The questions law firms should be asking their cloud computing providers

Print This Post

29 July 2015


Posted by Nigel Wright, MD of Legal Futures Associate ConvergeTS

Wright: international regulation may conflict with SRA requirements

Wright: international regulation may conflict with SRA requirements

Cloud computing is proliferating the legal sector as firms see the benefits of having effective business continuity procedures in place and being able to offer staff more flexibility around how and where they work.

But while most firms strive to put the protection of client information and data at the top of their priority list, how many firms actually have full knowledge about their provider? And how many are compliant with the Solicitors Regulatory Authority’s (SRA) code of conduct?

The SRA recently consulted on regulatory reform, of which cloud computing and technology formed part. It was asking law firms specifically if its current position of being able to enter firms’ and providers’ premises to inspect records is stopping firms from taking advantage of new technology, such as cloud computing.

Specifically, the SRA wanted to know if it should provide clearer guidance, explaining that this is not always necessary to enter premises; or make changes to the outcome to make it clear that contractual arrangements (with third parties) need to allow for the SRA to monitor compliance, which may still include entry.

Currently, firms must ensure that their outsourced cloud computing solution is subject to contractual arrangements that enable the SRA or its agent to obtain information from, inspect the records (including electronic records) or enter the premises of, the third party, in relation to the outsourced activities or functions.

On this particular issue, the SRA clearly sets out its minimum standard for firms wanting to work on the cloud. Of key importance, is the onus on firms to conduct the necessary due diligence on potential providers, asking the right questions to ensure compliance. It is not down to the provider to do this – and not all providers are SRA compliant.

Some international suppliers may not necessarily provide the best solution, as they may be accountable to international regulation on data disclosure that conflicts with the SRA requirements.

Firms need to know specifically:
• What is the infrastructure of the proposed data centre?
• Who is the owner of that data centre?
• What is their capacity?
• What is their disaster recovery failsafe?
• What security is being offered in the event of failure or destruction of the physical premises?

Failure to know this information could result in costly fines if the SRA asks questions that firms cannot prove they have answers to. Most importantly, not knowing can cause reputational issues, which will ultimately impact firms’ profitability and their clients too. From a risk management perspective, it’s better to be safe than sorry.



Leave a comment

* Denotes required field

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms and Conditions which deals with user-generated content. All comments will be moderated before posting.

Legal Futures Blog

The digital deed: what will the digital mortgage mean for property transactions?

Andrew Lloyd 2017

Over the past 20 years, nearly all aspects of our financial lives have migrated online, from tax returns to banking. Yet arguably the most important and protracted financial process in our lives has remained doggedly devoted to the paper based world. A single signature in Rotherhithe, south-east London, on 4 April, however, may have just lit the touch paper for transforming this process. By signing the UK’s first ever digital mortgage through the government’s new “sign your mortgage deed” service, a signal was sent that the home-buying process is finally on course to be digitised, simplified and streamlined.

May 24th, 2018