1. Introduction
1.1 Who should read this practice note?
Managing partners, practice managers and all staff concerned with the management and day to day operation of practices.
Top of page
1.2 What is the issue?
Solicitors' practices need effective business continuity management (BCM) so they can handle their clients' business if something goes wrong.
This practice note outlines the essentials of BCM for solicitors and contains links to further help.
Top of page
1.3 Professional conduct
The following sections of the SRA Code are relevant to this issue:
Chapter 7 Management of your business
There are ten mandatory principles which apply to all those the SRA regulates and to all aspects of practice. The principles can be found in the SRA Handbook.
When thinking about how to meet the outcomes in chapter 7 in the Code/Handbook, you must consider the principles which apply across the Handbook including the Code. You should always bear in mind what the ten principles are and use them as your starting point when implementing the outcomes.
Outcome 7.5 requires that practices 'comply with legislation applicable to your business, including anti-money laundering and data protection legislation.'
IB 7.3 involves 'identifying and monitoring financial, operational and business continuity risks including complaints, credit risks and exposure, claims under legislation relating to matters such as data protection, IT failures and abuses, and damage to offices.
Top of page
1.4 Status of this practice note
Practice notes are issued by the Law Society for the use and benefit of its members. They represent the Law Society's view of good practice in a particular area. They are not intended to be the only standard of good practice that solicitors can follow. You are not required to follow them, but doing so will make it easier to account to oversight bodies for your actions.
Practice notes are not legal advice, nor do they necessarily provide a defence to complaints of misconduct or of inadequate professional service. While care has been taken to ensure that they are accurate, up to date and useful, the Law Society will not accept any legal liability in relation to them.
For queries or comments on this practice note, contact the Law Society's Practice Advice Service.
Top of page
1.5 Terminology
Must - A specific requirement in legislation or of a principle, rule, outcome or other mandatory provision in the SRA Handbook. You must comply, unless there are specific exemptions or defences provided for in relevant legislation or the SRA Handbook.
Should
- Outside of a regulatory context, good practice for most situations in the Law Society's view.
- In the case of the SRA Handbook, an indicative behaviour or other non-mandatory provision (such as may be set out in notes or guidance).
These may not be the only means of complying with legislative or regulatory requirements and there may be situations where the suggested route is not the best possible route to meet the needs of your client. However, if you do not follow the suggested route, you should be able to justify to oversight bodies why the alternative approach you have taken is appropriate, either for your practice, or in the particular retainer.
May - A non-exhaustive list of options for meeting your obligations or running your practice. Which option you choose is determined by the profile of the individual practice, client or retainer. You may be required to justify why this was an appropriate option to oversight bodies.
SRA Code - SRA Code of Conduct 2011
2007 Code - Solicitors’ Code of Conduct 2007
OFR - Outcomes-focused regulation
SRA - Solicitors Regulation Authority
outcome - outcome
IB -indicative behaviour
Top of page
2. SRA principles
There are ten mandatory principles which apply to all those the SRA regulates and to all aspects of practice. The principles can be found in the SRA Handbook.
When thinking about how to meet the outcomes in chapter 7 in the Code/Handbook, you must consider the principles which apply across the Handbook including the Code. You should always bear in mind what the ten principles are and use them as your starting point when implementing the outcomes.
Top of page
3. What is business continuity management (BCM)?
BCM is not just about IT systems recovery. The British Standard for BCM, BS 25999, describes it as a management process that:
- identifies threats and impacts
- builds the capacity for an effective response
Its objective is to protect:
- stakeholders
- reputation
- brand
- value-creating activities
Top of page
4. Good practice for BCM
Practices should do all of the following:
- allocate overall responsibility for BCM to a partner, or staff members of equivalent seniority
- conduct a risk assessment leading to risk improvement and increased resilience
- create a written business continuity plan fully supported by necessary recovery provisions
- conduct a programme of testing
- implement a process of maintenance
- communicate the BCM plan to staff
The Department for Business, Enterprise and Regulatory Reform provides extensive guidance to assist firms in implementing business continuity management.
Top of page
4.1 The Data Protection Act 1998 (DPA)
The seventh data protection principle in Schedule 1 of the Data Protection Act 1998 (DPA) requires data controllers to take appropriate technical and organisational measures against:
- unauthorised or unlawful processing of personal data
- accidental loss or destruction of, or damage to, personal data.
Top of page
5. More information
5.1 Other products
5.1.1 Law Society practice notes
5.1.2 Training and events
Lexcel accredited training and development in BCM implementation.
5.1.3 Law Society publications
Top of page