The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/1048931
P E E R T O P E E R : I L T A ' S Q U A R T E R L Y M A G A Z I N E | F A L L 2 0 1 8 27 It's vital that your new cloud provider is SAS 70 Level II (USA) or ISO 27001-accredited (UK & Europe). If it is, it will have rigorous systems in place to protect your data against all threats physical and human. It will regularly scan its servers and applications, penetration test and check every aspect of data security to meet strict ISO 27001 guidelines - and use industry-standard 128-bit SSL encryption for all data transfers of your documents. If the company is ISO 27001-credited it will also be regularly audited by a government approved body to ensure it's processes are bullet-proof. Ask where the provider's servers are located, and ideally choose a provider that will host you in the country of your choice. For example, if your data lives on SAS 70 Level II US-based servers your data need never leave US borders - even if accessed in other countries. This protects your valuable data against being seized and scrutinized in other jurisdictions without your knowledge, and significantly protects against hackers. Final thoughts Office 365 and Google docs work well enough when collaborating with internal co-authors, though all users will need a Windows or Google account. Questions also remain over where in the world the servers holding your data are located and consequently, how secure the data is. Issues also start to arise when you introduce external co-authors to your document collaboration process. Some law firms don't allow their people to collaborate with external parties with Windows or Google because of security concerns. For those that do allow it, there's the stumbling block of setting everyone up with Office 365 accounts: not always a straightforward task. New competitors to Microsoft and Google are now emerging, offering stronger security and auditing, easier external sharing, and dedicated servers that can be hosted by a law firm's own team. These new technologies allow law firms to collaborate with anyone, anywhere, ultra-securely, using only their internet browser, on servers dedicated to just one law firm's use. If your firm has so far prohibited real-time co-authoring because of data security fears, this ban makes sense until you find a supplier which ticks the above security boxes. If it does, your firm is safe to proceed and take advantage of the benefits of faster, easier, secure real-time co-authoring. Your clients will thank you for it! ILTA The document co-authoring system should also enhance your firm's brand. It's now possible to seamlessly bring your co-authoring facility into your firm's website with a login page that takes users to the co-authoring area. The co-authoring area itself can be as sleek and professional as your firm, custom-designed with your logo, images and branding. The document portal can be the dedicated online home for each document, with each document's url incorporating that of your your firm, rather than Microsoft or Google. Everyone working together on the one Master document hails the end to the era of document downloads and uploads, multiple versions and endless bottlenecks spent waiting for colleagues' changes to be sent through. Everyone can see edits in real time because everyone has access to the same document which never needs to leave its home on your document portal. Choose a supplier that provides familiar document types for you to work on - like Word, Excel and Powerpoint, and a familiar track changes function that can be used to keep a record of every change made. This is not only useful for compliance, but also for reverting back to an older document version if necessary. Ensure your new co-authoring system includes a comprehensive, tamper-proof audit trail that provides you with real-time reports. These reports should let you drill down to see which folders and files individuals or companies have viewed, edited or printed, for how long, and when. Granular security will allow you to designate varying levels of access. For example you can assign permissions to access, read only, download or edit to different individuals and groups. Restricting who can print is valuable because once a hard copy exists, it's very easy to physically distribute. These restricted roles make it hard for anyone to accidentally or deliberately steal data. Everyone working together on the one Master document hails the end to the era of document downloads and uploads, multiple versions and endless bottlenecks spent waiting for colleagues' changes to be sent through.