Issue link: https://epubs.iltanet.org/i/37773
SHAREPOINT AS A DMS: NEW REQUIREMENTS, NEW RISKS (AND NEW REWARDS) “Even positive change can impact short-term productivity and create unexpected headaches.” The net impact is that clients are increasingly reviewing firm compliance capabilities as part of RFP processes and promulgating stricter outside counsel guidelines, which have been known to even include audit rights. In response, law firms continue to enhance their internal capabilities to address these requirements in order to keep up with their peers and industry standards. Some are going as far as to pursue external ISO 27001 certification of their information security management systems and practices. But certified or not, from an information risk management perspective, firms need to be able to: • Enforce proper access controls and restrictions • Maintain audit trails to demonstrate compliance, including not only a record of security, but also the “human” side of the confidentiality lifecycle (internal notifications and policy acknowledgements) • Monitor user behavior to trigger a “red alert” when suspicious activity could indicate a potential problem (data leakage, impending lateral departure, etc.) SHAREPOINT AND INFORMATION RISK On a technical level, one of the most pressing issues any firm looking to use SharePoint for document management must address is the ability to enforce restrictions regarding access to sensitive information. Presently, SharePoint does not possess an “explicit deny” security capability. What this means is that there is no intrinsic way www.iltanet.org Portal Platforms 37