P2P

35 I L T A N E T . O R G created and approved in advance, by the appropriate Practice Group or Business leaders. The lessons learned from DMS workspace design to find the right balance of simplicity and ability to customize, while maintaining a uniform structure, can be used to inform site template design. If initiated as part of the NBI process, this can be largely automated, with exception based management. • Disposition – At the end of the matter, the collaboration site owner is responsible for ensuring that any records are moved to the appropriate repository, or otherwise maintained per firm policy. For example, if the DMS is the official repository for matter file records, the site owner has to move the relevant materials to the DMS within a certain time frame (e.g., 90 days after the matter is closed.) Any information left will be considered appropriate for disposition. Any administrative content will be disposed of per the firm's administrative records' retention schedule or related policies. 4. Security is a must A delicate balance needs to be achieved by providing users the appropriate access quickly, while maintaining the necessary access controls to comply with security, privacy, client requirements, and ethical obligations. With the hopes to drive adoption, access should be streamlined with minimal interaction necessary from a user. Absent any automated provisioning and access control software, collaboration site owners should be responsible for granting appropriate access, and that access should also respect existing ethical wall, confidential wall, and client defined constraints. Ideally, this happens during the creation phase of provisioning of a site. A streamlined process should be in place for adding additional users to a site. For example, a new user can simply call the HelpDesk to request access, which would be escalated through the appropriate confirmations. Thus, each site should always have a responsible attorney or business lead as the owner. In addition, periodic reports regarding membership and usage analysis should be provided to the site owners. Depending on the collaboration software in use, there might be software solutions to help automate access control. At minimum, the possibility of using existing security groups created by other applications (such as ethical wall solutions) should be leveraged to apply to the newly created collaboration sites. 5. Think in terms of existing systems The features available in collaboration platforms, and the new ways of working they facilitate, may require new governance controls. Collaboration platforms allow for documents to be created, shared, and updated outside of the firm's DMS. They create potential issues for the retention of chats and conversation threads that may document substantive decisions made during the course of a matter, they generate security challenges related to internal and external access, and, ultimately they create another repository which needs to be subject to the firm's governance policies and procedures. When a new collaboration platform is replacing an existing solution, additional consideration is required if the new collaboration platform introduces features that were not available in the solution it is replacing. Firms need to understand what types of content is being generated, and how and where data is being stored, as well as how that may differ from current workflows. For instance, discussions related to matter handling and document edits that may have previously been in an email saved to the DMS may now be in a discussion thread associated with the document. There needs to be a process in place to ensure that the information captured in the collaboration platform is preserved as part of the matter record. Clear communication that all matter-related content needs to be stored in the firm's official matter repository is essential, assuming the firm's policy is to store the matter record within the DMS. Firms should also look at how their existing systems in place to govern data can be applied to data in a collaboration platform. Consider how the provisioning process works, who can provision a collaboration site, and what are the security controls that need to be in place. Does the firm have an existing processes that govern DMS workspace provisioning and permissions? Can the underlying business logic from that process be utilized in provisioning collaboration sites? Does the platform honor existing access rules, such as those enforced by ethical wall solutions?

• Cover