The performance of any software application depends on the set of abilities embedded in it during this application’s design. A failure to provide any of such abilities to a sufficient extent is potentially fraught with many unpleasant consequences.

In the case of a legal document management system, such consequences include the system’s inability to support a growing customer base, the ever more rampant and costly data security compromise, a failure of the DMS to completely automate some of the business processes, and others.

This makes it of utmost importance to thoroughly take into account, list, and describe the diverse business and technical requirements your DMS is planned to satisfy. 

In this article, we’ll take a close look at all these groups of legal document management system requirements to help avoid omissions, envisage risks, and achieve a more optimal performance for your legal DMS.

Document Management System Requirements Сlassification

Document Management System Requirements

The system requirements for any software application fall under the four following categories:

  • Functional requirements
  • Non-functional requirements
  • Operational requirements
  • Legal and Сompliance requirements

Let’s review each group in more detail.

Document Management System Functional Requirements

Document Management System Functional Requirements

The functional requirements for a document management system define the system components the DMS consists of, and would, at least partially, fail to fulfill its purpose without. 

In other words, these requirements describe the features of your document management system. They also describe the actions these features perform (and not the way or extent to which they do so). 

Well-Organized Document Storage and High Searchability

One of the main purposes of a legal DMS is to store documents in such a way that allows their quick and convenient retrieval. To enable this, the document base of your DMS must be searchable by multiple criteria. These criteria can include:

  • Document Title 
  • Document Type 
  • Document Owner 
  • Document Number 
  • Customer Name 
  • Lawyer or Attorney Name 
  • Case 
  • Address 
  • Company Branch 
  • Company Department,

or any other keyword that is relevant to your company or its business situation. You should spend enough time on composing your list of keywords. Besides, this list must also be implemented as flexibly customizable in your system. 

While defining your search-related DMS requirements, you must be aware that there are several types of document search your search functionality can include. 

Your document base can be searchable only by meta data, or it can also be searchable by the contents of the documents it contains. Furthermore, there exist several technically and conceptually different types of search that may need to be implemented, like: 

  • Synonym-based search 
  • Fuzzy Search 
  • Proximity search,

and others. To achieve the document searchability you need, you should discuss all these options with your software provider and have the required ones implemented.

To enable effective metadata-based document search, your document management system must, first of all, allow for quick and sufficiently deep indexing of all the documents it contains: only properly and thoroughly indexed documentation allows your system to quickly locate the one or more documents you’re searching for. For this reason, your system’s indexing functionality must include the ability to add text, numbers, symbols, dates, URLs, and currency signs.

If this makes sense, you should also include any company-specific terms that your employees could use for searching purposes, like, for example, branch locations or names of the company’s departments or teams. If you have a large enough number of such company-specific terms, it may be better to implement this functionality as drop-down lists. Also, it’s better to have a standard vocabulary for all the indexes your users will use.  

Artem Dyranov: Business Analyst & QA Engineer at SPD Technology

Artem Dyranov

Business Analyst & QA Engineer at SPD Technology

“A significant part of the requirements’ set would be the same for any other application. However, implementing things like matter-centricity and the role-related sharing rights takes quite a bit of industry-specific expertise.”

Role-Based Approach and Permission Management

Taking the Role-Based Access (RBAC) in managing access permissions is not only a compliance requirement (like, for instance, in the case of GDPR), but also a security necessity. 

Under this approach, the underlying principle in managing access privileges is that any of the system users must be entitled to access only the digital assets they are authorized to work with in accordance with their position and work duties. 

To implement Role-Based Access, you need to define the user roles for your DMS, detail the permissions associated with them, and clearly describe the objects that the defined permissions are issued for. 

Furthermore, in addition to the permissions, it is also essential to detail the rights the user roles have, for example, whether a user in a specific role is authorized to share a legal document they have access to with users in other roles, or whether they can invite a user from outside the system to collaborate on a document.     

Collaboration and Sharing 

Your document management system business requirements must meticulously describe your demands for the document-related collaboration your DMS must provide.

Users of your DMS must be able to edit the same document concurrently, or lock a document in order to prevent it from being edited in parallel by other users. Besides, it must also be possible for users to comment on the contents of a document. If that makes sense in your business context, the latter should include not only comments, but also the ability to draw over photos and pictures.   

An essential requirement for a legal DMS would be the ability for users to conveniently compare two documents on screen. They should also have the ability to easily compare two or more different versions of the same document.  

Lastly, system users in authorized roles should be able to share documents with users outside the system via an invite and enable these external users to comment on the shared documents.


Your legal DMS must enable e-signing documents through an integration with a 3d-party service.  

Prior to making a choice in favor of some eSignature provider, dial into the eSignature-related laws in force in your geography. Ascertain from your provider candidate that they are in a position to ensure compliance with these laws (in the case of the U.S, it’s the Electronic Signatures in Global and National Commerce (ESIGN), while in the European Union its the eIDAS regulation).

It is also worth mentioning that using the Blockchain technology creates some additional opportunities in terms of document integrity and security. For example, it gives you the ability to insert an e-signature or a QR code into a document.

Security and Backups 

Security is of topmost importance in Document Management. Because of this, the security-related requirements should be spelled out most carefully in your document management system requirements specification.  

First of all, your DMS system requirements should state that any documents your application is intended to handle are to be stored solely in its database, and not anywhere else. Aside from that, we wouldn’t recommend using any third-party services for document storage purposes. 

Next, you must stipulate that all the data at rest in your system be encrypted using a strong encryption algorithm, like, for example, AES 256 or RSA. As it’s equally important to reliably protect data in transit, it is essential that all the traffic between your system and any user devices be automatically encrypted using TLS\SSL (our preference would be TLS). 

Additionally, it is absolutely essential to impose strict requirements for moving data out of your system using any other means. Namely, the attachments of all emails that originate from your DMS must necessarily be automatically encrypted. Your system must automatically encrypt any data that is downloaded to a removable drive by users, who are authorized to perform this operation. It must immediately block any attempts by unauthorized users to download data.

In addition to securing your data, you need to secure user access to your document management system and the network it resides on. One can do this using such technical means and approaches, as  Two-Factor or Multi-Factor Authentication, advanced Identity Verification (for instance Iris Recognition), Wall Access Firewalls, and others. Discuss the existing options with your software provider and see to it that the ones you pick are reflected in your document management system requirements specification.

Lastly but importantly, regardless of whether you use a local storage or a Cloud, it would be prudent for you to keep at least two instances of all your data locally, and one more instance in a secure storage at some safe and reliable off-site location.

Workflow Management 

Workflow Management should appear quite high on your document Management system requirements checklist. 

Your legal DMS must enable users to define document workflows, route documents via one of the available workflows, and send documents for approval to one or more other users.  

As companies’ business situations, sets of documents, lines of business, company locations, user role hierarchies, and other parameters may change over time, authorized users of your DMS must be able to flexibly modify the workflows. Also, users should be able to suggest and request changes to a workflow.

Task Management

Your document management software must allow users to сreate various tasks (review a document, edit a document, compare documents, etc.) and assign them to other users. 

The system must allow for creating tasks in relation to the Start or Expiry date of legal documents. In this case, it can either prompt the user to create a task (for example, by offering them to select it from a predefined list), or create this task automatically on its own. 

The more sophisticated systems can prompt creating a task or create a task automatically based on some deadline in the contents of a document. 


To make your lawyers’ work with documents more efficient and help preempt missed deadlines, your solution must provide an array of notifications.  

For example, it may be necessary to implement Document Expiry Date notifications, notifications that remind designated users about a forthcoming deadline indicated within a document, and Task Management-related notifications. 

Audit and Traceability

Implementing robust audit and traceability features is paramount for any advanced legal document management system.

Your DMS must log all user actions performed in relation to a document. Namely, the audit trail must include the information on who has accessed a document, when they did so, and what changes have been made by this user or users.

By allowing you to meticulously trace every user action, Audit and Traceability functionality helps safeguard documentation assets against unauthorized access, ensure the integrity of legal documents, and prevent data compromise.

DMS Non-Functional Requirements

Document Management System Non Functional Requirements

The DMS non-functional requirements have to do with the performance of your document management system and its future ability to support your legal company’s business plans.

Scalability Requirements

Among the non-functional document management system technical requirements, Scalability Requirements are frequently the most important ones. Simultaneously, they may sometimes be quite elusive to define: here, one should proceed from a legal company’s future business needs and future business opportunities that may currently be hard to predict.

Because of this, before embarking on this part of your project planning, you should take a close look at similar legal businesses, the way they’ve been growing, and the growth opportunities they’ve had. This may give you insights as to the parts of your system that may have to be significantly expanded in the future.  

Aside from that, your system must be scalable enough to support a much higher user concurrency and a much higher documentation volume than you can expect to have in the immediate or near future. Unless it’s Cloud Development you opt for, the software architecture of your legal DMS must necessarily allow for easily scaling the application by adding more system instances.  

Lastly and importantly, it is an absolute must to have complete scalability for the user roles, user permissions and the related rights, document types, types of notifications, tasks, and workflows. 

Customization Requirements

Your document management system must have the ability to support any future changes made to it in response to growing business needs. Simply put, nothing, or nearly nothing in your legal DMS must be cut in stone. 

Your non-functional DMS system requirements must clearly state that the definitions of the user roles and document types, the related permissions and rights, file structure, and document templates must be completely modifiable.

Performance Requirements

Performance requirements aim to make sure that your system is capable of handling the tasks it is meant to handle at the speed and in the volume that you consider to be sufficient.

To define the corresponding target parameters, you need to indicate the required Response Time for the main operations (search, the various user interactions, etc.), Throughput (the number of transactions to be processed within a specified span of time), User Concurrency (the number of users your system is to support concurrently), and Uptime (the percentage of time that the system is to remain fully operational).  

Operational Requirements

DMS Operational Requirements

The operational requirements describe the ways users of your legal DMS are to interact with the system, the system’s interoperability, and its interactions with other systems.

Matter-Centricity and Centralized Workplace

Legal document management systems are intended to store and manage sets of documents related to specific cases and legal matters. 

While working on a case or legal matter, a lawyer needs to have all the related documentation handy. They also need to be able to manage conventiently all this documentation. Because of this, the business requirements for virtuallly any legal document management system must necessarily include Matter Centricity. This means that while accessing a case- or legal matter-related file or folder, the user must be able to easily access the entirety of the related documentation. Moreover, they must be able to perform any of the operations the application provides – editing, document sharing, creating tasks, and so on, from this point in the system.  

Compatibility and Integration Requirements

Your legal DMS must be fully compatible with all the computers and devices used within your legal organization. Notably, it must also be compatible with a wide range of scanners. 

Most probably, your document management system will also need to interact with other systems, like, for example, your case management software, or CRM. In this case, you need to make your software provider aware of the need for your DMS to import documents from these systems, or exchange information with them.

Usability and Accessibility Requirements

Usability and accessibility requirements ensure that system users, including those with disabilities, can interact with your DMS with ease and efficiency.

Your SRS document must clearly state that the UI of your DMS must be intuitively user-friendly. It must include tooltips and contextual guidance. Besides, it may make sense to provide a built-in help or a downloadable user guide to let users quickly find answers to system usage- and navigation-related questions.     

It is also highly advisable that your electronic document management system be built as compliant with the WCAG (Web Content Accessibility Guidelines) standards.

Compliance Requirements

To make your system compliant with the mandatory Data Protection regulations, you must discuss this matter at length with your IT provider and include all the required compliance in your document management system requirements. Based on the compliance requirements you indicate, your software provider will implement the functions needed to support the compliance regulations applicable in your geography. 

Let’s briefly touch upon the requirements you need to embed support for in the case of GDPR:  

  • The Right of Access requirement – states that any of your clients is to be able to access all their personal data at any time they want. 
  • The Right to Be Forgotten requirement – stipulates that you be able to delete all of a client’s data. 
  • The Privacy by Design requirement – states that the very design of your system must prevent unauthorized data access within the application. 
  • The Data Portability requirement – says that your clients must be able to move their data to another system with ease. 
  • The Retention Control requirement – states that your system must retain client data only for as long as it is required for processing. 
  • The Encryption requirement – states that all data must be encrypted using strong encryption. 
  • The Role-Based Access Control requirement – we’ve already previously dwelled on this requirement and it is a GDPR compliance requirement too.

Certainly, this quick overview of the Data Protection Compliance matters cannot provide you with all the knowledge you need to facilitate or control their implementation in your custom document management software.

Rather, it’s intended to show you that your employees in charge should approach the matter of compliance seriously enough, scrutinize the corresponding regulatory documentation, and make sure that your DMS requirements clearly describe the ways in which the required compliance will be achieved.


Composing the requirements for a document management system is a highly challenging task for any legal business and one that they should best tackle in collaboration with a seasoned provider of bespoke legal software. 

It also definitely makes sense for you as a legal business to spend more time on reflecting upon your business needs and future goals and trying to define them better. You should make sure the business analysts of your software provider have access to this information.

As a provider of legal software development services, we are familiar with many DMS requirements, and would be glad to answer any related questions that you may have – just drop us a line.


  • How to build a document management system from scratch?

    You need to carefully itemize all your current and possible future business needs, make a write-up of those needs, and approach a custom software development company that has experience in developing a legal DMS for a time and cost estimate. Next, you can either write the Software Requirements Specification (SRS) on your own, or jointly with your  IT provider. Once the specification is ready, you can kick off the development process.