publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/306297
• Ease of Use (Does the app require training?) • Resource Requirements (What costs are associated with the app? What additional infrastructure is needed? What internal or external personnel will be required?) • Speed of Implementation (How much time will pass before the app can be released?) • Security (Can the app keep our content secure?) Because so many factors affect mobile device and app security, they are not listed out in this initial matrix as they might overshadow all other items. After your firm has identified business goals and assessed the feasibility of providing mobile access to various enterprise content, you can examine the security implications associated with access to each type of content. Every firm handles security differently, and divorcing the security analysis from the feasibility analysis allows a more explicit weighing of security and risk after the firm has determined feasibility. 4. REVIEW YOUR GOVERNANCE POLICIES As you expose your enterprise content on mobile devices, check whether the tools you use will require changes to your information governance and data life cycle practices. Not only will users want the option to store content on their devices (and you risk hobbling productivity if you do not allow that), but many of the apps will also create local repositories. To ensure your mobile enterprise content initiative does not run afoul of firm practices, review the following areas to determine whether you need to propose new policies or revise existing ones: • Records Retention/Data Life Cycles: Many ECM systems allow data associated with a matter to be "locked down" when the matter closes, after which it is automatically archived and ultimately destroyed after a predetermined period. Data stored on mobile devices can elude these controls, and these pools of unmanaged content can create problems for your firm's risk management efforts. To mitigate this risk, require training so users know how to routinely purge unmanaged data from their devices. They should also understand how to migrate content from their devices into your ECM system. Most ECM vendors' commercial apps provide tools to return content from the mobile device to the internal system. • Litigation Holds: If your firm or department becomes subject to a litigation hold, that hold includes content on mobile devices. You need to update litigation hold practices to reflect content you might expose on mobile devices. Training on hold procedures should be part of your rollout plan. • HIPAA/Regulatory Compliance: Compliance with privacy regulations, including HIPAA and other federal and state regulations, is at the forefront of many firms' enterprise content planning. You will want to coordinate your mobility initiative with your firm's efforts, as stored content on mobile devices can place compliance efforts at risk. • Audit Trails: Many internal ECM systems provide robust audit trails to track content. Auditing information might not be as robust when that content is accessed or edited on mobile devices. Assess whether a lesser level of audit trail capability is acceptable to your firm. Many of the primary ECM vendors have improved the ability of their mobile apps to provide audit trails, so you can focus your concerns on auditing for other types of content you might expose, such as financial or docketing information. 5. DEVISE A MOBILE CONTENT CREATION POLICY Tablets and smartphones are great devices for content consumption, but they are not yet great devices for content creation. Although the recent release of native Microsoft Office editing apps for iOS might improve the experience (but only if you have a subscription to Office 365), the often-complex formatting of many legal documents could cause occasional document "damage" and content loss when edited on mobile devices. Embarrassment, or ILTA WHITE PAPER: APRIL 2014 WWW.ILTANET.ORG 25 10 STEPS TO AN EFFECTIVE MOBILE ENTERPRISE CONTENT STRATEGY