The question on cloud is often asked in this way. Is it secure? To this particular question, understanding the security posture of a cloud-based Document Management System (DMS) is critical. Before we dive into what that means, let’s explore why DMS exists to begin with.
For environments where documents are a significant part of the work product, having an organized and secure repository for those files should be standard operating procedure. This has been true for law firms starting in the 1990’s. Over the years, that ecosystem evolved to include numerous other programs but the fundamental need to manage documents effectively has remained. Law firms are unique in that the product they produce is in the form of documents whether they be briefs or agreements. As such, the management of documents including naming conventions, versions and security are critically important. These requirements are not specific to the legal industry. Health care, pharmaceuticals, manufacturing R&D are just a few examples of industries that currently benefit from or would benefit from a DMS.
Client security requirements and or regulatory requirements such as HIPPA, GDPR and others introduced in the last few years has meant the implementation of more robust information governance capabilities, including retention and disposition. The persistent need to manage knowledge has driven the evolution in DMS platforms and strategically focusing on cloud or SaaS (software as a service) based systems.
Therefore, here we are. As an industry law firms are making the switch from on premise, traditional DMS systems, to those that are SaaS/cloud to take advantage of newer features, better security and ease of deployment.
When evaluating cloud based DMS key factors to investigate are whether the entity meets SOC 2+, HIPPA, FINRA, FIPS Level 3 standards.
The persistent need to manage knowledge has driven the evolution in DMS platforms and strategically focusing on cloud or SaaS (software as a service) based systems
Is erasure coding utilized, dual custody encryption, and does the platform apply a unique cipher key per digital file? Does it support Customer Managed Encryption Keys (CMEK)?
Exploring these options further, will the Cloud based DMS include features such as Artificial Intelligence, machine learning and or robust full text searching. Is it compatible across the various browsers, e.g., Edge, Chrome, and FireFox? Is the vendor investing in features and functionality that are forward thinking making the investment a long-term strategy and not a short-term solution?
Will a new Cloud based DMS impact everyday work. Will it create efficiencies, support collaboration and meet the needs and requirements of your industry and or your clients. These are the reasons you make the financial and resource commitment to such a large, complex and relatively expensive project. To be clear, don’t move off a legacy DMS just to go to the cloud. Consider if moving off a legacy DMS will enable better results in areas such as client service, knowledge management, and security.
After finalizing the decision to move from the on premise platform, the real work begins. Within the context of any large, complex project, the amount of planning that goes into the migration to the cloud based platform will be as comprehensive as any project you will likely undertake. Your team may consist of internal resources and external resources including subject matter experts from the vendor team and external project management resources.
Begin by identifying key stakeholders and forming a project Steering Committee. Your Steering Committee will be responsible for policy decisions and project communication. The role of the committee is to weigh in on key decisions such as how much of your legacy data should be migrated into the new platform. Make sure to spend the time up-front, in advance, to insure the best outcome. This could take months as you determineif all documents from existing repositories, whether a DMS or file shares (unstructured data) should be migrated. Consider setting a fifteen-year threshold unless your industry has other regulatory requirements.
Prepare your training team to deliver the best learning opportunities for your organization. If needed, consider hiring a third-party training company that has experience with the particular DMS you are implementing.
A key element to any successful project is communication. Let your organization know why the decision was made to implement a DMS and or moving the current system to a cloud based DMS. Provide opportunities to obtain feedback on features and capabilities. Explore with your organization and within specific departments what their unique requirements might be and design with those goals in mind.
In closing, if you are evaluating moving some or all of your system(s) to a Cloud based platform the keys to the success of that initiative are: evaluation, planning, communication, training and execution.