Ensuring the smooth running of your IT service
For those of you who are responsible for managing the IT in your firm, this 3Kites article discusses some of the key points and questions that you may need to consider to ensure your systems are maintained correctly. In busy IT teams, some important but more challenging or mundane actions that require action sometimes fall through the net and, although some of these may not be urgent, they might come back to bite your business. It is therefore crucial that such actions are fully documented to ensure that systems are properly and securely maintained.
In larger firms, this may not be an issue as IT teams are able to allocate sufficient resources to ensure actions such as patching and documentation are tightly managed. However, in smaller firms where resources are more thinly spread, such tasks can get overlooked or sidelined by more urgent activity.
Here are some of the points for you to consider which, whilst not an exhaustive list, may help if you plan to start reviewing the IT processes that are required to help keep your systems running safely and securely. If necessary, 3Kites would be able to assist with your review – please contact us using the details below.
Do we have an up to date record of all our IT suppliers, the applications they provide, renewal dates for subscriptions/maintenance, notice periods, SLAs, etc?
Knowing what contracts you have with which suppliers is an important part of managing and maintaining your IT service. As a minimum, you should have a schedule of renewal dates with a clear understanding of the term of any renewal (e.g. annual/5 yearly) and the notice period or termination procedure if you no longer need the service. Being able to forecast any likely uplifts in costs and when these may happen is also a consideration for an annual IT budgeting process. In addition to financial planning, you should know what to expect in terms of response time to support calls, SLAs and the escalation process if these are not met.
Do we know if the latest patches have been applied to our systems (including firewalls, servers, PCs, laptops, etc)?
Applying patches can be time consuming in terms of planning, testing and execution and may mean that systems are unavailable while these are applied. However, if patching is not undertaken regularly or as required by changing threats then this could, in some circumstances, make your firm vulnerable to a cyber-attack which, if severe enough, could be an existential threat to your business.
When was the last time the firm tested recovering from a system failure or cyber attack?
Many of us are aware that systems need to be backed up but how often do you test that such backups can actually be used to successfully restore from a system failure or a cyber attack? Testing the restoring of files or an application can be time consuming as usually it will be necessary to set up a test environment. However, it is vital that this process is documented and relevant personnel are familiar with the process at the point when it is needed, not least as any given situation is likely to present unforeseen challenges.
Does the IT team know when the firm’s SSL certificates and authentication key/s need renewing?
Often overlooked, not just by the IT team but the suppliers as well, is a diary record of when security certificates need renewing. The first the IT team know about it is usually when users report that an application is not available. Although the issue can be remedied quite quickly, the issue would not have happened if the IT team or supplier had renewed the certificates in a timely manner.
How confident am I that we have a complete record of the correct amount of licences for the applications the firm is using?
Keeping track of licences can be taxing as some licence agreements can be more opaque than others. Nonetheless, it is important to remain compliant and to make sure that budgeting can be accurate, whether for more or less licences or additional products and the associated renewal dates for each.
3Kites Consulting has assisted several law firms with IT reviews to ensure that, amongst other things, procedures and documentation are recorded and actioned effectively. If you would like further information about how 3Kites can assist with your firm’s IT, please contact us using the following details:
Michele Asbury, michele.asbury@3kites.com
Jon Howells, jon.howells@3kites.com
ความคิดเห็น