Issue link: https://epubs.iltanet.org/i/74024
www.iltanet.org Take into consideration the roles and requirements of each stakeholder community. Business, People and Process Considerations Identify Key Stakeholders: Identifying relevant firm stakeholders at the start of the initiative is essential as it establishes the key points of contact with whom the project team will need to interface, collaborate, and consult to address business and technical issues throughout the process. Designating a representative from firm risk or management teams as an overall project sponsor will greatly enhance the speed and success of the project. At some firms, IT owns information security and will manage the software solution. Increasingly, however, risk stakeholders are directly responsible for managing the software and associated processes. Therefore it's important to engage risk teams early in the process to ensure that the technology is configured to best address their specific requirements and supporting processes. Identifying representatives from the stakeholder communities that will be impacted by the new software will provide a clear path for input and feedback throughout the project. These communities may include specific practice groups or lawyers, business management and staff constituencies, including secretaries, paralegals, IT and support staff. Respond to Relevant Business Drivers: Once the key stakeholders have been identified and engaged, it is important to work closely with them to identify 24 ILTA White Paper the specific scenarios the firm seeks to address with a confidentiality management solution. As well as traditional scenarios that attract the need for access controls (such as matters related to price-sensitive information), information barriers may also be required to ensure that a lateral hire cannot access certain information. For instance, if an incoming partner brings new clients to the firm, there may be conflicting interests with the firm's existing clients, and effective ethical screens will mitigate the risk of a breach of confidentiality or commercial terms. Other considerations include restricting temporary workers and secondees from certain information, as well as erecting wider barriers that restrict access to all of a particular department's matters — typically private client or specialist teams, such as tax departments. Similarly, project leaders should map security enforcement processes they wish to put in place for specific scenarios. For instance, some situations may call for exclusionary barriers that restrict only specific individuals from accessing specific client-matter information. Other scenarios may call for inclusionary models that prevent all but an explicitly designated list of personnel from accessing particular information. Address Policies and Working Practices: As part of the adoption process, firms must also consider how they wish to map, enhance or replace any existing ad hoc confidentiality management processes in the software-