How to Create a Document Management System (DMS) for a Legal Company?

How to Create a Document Management System with Peak Efficiency?

If you as a legal business owner want to build your own document management system from the ground up, there are a range of important nuances you’d better be aware of. Also, there are several informed decisions to be made – regardless of who your custom software provider is or the degree of your reliance on them. 

These nuances and decisions have to do with different areas of document management system development. We’ll dwell on the most important of them, getting started with the DMS design and architecture. 

Choose the More Optimal DMS Design and Software Architecture

First, you need to choose whether you want to develop an on-premises or Cloud-based legal document management system. 

Both of these two document management system implementation options have their own upsides and downsides. In a nutshell, in the case of Cloud-based, the Cloud  provider solves many of the security, infrastructure, and  scalability problems. Simultaneously, from our extensive Cloud development experience, the costs of maintaining sizable Cloud-based applications can vary quite widely and you should always look into the existing possibilities to find a more financially suitable option. 

As we’ve already mentioned, the Document Management functionality of your legal DMS must be matter-centric. This means that your users must be able to centrally store all documents and emails related to the same legal matter in the same place within your system. The user must be able to perform the full range of document-related operations within this space.  

Any legal document management application must be completely scalable. It must allow for flexibly adding new document types and user roles. 

If a Cloud-based solution is not what you have in mind, the architecture of your document management application should allow you to easily ensure scalability through clustering.

Pay Special Attention to Document Management

As far as a legal DMS is concerned, Document Management kicks off with document capture that can take place in different locations and circumstances. Documents may need to be entered into the system in your legal offices, received from other systems, or provided by your off-site employees. 

Because of this, your document management solution must support all these ways of importing legal documents. More specifically, it must be able to import docs from scanners and email, as well as convert any imported MPEG, JPG, PDF, or CAD files into ones of text-based formats. It must be easy for the user to immediately add all imported legal documents to cases or files. Please note that it often also makes sense to implement the same functionality for messaging contents and include those messaging apps that you consider to be secure enough to be used by your legal staff.

Next, users of your application must be able to easily index all imported docs. All documents must be made searchable using both keywords and meta tags. Your system administrator must necessarily be able to flexibly configure the tagging rules. 

In implementing the document editing capability of your custom document management system, it is important to allow for two things – the ability to lock a document for editing and the ability to prevent two or more users from editing one and the same document in parallel. If it makes sense in your context, you may also want to include the ability to permanently lock documents to preclude them from being altered ever again. Besides, it is also possible to add rule-based business logic to enable users to define the workflow for processing a specific document or documents of a certain type.   

The Notifications functionality of your legal DMS should include automatic document review-related notifications for clients. 

A well-developed document management software must provide document version control and allow you to conveniently keep track of all edits, comments, and communications related to a document. 

Finally, at the beginning of your online document management system software development project, discuss with your software provider which of the user-performed actions your application must log. The latter can include the number of views, document deletions, the IPs a document was accessed from, and more.

Define the Role and Permission Management Functionality

In a DMS, the Document Management significantly overlaps with Role Management. 

In different solutions, the role set can vary widely. Because of this, one should take a strictly personalized approach to determining the user roles you need to implement in your legal DMS, i.e. proceed, first of all, from your company’s business context and needs. As a consequence, it makes all the sense to spend more time on discussing this part of the DMS functionality with your software provider for them to better spell it out as they write the software requirements specification. For example, the DMS we’ve developed for one of our clients in the Legaltech space (it enables their customer base to store, manage, and sign legal documents) has the following role hierarchy:

• Document Manager – the solution provider’s lawyer or some other employee who works with their client’s documents, as well as supports the document-signing process.
• Client Administrator – the client’s user who is entitled to manage file access for the Client. 
• Client User – a user with access rights for some specific folders and legal documents stored in their company’s digital library.
• Guest – a user, who has temporary, view-only access to some specific folders or legal documents. These folders and documents become available to users in the Guest role through an invite. Guests can sign legal documents when these documents are assigned to them as to a Signer.
• Signer – a project actor who has been invited to take part in the processing and signature of a legal document on a temporary basis (possibly, from outside the system).

Regardless of its Role Management configuration, the Permission Management capability of your application must:

• Enable you to share documents with multiple users on the client’s side. 
• Entitle a user to download a shared file (and it’s best not to make shared files downloadable by default).
• Make a shared file preview-only.
• Set the expiry date for access to a shared file with the ability to modify this date.

Also, to make your Document Management and Permission Management efficient and secure, you should proactively discuss with your custom software provider and decide on several fundamental issues.

More specifically, it is essential to decide which of your roles allow users in them to add, edit, review, or delete documents. It must be decided from the beginning whether the changes made by users that occupy higher places in the user role hierarchy should be visible to those below, or whether there should be any other similar restrictions. You also need to decide whether the rights your user roles are associated with should be modifiable.  

For complex, multi-tenant document storage and management solutions, like we built for a U.S. technology provider, one should pay additional attention to the role of the Super Administrator or a similar one, intended to allow an employee of the service provider (for example, their lawyer) to access and manage any of their client companies’ documents. Namely, decide beforehand whether to make this role optional: odds are some of your clients will want their documents completely inaccessible from outside their company, while others will want them accessible solely to their authorized business counterparts.

Use the Full Range of Data Privacy and Security Techniques

Data security is central to document management software, especially given the dismal cybersecurity stats that we can only see worsening with each passing year. In a legal document management system, one must ensure security on several levels. 

Your users must be able to see only those documents that are relevant personally to them, or their level in the user hierarchy. It is imperative that all the data stored in your system be protected with robust encryption, for example, the military-grade 256-bit AES encryption. Please note that one can beef up the robust security AES 256 provides even further by combining this algorithm with a strong asymmetric algorithm, like RSA. In addition to documents, it is also necessary to encrypt metadata and any data points that contain names or state the purpose of a document.

Artem Dyranov

Business Analyst & QA Engineer at SPD Technology

“Security is a topmost requirement in a DMS. It’s closely intertwined with the user role hierarchy and the related doc sharing rights. Because of this, one shouldn’t skimp on discussing these matters – the client and their provider must gain a clear understanding on when, what and with whom can be shared in the system”.

To ensure the security of the traffic used to share documents, your system should always use only the https protocol and never http: the https protocol includes TLS/SSL security layer that protects traffic against hacking attempts. 

It should be pointed out that the arrival of the Blockchain technology has made it possible to significantly improve the level of security a DMS can provide. In particular, using Blockchain in building a document management system allows you to:

• Make your documents completely immutable and completely rule out any attempts at forgery.
• Easily keep and view a history of all the changes a document has undergone.
• Insert a QR code into a printed document that contains a link to the digital version of this document, thus making it easy to make sure the document’s contents are genuine.
• Share documents in a completely secure manner.
• Insert encrypted signatures into documents. 
• Track each and every action made by users in your system, including documents’ receipt, delivery, alteration, and signature.
• Reliably make sure you are not dealing with a malicious actor while exchanging docs. 

Summing it up, one can say that it is definitely worth considering using Blockchain if you want to dispose of most of the serious security risks in an extremely reliable manner and in one go.

Gain a Good Understanding of the Related Compliance

The mandatory adoption of the various regional compliance regulations has set a tremendous task for businesses in the Legal space: make their error-prone, paper-based business processes in keeping with the multiple high demands of these regulations. Solving this task can hardly ever be possible without comprehensive and well-thought-out automation.  Because of this, one of the main reasons to build your own document management system is that it is the easiest and most reliable way to ensure compliance, for example, GDPR compliance. You simply have to see to it that the capabilities that ensure such compliance are included in the functionality of your document management software and one can use them with ease.

Let’s take a very brief look at the main compliance requirements and the corresponding capabilities that one can and should implement in the case of GDPR:

• The right of access – your clients must be able to easily access all their personal data at all times.
• The right to be forgotten – your application must enable you to quickly delete all personal data of a client. 
• Privacy by design – the solution must be designed to limit data access to the actual business needs of your authorized employees.
• Data portability – clients must be able to easily and securely move all their data to another system, for example, that of another provider.
• Role-Based Access Control – users from within and outside the system must be able to access only the data they are entitled to access in accordance with their role in the user hierarchy.  
• Retention Control – client data must be retained in your system only for as long as it is required for processing.
• Encryption – all client data must be reliably encrypted.

We’ve just briefly touched upon the compliance requirements a well-developed legal DMS can enable you to meet. 

Certainly, it is imperative that you look into the corresponding compliance regulations a great deal more closely before embarking on your document management solution development project and discuss them at length with your custom software provider. However, it is quite clear that implementing a document management system makes it dozens of times easier to first render and then keep your business compliant.