHNOLOGY FOCUS
COMPLIANCE
1...,13,14,15,16,17,18,19,20,21,22 24,25,26,27,28,29,30,31,32