By Brian Piatek
Clients are increasingly demanding that law and accounting firms, as well as corporate law departments, comply with both internal audits and external regulatory requirements. It’s crucial to adhere to these increased internal security protocols to reduce the risks of data exposure without impacting user productivity. Using your Document Management System (DMS) as the foundation for Information Security, Availability, Confidentiality, and Privacy efforts will help your firm meet these demands.
iManage Work DMS and Security Policy Manager
The iManage Work DMS, combined with Security Policy Manager (SPM), can protect sensitive information at multiple levels based on your firm’s needs. If SOC2 compliance is required, adding SPM will significantly help achieve this. SPM ensures that your document and data security efforts are complete, valid, accurate, and authorized, meeting the entity’s objectives as defined by the AICPA.
Assurance Provided by SPM
SPM provides assurance that your security efforts:
- Are complete.
- Are valid within the context of why the data is being protected.
- Are accurate and audited.
- Show a clear channel of authorization, meeting your firm’s stated security goals.
Protection Across Various Environments
SPM can protect information in various environments, including CloudiManage, on-premises iManage DMS installations, Windows folders, and SharePoint installations. It can enforce access lists internally for staff and managers, reducing both casual and intentional vulnerabilities.
Mitigating Internal Risks
Much of the risk of data exposure comes from internal sources. For example, a clerk accidentally accessing confidential client information and sharing it on social media is a significant problem. Purposeful access for personal vendettas, financial gain, or industrial sabotage can also be mitigated through SPM reporting.
Enhancing Compliance with Threat Manager
iManage also offers Threat Manager to help mitigate internal threats and enhance compliance with firm goals. With SPM, unauthorized persons cannot open or even search for documents or related data. Ethical Walls can be created to exclude certain individuals or teams from accessing specific matters or projects, ensuring confidentiality and privacy.
Further Restrictions for Confidential Documents
SPM ensures that confidential documents, such as HR or financial information, have further restrictions. Sharing documents follows the same rules as direct access, and SPM accomplishes security tasks without compromising data availability.
Achieving Regulatory Reporting Demands
Using SPM with iManage Work enables your firm to meet regulatory reporting demands. Client audits of document access become streamlined and verifiable, allowing quick and accurate responses to audit requests. SPM can show who accessed a document on a specific date and provide a granular history of the document.
Shielding Sensitive Data
In the event of a data breach, SPM, in conjunction with a DMS, can shield your most sensitive data. SPM regulates access on a need-to-know basis, potentially shielding your data and narrowing any breach through detailed reporting.
Recommendations for Data Security
iManage recommends containing local data stores on encrypted volumes with well-managed encryption keys. CloudiManage data is always encrypted, and clients can manage their own encryption keys if desired. Communication between SPM, the DMS, and client software is also encrypted.
Impact on IT Operations
Using SPM does not have to severely impact daily IT operations. Rules can be set up to automatically grant access to protected data when individuals join specific departments or project groups. Assistants can be linked to their principals for automatic access adjustments, and IT can make manual assignments with auditable comments.
Consistency Across Data Repositories
The goal of using SPM with an iManage DMS is to provide consistent Information Security, Availability, Processing Integrity, Confidentiality, and Privacy across data repositories, whether on-premises or worldwide. SPM offers consistency without creating multiple policies for each repository, applying the same set of policies across multiple repositories.
Please contact an Innovative Account Executive for more information.
