A Brief Guide to Document Management System Requirements

Role-Based Approach and Permission Management

Taking the Role-Based Access (RBAC) in managing access permissions is not only a compliance requirement (like, for instance, in the case of GDPR), but also a security necessity. 

Under this approach, the underlying principle in managing access privileges is that any of the system users must be entitled to access only the digital assets they are authorized to work with in accordance with their position and work duties. 

To implement Role-Based Access, you need to define the user roles for your DMS, detail the permissions associated with them, and clearly describe the objects that the defined permissions are issued for. 

Furthermore, in addition to the permissions, it is also essential to detail the rights the user roles have, for example, whether a user in a specific role is authorized to share a legal document they have access to with users in other roles, or whether they can invite a user from outside the system to collaborate on a document.     

Collaboration and Sharing 

Your document management system business requirements must meticulously describe your demands for the document-related collaboration your DMS must provide.

Users of your DMS must be able to edit the same document concurrently, or lock a document in order to prevent it from being edited in parallel by other users. Besides, it must also be possible for users to comment on the contents of a document. If that makes sense in your business context, the latter should include not only comments, but also the ability to draw over photos and pictures.   

An essential requirement for a legal DMS would be the ability for users to conveniently compare two documents on screen. They should also have the ability to easily compare two or more different versions of the same document.  

Lastly, system users in authorized roles should be able to share documents with users outside the system via an invite and enable these external users to comment on the shared documents.

eSigning

Your legal DMS must enable e-signing documents through an integration with a 3d-party service.  

Prior to making a choice in favor of some eSignature provider, dial into the eSignature-related laws in force in your geography. Ascertain from your provider candidate that they are in a position to ensure compliance with these laws (in the case of the U.S, it’s the Electronic Signatures in Global and National Commerce (ESIGN), while in the European Union its the eIDAS regulation).

It is also worth mentioning that using the Blockchain technology creates some additional opportunities in terms of document integrity and security. For example, it gives you the ability to insert an e-signature or a QR code into a document.

Security and Backups 

Security is of topmost importance in Document Management. Because of this, the security-related requirements should be spelled out most carefully in your document management system requirements specification.  

First of all, your DMS system requirements should state that any documents your application is intended to handle are to be stored solely in its database, and not anywhere else. Aside from that, we wouldn’t recommend using any third-party services for document storage purposes. 

Next, you must stipulate that all the data at rest in your system be encrypted using a strong encryption algorithm, like, for example, AES 256 or RSA. As it’s equally important to reliably protect data in transit, it is essential that all the traffic between your system and any user devices be automatically encrypted using TLS\SSL (our preference would be TLS). 

Additionally, it is absolutely essential to impose strict requirements for moving data out of your system using any other means. Namely, the attachments of all emails that originate from your DMS must necessarily be automatically encrypted. Your system must automatically encrypt any data that is downloaded to a removable drive by users, who are authorized to perform this operation. It must immediately block any attempts by unauthorized users to download data.

In addition to securing your data, you need to secure user access to your document management system and the network it resides on. One can do this using such technical means and approaches, as  Two-Factor or Multi-Factor Authentication, advanced Identity Verification (for instance Iris Recognition), Wall Access Firewalls, and others. Discuss the existing options with your software provider and see to it that the ones you pick are reflected in your document management system requirements specification.

How to build a document management system from scratch?

Follow our step-by-step guide!

Lastly but importantly, regardless of whether you use a local storage or a Cloud, it would be prudent for you to keep at least two instances of all your data locally, and one more instance in a secure storage at some safe and reliable off-site location.

Workflow Management 

Workflow Management should appear quite high on your document Management system requirements checklist. 

Your legal DMS must enable users to define document workflows, route documents via one of the available workflows, and send documents for approval to one or more other users.  

As companies’ business situations, sets of documents, lines of business, company locations, user role hierarchies, and other parameters may change over time, authorized users of your DMS must be able to flexibly modify the workflows. Also, users should be able to suggest and request changes to a workflow.

Task Management

Your document management software must allow users to сreate various tasks (review a document, edit a document, compare documents, etc.) and assign them to other users. 

The system must allow for creating tasks in relation to the Start or Expiry date of legal documents. In this case, it can either prompt the user to create a task (for example, by offering them to select it from a predefined list), or create this task automatically on its own. 

The more sophisticated systems can prompt creating a task or create a task automatically based on some deadline in the contents of a document. 

Notifications 

To make your lawyers’ work with documents more efficient and help preempt missed deadlines, your solution must provide an array of notifications.  

For example, it may be necessary to implement Document Expiry Date notifications, notifications that remind designated users about a forthcoming deadline indicated within a document, and Task Management-related notifications. 

Audit and Traceability

Implementing robust audit and traceability features is paramount for any advanced legal document management system.

Your DMS must log all user actions performed in relation to a document. Namely, the audit trail must include the information on who has accessed a document, when they did so, and what changes have been made by this user or users.

By allowing you to meticulously trace every user action, Audit and Traceability functionality helps safeguard documentation assets against unauthorized access, ensure the integrity of legal documents, and prevent data compromise.

DMS Non-Functional Requirements

The DMS non-functional requirements have to do with the performance of your document management system and its future ability to support your legal company’s business plans.

Scalability Requirements

Among the non-functional document management system technical requirements, Scalability Requirements are frequently the most important ones. Simultaneously, they may sometimes be quite elusive to define: here, one should proceed from a legal company’s future business needs and future business opportunities that may currently be hard to predict.

Because of this, before embarking on this part of your project planning, you should take a close look at similar legal businesses, the way they’ve been growing, and the growth opportunities they’ve had. This may give you insights as to the parts of your system that may have to be significantly expanded in the future.  

Aside from that, your system must be scalable enough to support a much higher user concurrency and a much higher documentation volume than you can expect to have in the immediate or near future. Unless it’s Cloud Development you opt for, the software architecture of your legal DMS must necessarily allow for easily scaling the application by adding more system instances.  

Lastly and importantly, it is an absolute must to have complete scalability for the user roles, user permissions and the related rights, document types, types of notifications, tasks, and workflows. 

Customization Requirements

Your document management system must have the ability to support any future changes made to it in response to growing business needs. Simply put, nothing, or nearly nothing in your legal DMS must be cut in stone. 

Your non-functional DMS system requirements must clearly state that the definitions of the user roles and document types, the related permissions and rights, file structure, and document templates must be completely modifiable.

Performance Requirements

Performance requirements aim to make sure that your system is capable of handling the tasks it is meant to handle at the speed and in the volume that you consider to be sufficient.

To define the corresponding target parameters, you need to indicate the required Response Time for the main operations (search, the various user interactions, etc.), Throughput (the number of transactions to be processed within a specified span of time), User Concurrency (the number of users your system is to support concurrently), and Uptime (the percentage of time that the system is to remain fully operational).