Before September 11th, Ralph H. Baxter looked a little
paranoid. The chairman and CEO of Orrick Herrington &
Sutcliffe LLP, with ten offices in four countries, is
building a global operations center for his law firm in
Wheeling, West Virginia. The firms client files, its
own data, including its financial and accounting
records--its nerve center--will be maintained and run in an
old building the firm is renovating in a town not exactly
known as the epicenter of the legal or high-tech world. And
thats what appealed to Mr. Baxter and the firms
information technology director, Patrick Tisdale.
Why a global operations center and why Wheeling? Because
the data will be safe and well-supported there.
Theres a reliable supply of energy, and little
risk of natural disaster--no earthquakes, no
hurricanes, explains Mr. Baxter, whose San Francisco
office survived the October 1989 earthquake with little
damage. The biggest flood they had on the Ohio River
around here didnt rise above the first floor.
And so come this March, the firm will begin operating
redundant systems through May, and then eventually use the
Wheeling facility as its sole global operations center.
In the wake of September 11, Orrick doesnt look
paranoid, but prophetic. The firms largest office is
in New York City, with 200 lawyers. Although the firm did
not lose anyone in the terrorist attacks, its clients were
directly hit, notably the Port Authority of New York and New
Jersey, which had developed the World Trade Center and whose
employees, including its CEO, were. In a sense, anyone
and everyone is at risk--we might be hit by a bus or struck
by lightening, says Mr. Baxter. And terrorism, too, is
part of our new reality now. Though the legal world outside
Orrick might not be able to build a global operations center
by March, we can and should be better prepared for
There are two aspects to security: first, protecting
peoples lives, and secondly, protecting their work, or
data. But the best-laid plans are worthless if they are not
known to the employees and followed by all involved. At too
many law firms, lawyers and staff treated security
nonchalantly. That has certainly changed after the terrible
events of September 11th. Ironically, lawyers who advise
their own clients on how to avoid every possible business
risk took great risks with the security of their own firms,
as well as that of the employees of their firm. This is now
changing. This article will address a few steps that firms
can and should take in the wake of the terrorist attacks on
the World Trade Center and the Pentagon.
1. Walk the walk.
On September 11th, many of the World Trade Center
employees who survived the attacks came from firms and
companies that had survived the 1993 bombing of the Twin
Towers. They followed their evacuation instructions to the
letter, despite an announcement on the public address system
in the second tower telling them to return to their desks
because all was well. Furthermore, there had been
improvements made in the evacuation route since 1993: The
emergency stairs were well-lit. They had not been in 1993,
and people had had to walk down pitch-black stairways.
Lights had been installed in the intervening years. It is
cold comfort, given the number of dead, but the lights
helped forestall panic among those who survived. They were
familiar with the evacuation plan, and so they knew what to
do, and knew where to gather or to whom to report after
evacuating the building. Is the same true of your firm?
Have you walked the evacuation route of your law firm?
Please do so, and advise your clients to do so in their
2. Appoint a safety officer for
each work area.
Immediately assign safety issues to someone in authority.
One person should be in charge only of ensuring that
everyone is aware of evacuation plans and knows how to exit
the building safely. People should know where to gather, or
to whom to report, so that all can be accounted for after
the building is evacuated.
Designate a place (or two places, depending on the size
of your staff) where employees who have evacuated an office
will go to assemble. It is important to be sure you can get
a head-count, and help them back home, or to another,
make-shift office space to continue work if feasible.
Whether all or some employees will resume working
immediately after a disaster depends on their health and the
type of event that precipitated the evacuation of the
3. Establish a cyber-rendezvous
Set up a Web site as a check-in point as well. These Web
sites were indispensable on September 11. If someone is out
of the office at the time of the disaster, they can also
check in at the cyberspace rendezvous point, and the site
can be made public, so that family and friends can see who
has been accounted for.
Obtain alternative e-mail addresses and cell phone
numbers for all those who work in an office, so that a way
to contact people, other than their work contact
information, is on file. Remind people to update their
information every time they change their coordinates.
Work continuity issues can be assigned separately to
someone else, probably in the information technology
department. The goal is, first, to safeguard lives. The
second goal is to be able to continue working even if your
office or your building is inaccessible for some period of
4. Educate people that disaster
planning is nothing new.
To avoid unnecessary paranoia, put the strength of your
institution in its historical context. Sidley & Austin
(now Sidley Austin Brown & Wood), with 600 employees in
the World Trade Center, miraculously survived September 11th
with only one employee missing. But the firm had also
survived the Great Chicago Fire of 1871 that decimated that
city, and Brown & Wood had survived the first bombing of
the Twin Towers in 1993.
Most law firms and courts have proud histories of
surviving war, floods, fires, civil unrest, and
controversial verdicts that threatened (or produced)
violence in their immediate surroundings. Disasters, and
disaster plans, are nothing new. Institutions in the
Midwest, which have experienced serious flooding in recent
years, and those in hurricane- or earthquake-prone areas,
have had long experience with this.
5. Knowledge is power, and produces
Consider giving out wallet cards that explain
to employees emergency procedures, including what to do
during and after an evacuation. It never hurts to be
forced to take a hard look at our vulnerabilities and figure
out where we can do better, says Kyle Christensen,
Senior Communications Specialist for Thomson Legal &
Regulatory, West Groups parent company.
Weve been fortunate to be able to coast for a
long time with very little threat to our personal security,
and this has probably been a wake-up call to the fact that
were not invincible.
Protecting data is a whole different ballgame. Loren
Jones, director of WestWorks customer care, a division of
West Group, says that September 11 is really going to
push us more firmly towards implementing document imaging
systems. The less we rely on the paper, as being the
ultimate object of our business fascination, and begin to
rely more on electronic versions, the better off well
Many firms in the Twin Towers had prepared for the
expected Year 2000 computer glitch by backing up their data
and mirroring their computer systems off-site. That is one
reason why many companies and law firms, even though
devastated emotionally and of course physically by the
terrorist attacks, were able to pick up work largely where
they had left off. For example, thanks to electronic filing
at the Southern District of New York, in which the files of
the court were mirrored in Washington, D.C., the lawyers and
court employees in New York were able to continue
functioning, despite the New York courts being closed
for a week.
Article after article pointed out the firms [in
the Twin Towers] were well-protected from the standpoint
of their data, noted Mr. Jones. Their billing
systems were backed up, and their document management
systems were backed up, but they were all scrambling to
recreate the massive loss of paper files--scrambling to the
courts to get copies of pleadings, and going to opposing
counsel to get copies of files. For our day to day
transactional needs, recommends Mr. Jones, we should rely
less on paper.
In fact, one of the many images that people will take
away from the tragedy is the paper scattered all over Ground
Zero. Like the lives lost, the paper is irretrievable.
That is the opposite of what many lawyers think. The old
belief system is that the paper copy is safe and secure, and
that the computer file is prone to mystical disappearances
at critical moments. But the truth is that paper is the most
perishable. You can easily replicate the electronic data and
have it stored in multiple places.
A consensus is emerging that a law firm should have at
least two sets of disaster recovery files and backup tapes
of your computers data. One copy should be stored on
your office site in a secure, fireproof, location. Another
complete copy should be stored off-site.
These files, like extra paper copies that lawyers are
enamored of, are useful for minor disasters, such as a lost
document or hardware failure, as well as major
Large businesses, like West Group, have long used back-up
data centers. West has two data centers,
explains Mr. Jones. There is a primary data center and
what we call the bunker. The latter is literally built
like a bunker, and is located a physical distance away from
the primary data center in Eagan, Minnesota. The main plant,
which has power feeds from two separate sources, is on the
primary approach path from the Minneapolis-St. Paul airport,
and is built to withstand a crashing 747 airplane and be
able to continue to operate. We can keep our presses
rolling even if theres a blackout, he says.
Its necessary to counter the paper mindset that
prevails in many legal environments, says Mr. Jones. I
point out that systems like Westlaw, that have been online
for 25 years, experience a total outage in a typical year
that can amounts to a few minutes. By contrast, paper
outages are much greater, even excluding fire or
flood. Paper gets lost, and if its the only copy, it
is irreplaceable. If everything is committed to
digital storage, you have the ability to replicate all of
that information, Mr. Jones notes.
Still, lawyers will protest, noting that computers freeze
up and that digital documents can be lost in new ways
online. Good systems are key, emphasize Mr. Jones.
Most of the data loss that people experience are not
with the high-end backoffice systems, he says.
Theyre thinking of their Windows 95 machine
crashing and freezing, or Word or WP trashing a document.
Its kind of like saying, Because my 73
Chevy broke down on the road, I cant depend on public
transportation to get me to work. On the public
transportation side, he said (thats the high-end
computer systems)--there are professionals monitoring the
equipment, handling maintenance and managing optimization
that isnt happening on a 73 Chevy.
Perhaps someday the Orrick solution--the off-site global
operations center--will become everyones solution.
It never hurts to be forced to take a hard look at our
vulnerabilities and figure out where we can do better,
says Mr. Jones. If we examine our vulnerabilities, and take
action to improve, then what didnt kill us, may leave
Wendy R. Leibowitz is an attorney and writer in Washington, D.C., and the editor of E-Filing Report. Her Web site is
This article was first published at LLRX.com.