Business Continuity Planning Checklist

List the functions the firm cannot suspend without ethics or client harm: docket and SOL calendaring, IOLTA disbursements, e-filing, conflict checks, privileged-document access in the DMS, and partner-level client communication. Note the maximum tolerable downtime for each — a missed SOL or hearing date is a malpractice event, not an inconvenience.

Score each scenario (ransomware, regional power outage, building inaccessibility, key-person loss, PMS or DMS vendor outage) for likelihood and client-impact severity. Cyberattack on the DMS is the dominant scenario for most firms — Rule 1.6(c) reasonable-safeguards exposure plus state breach-notification timelines.

Document Recovery Time Objective and Recovery Point Objective for the DMS (NetDocuments, iManage), PMS (Clio, Centerbase), trust accounting, email, and the docket/calendar system. RTO under 4 hours is typical for docket; under 24 hours for billing.

Name a managing partner sponsor, firm administrator (incident commander), IT lead, and practice-group designees for litigation, transactional, and any regulated practice (immigration, family). Each role gets a primary and a backup — a single point of failure during a real incident has caused missed e-filings.

Cover evacuation routes, shelter-in-place protocol, and lockdown for client-confrontation scenarios (family-law and criminal-defense firms). Address the file-room: paper originals (wills, signed agreements, notarized deeds) are not replaceable and need a documented retrieval-or-abandon decision rule.

If the responsible attorney is unreachable during a disruption, who pulls the docket and files the emergency motion or extension request? Identify backup attorneys for each practice group and confirm CM/ECF and state e-filing portal credentials are accessible to them through the firm's password manager.

Map who notifies whom and on what cadence: attorneys to active-matter clients, firm administrator to opposing counsel and courts for filing extensions, IT to the malpractice carrier if a breach is suspected. Rule 1.4 requires reasonable communication with clients; silence during a multi-day outage is itself a problem.

If Microsoft 365 is the disruption, the contact list inside it is useless. Keep an encrypted offline copy (printed sealed envelope in the partner safe, or a secondary cloud) of attorney mobile numbers, court clerks, key client GCs, malpractice carrier hotline, and IT vendor escalation paths.

Template a client outage notice, a motion for extension of time citing extraordinary circumstances, and (separately) a state-law breach-notification draft. Drafting these under pressure produces errors; pre-approved templates with blanks for facts and dates are the discipline.

Confirm what the SaaS vendor backs up vs. what the firm must back up itself — most PMS contracts give you operational continuity, not a portable export. For NetDocuments, iManage, and Clio, validate that a third-party backup (Spanning, AvePoint, vendor-native export) covers documents, metadata, and version history.

Trust ledger reconstruction is a Rule 1.15 obligation — losing the client-ledger detail behind an IOLTA balance is a disciplinary referral in most states. Verify monthly export of the three-way reconciliation, client ledgers, and bank statements to immutable storage (S3 Object Lock or similar).

A backup that has never been restored is theory. Pick a sample matter and restore its DMS folder, time entries, and trust ledger to a sandbox; measure the actual time and document gaps. Capture the result as evidence for the malpractice carrier's annual questionnaire.

Document who works from where during a building-loss event. Identify a backup conference space for depositions and client meetings — most boutique firms have a reciprocal arrangement with a co-working provider (Regus, local bar association lounge) or sister firm.

Rule 1.6(c) requires reasonable safeguards. Confirm MFA on the DMS, PMS, email, and password manager; full-disk encryption on firm laptops; and that personal-device access (BYOD) is gated through a managed browser or MAM profile so privileged work product is not synced to a personal iCloud.

Log into PACER/CM-ECF and the relevant state portal (NYSCEF, Texas eFile, File & ServeXpress) from a non-office network. Some courts whitelist office IPs for filer accounts; discovery during a real outage is the wrong time to learn this.

List vendors whose outage stops billable work: PMS, DMS, eDiscovery platform (Relativity, Everlaw), court-reporter agency, process server, expert witness, IOLTA bank. Note the contractual SLA and the firm's fallback for each.

For SaaS holding client-confidential data, request the current SOC 2 Type II and the disaster-recovery section. If the vendor cannot produce one, that is itself a Rule 1.6(c) finding the firm should escalate.

Institutional clients (corporate GCs, insurance panel counsel) increasingly require firms to attest to a continuity plan in their outside-counsel guidelines. Send the executive summary to OCG-governed clients and log acknowledgments.

Walk a ransomware scenario start to finish: detection, isolation, carrier notification, client communication, court extensions, restore. The point is to surface decisions nobody had previously owned — who calls the FBI field office, who authorizes a ransom decision, who pauses outgoing wires from operating and trust accounts.

Cover the plan with all attorneys and staff. Many states allow 1 ethics CLE credit for a BCP/cybersecurity session led by qualified counsel — coordinate with the CLE administrator if you want the hours to count.

Cross-check the plan against state bar trust-accounting rules, state breach-notification statutes, the malpractice carrier's annual questionnaire, and any client OCG attestations. Note any deltas for managing-partner review.

For each gap, log a remediation item with owner and target date in the firm's project tracker. Re-run this checklist's affected sections once gaps close; do not let the annual cycle be the only forcing function.

Final approval and signature on the BCP document, with the next annual review date set. Store the signed plan in the DMS under firm administration with restricted access — it contains sensitive infrastructure detail.