Document Repositories: Balancing Security & Convenience

By: In: Law Firms On: Sep 01, 2015
Document Repositories: Balancing Security & Convenience

This past fall I was asked to participate in the construction of a white paper that would provide guidance to firms confronting the challenge of locking down their document repositories, so that firm members have the least amount of access necessary to perform their jobs. I was excited to work on such a paper, because I knew from conversations with my peers, from my involvement with ILTA’s LegalSec initiative, and from my own experience working on client audits that this issue was a hot topic.

As the task force was assembled, I became even more enthused as it became apparent I was working with a “dream team” of information governance (IG) experts in the legal community, with several experienced writers, and established leaders in the IG field. After months of lively debate and insightful conversation, we produced the newly-released Transitioning from an Open Environment to a Closed Environment Task Force Report. In the paper, we examine the trends driving firms to consider this change, discuss the obstacles most firms will face, discuss a number of potential solutions, provide a set of practical guidance tips, and explore a few case studies from firms that have started (or completed) the journey from open to closed.

As the team discussed and debated the best approaches for guiding a firm down the path, we agreed there were several interesting questions to consider. For example:

  • Securing every document created to only those who need access is both culturally and logistically a daunting task, even for the most structured and disciplined of law firms. What solutions can a firm pursue that strike the right balance between security and convenience?
  • Many of the same clients who require a change to how law firms protect their documents, also expect law firms to use their experience and knowledge to perform the work as efficiently as possible. For many firms, the document management system is the primary source of firm knowledge, and restricting access to documents can make it less efficient for a lawyer to find precedent work. How can firms make their DMS more secure and still meet their clients’ expectation of efficiency?
  • A set of controls is only useful if they are adhered to. What are the challenges in preventing busy attorneys from circumventing document security controls while still empowering them to collaborate as necessary?

We have addressed these issues and many more in the Transitioning from an Open Environment to a Closed Environment Task Force Report. We hope it can provide some guidance to those facing the significant challenges presented by such a transition.


Looking for more industry leading-practices, developed by law firm IG practitioners? The 2015 Law Firm Information Governance Symposium reports are now available:

Transitioning from an Open Environment to a Closed Environment Task Force Report

Global Information Governance Considerations for Law Firms Task Force Report

Information Governance as a Management Strategy Task Force Report

Dark Data Task Force Report: Identification and Remediation of Dark Data in Law Firms

← The Standard is the Standard: ISO 27001 & Law Firms Global Information Governance: Drawing the Roadmap →

Leave A Comment


About the author

Brian Donato

Brian Donato has worked in the field of Information Technology for nearly 30 years. With experience ranging from software developer to process engineer to IT Director, Mr. Donato brings a broad technology and business background to his current position of Chief Information Officer at the law firm of Vorys, Sater, Seymour and Pease LLP, where he has worked for the last 17 years. Prior to that, Mr. Donato spent nine years at State Savings Bank. To help practice what he preaches, Mr. Donato currently serves as technical advisor for the Firm’s Privacy and Health Care practice groups, and has assisted on a number of representations involving forensic investigations. He is the firm’s Security Officer, and is responsible for authoring and implementing the Firm’s information security policy. He also led the effort to roll out the firm’s security awareness program. Mr. Donato currently serves on the Information Governance steering committee for the International Legal Technology Association (ILTA), is part of the ILTA LegalSEC steering committee, and is a Task Force leader for the Law Firm Information Governance Symposium work group.