External threat, and its impact on the legal department’s ability to meet its mission and sustain its business processes during and after a significant disruption, is at the heart of business continuity planning. Unfortunately, many legal departments have not developed a business continuity plan (BCP) that will enable it to function during an emergency.
Four major steps are required for establishing a BCP: (1) risk assessment, (2) business impact analysis, (3) resources/needs assessment, and (4) business continuity plan. A proper risk assessment includes identifying internal and external threats that might impact your department’s ability to meet its objectives. You will need to brainstorm a list of threats and then review it in light of probability of occurrence. The business impact analysis determines what impact these threats might have on operations. The resources/needs assessment involves identifying the assets the legal department needs to function. An effective BCP will define levels of functional service over pre-defined time frames, such as 2 hours post incident, 24 hours, 48 hours and 96 hours. Providing this information in simple tables and charts rather than in a densely written report will be more useful during an emergency.
The legal department should test the BCP through an annual tabletop exercise, and record successes and possible areas for improvement. Between 2005 and 2016, tropical storms, floods, and other severe weather resulted in more than one trillion dollars in losses alone. Part of the economic losses were displacement and dysfunction of businesses. Legal departments cannot escape those problems; and they should be prepared.