Blog Viewer

Vendor Governance to Integrate Teams and Document Management Systems

By Reggie Pool posted 03-11-2021 09:32

  
Please enjoy this blog post authored by Reggie Pool, Senior Director, HBR Consulting LLC.

This is the third article in the series on Teams governance, addressing the challenges and benefits of Teams and Document Management Systems (DMS), including managing safeguards, classification, policies governance, and effective change management.

Many firms look at Teams as yet another location where content will be stored and information will need to be managed, often viewing it as another area of risk leading to non-compliance with the existing DMS policy. But the impending adoption of Teams doesn’t have to be viewed as a negative. With an effective governance strategy in place, a measured implementation of Teams can increase the use of the firm’s DMS, thus enhancing existing content management safeguards, classification standards, and policies.

Content Management Safeguards

The best method for ensuring an effective level of safeguards for combined Teams and DMS usage is an effective governance program. The process of developing the governance strategy will provide a view into the existing and potential control and management of information, identifying opportunities to increase the level of compliance with the firm’s policies and client requirements.

While a true governance strategy will incorporate multiple areas such as messaging and meeting policies, organization-wide application configuration options, and lifecycle management, specific aspects of the strategy should guide in the integration of Teams and the DMS. Some of the more important activities are listed below:

  • Design the Teams framework to match how attorneys work across practice areas, providing a workspace that encourages collaboration and centralizes their activities. Remember, the more content that can be pulled into Teams, the more information that will be pulled into the DMS that may not have made it there before.
  • Develop a content placement strategy (CPS), which determines where content should live and how it will be managed, that can be documented and communicated across the firm. This will help to ensure that content is managed in the location best suited to protect and control that information. This approach will help ensure that the right content goes in the right location, allowing Teams and the DMS to be viewed as complementary solutions.
  • Identify the use cases and develop the appropriate Teams strategy that is built around the CPS, to ensure content synchronized to the DMS.
  • Provide change management and personalized training on the use of Teams to promote collaboration, coauthoring, and centralization of content creation, as well as management within the platform. Change management and training that increases use of Teams for collaboration reduces reliance on email, file shares, and hard drives. When tied to an effective Teams DMS integration strategy, the use of Teams as the hub for content management and collaboration ensures content can be synchronized back to the DMS for protection as an official system of record and management in line with firm policies.

Classification Standards

An effective governance plan will leverage the Teams framework to ensure content is properly classified. 

Public or private

At a base level, classification as it relates to Microsoft Teams means that a Team will be either designated as public or private. Public Teams are visible to everyone within the organization:  anyone in the firm can join them. While public Teams have their place, they also provide immediate challenges when dealing with client content. When a Team is classified as “private,” it is hidden by default and membership is limited to only those who have been officially assigned as a member. Because of their nature, private Teams are more appropriate for client-related content, and firms should always create private Teams in connection with most matter-specific collaboration.

Team provisioning

In addition to the Team classification of public or private, defining how Teams will be provisioned (departmental, practice area, client/-matter) will determine how to configure the DMS integration, including the framework for provisioning, membership controls, and options for automating the lifecycle management process between Teams content and the DMS. Creating Teams that match up to the firm’s practice areas and specific client matters will ensure content is classified and thus synchronized into the correct DMS workspace, providing the best structure to address ethical wall and additional client specific requirements.

Determining Team classification

The type of Team and how it might integrate with the DMS will be an important decision point that firms should make as early in the Teams adoption process as possible. The firm should understand how it will be using Teams and when the DMS will need to be integrated for proper management of content. A few examples and relevant considerations are listed below:

  • Operational Teams – Should the firm enable Teams for each operational area (finance, human resources, client relations)? These Teams will likely be long term and contain varying content types that are often not matter-specific. When a firm creates operational Teams, it should develop a strategy that will determine what, if any, content is synchronized to the DMS.
  • Project Teams – Project Teams are more similar to client/-matter Teams in that they have a distinct beginning and end. The shorter nature of these Teams may suggest a strategy where content is simply moved to the DMS at the end of the project rather than through an ongoing synchronization.
  • Client/-Matter Teams – These Teams will be tied to the lifecycle of an individual client matter and will be tightly integrated with the DMS, potentially pulling Team membership information from the DMS workspace. In these use cases, the DMS integration is often created during the Teams provisioning process.

Governance Policies

Providing an appropriate governance framework for the use of Teams can also reinforce the importance of existing policies. Integration with the DMS will help increase compliance by ensuring more content is being systematically managed according to policy. Reducing reliance on email and the need to centralize content from file shares will assist in meeting retention management, defensible disposition, and eDiscovery requirements.

The governance strategy should focus on identifying  how content is being managed today. While firms implement DMS standards, and attorneys may have the best intentions, many files continue to live on file shares, in email or on hard drives. Still other attorneys will take the path of least resistance, working outside the confines of the DMS regardless of the firm’s policy.

Many firms find that when Teams is newly rolled out, some processes that need to be governed are not fully mature. While existing policies may cover aspects of how Teams and a DMS will be used, both together and separately, it will likely require modifications to policies, or the creation of new policies, to address decisions made to support the implementation and governance of Teams. Due to the collaborative and Software as a Service (SaaS) nature of M365 and Teams, some policies that seemingly would not be affected by Teams will need to be reviewed to make sure they are in line with your Teams and DMS implementation strategy, including policies addressing areas such as information security, data privacy, and acceptable use.

You will also want to establish a policy that provides guidance on collaboration with external parties (clients, partner organizations, etc.)  requiring that documents remains within the firm’s environment. As law firm clients expand their own use of Teams, attorneys will be presented with situations where document collaboration could occur in the client’s environment. Polices need to address the appropriate use of collaboration tools and identify when and how an attorney work-product remains within the firm’s control.

Other Considerations

While the focus of this post has been on the safeguards, classification, and policies related to Teams and DMS integration, I am going to take some liberties and discuss a few of the key decisions that will control how Teams and the legal DMS will interact. Each of these are platform-specific and it is imperative that a firm understand the functionality available via the chosen solution, as features and functionality can vary. While the options are many, here are a few of the key DMS integration topics that should be surfaced early in the integration discussion:

  • Access to DMS from Teams – Each vendor will provide a different option for accessing content in the DMS from Teams, and the results of this activity will determine the options for how the two systems can interact.
  • Integration Options – Understand how Teams will interact with and/or be linked to the DMS and how will documents be shared between the two systems.  Validate the various targets for  synchronization  (files, channel conversations) and formats for storing non-document content like channel posts.
  • Ethical Walls –Teams membership is inclusive when using a private Team where only members (and specifically invited guests) have access to the Team content. M365 information barriers provide similar functionality for SharePoint files and Teams collaboration features, but there are several key differences when compared to traditional requirements. Consider whether Teams membership can be aligned with or pulled from existing DMS or other systems.
  • Guest Access – When and how will guest access be granted? Consider enforcing acknowledgements of the guest user policy for all external guests invited to a Team. You can require guests to agree to a Terms of Use policy  before  being granted access to files that are shared with them.
  • Synchronization options – Depending on the vendor solution, there may be options for either one way or bi-directional synchronization. Understand the available options and their limitations. In most instances, a one-way synchronization from Teams to the DMS (or vice versa) is a controlled experience when compared to the chaos and compromises that are necessary to achieve two-way synchronization.
  • Version control – Understand how versioning is managed during the synchronization process. Versioning of content in Teams varies substantially from the version functionality in most traditional DMS solutions. This difference is compounded when content is subject to complex synchronization rules.

Conclusion

While a fully implemented Teams governance strategy will cover many more areas than simply Teams structure and DMS integration, the governance strategy is a foundational piece, allowing  -the Teams and DMS strategy to be implemented with appropriate safeguards, reinforcing classification standards, and supporting the firm’s existing policies.

For more information on Teams governance, keep your eyes on your inbox. The Law Firm Information Governance Symposium will be releasing a comprehensive Teams governance document in the next few weeks.

 

 

 



#SecurityProfessionals
#Security
#ServerOperationsandSecurity
#InformationGovernanceorCompliance
#Firm
#Microsoft
#Office365
1 comment
66 views

Permalink