ILTA: Developing an IG
Framework for the
Law Firm
Beth Chiaiese, CRM, MLIS
Director, Professional Responsibility &
Compliance
Foley & Lardner LLP
Education Code: MO07-4243
1
Learning Objectives
Upon completing this session, you will be able to:
1. Define the scope and guiding principles of your IG
program
2. Develop a charter for an IG Advisory Board
3. Develop a strategic plan for IG and an operational
roadmap
4. Identify key roles for your IG organization
5. Consider options for branding the program
2
1
Agenda For Today
Using Foley & Lardner as a case study, we’ll talk
about the IG Framework:
• What it is
• Its components
• Who builds it
• Required skills
• How to build it
3
Foley & Lardner LLP
• General practice firm
• Business law
• Intellectual property
• Litigation
• Founded in 1842 in
Milwaukee
• Today we have
• About 825 lawyers
• 17 U.S. and 3
international offices
• We began work on our
IG Framework in 2010
• Triggers for IG
• The financial downturn
• The need to move
beyond physical
recordkeeping
• Compliance
requirements
4
2
Refresher: What Is IG?
• A way of leveraging the power of information by:
• Treating it as a corporate asset
• Protecting it
• Managing it
• It drives significant cultural change:
• It requires everyone in the organization to participate AND
change the way they work with information
• It requires a team approach to design, build, and
implement
• It is NOT a synonym for RIM
5
The Foley IG Pinwheel
Applies to Client and Business Information
Systems RIM
KM
Access
Business Security
Continuity
Privacy
Firm IP
Matter Life Cycle Matter Mandated Discovery
Mobility Destruction
Framework &
Guiding Principles
6
3
Polling Question 1
• Is your firm implementing an IG program?
1.
2.
3.
4.
5.
We are actively engaged in IG
We are planning our IG program
We are talking about IG but haven’t taken any steps
We aren’t working on IG at all
I don’t know
7
Polling Question 2
• Have you developed or begun to develop a
framework for IG?
1. Yes
2. No
3. I don’t know
8
4
What is the IG Framework?
1. Leadership
• The foundation of
the IG program
• It gives the IG team
• Structure
• A benchmark
• It gives the firm
• A platform for
awareness and
change
2. Buy-In
3. Team
4. Plans
5. Policies
6. Change
Management
7. Continuous
Improvement
9
1. The IG Framework Requires a
Leader
Influence
• An information
management
professional
Leadership
• Generally at the C- or
director-level
• OR, a member of
management
• COO
• General counsel
• Member of management
committee
• A partner or senior staff
leader appointed by
management
Strategic Planning
Analytics
Subject Matter
Project Management 10
5
Polling Question 3
• Who leads IG in your firm?
1.
2.
3.
4.
5.
6.
CIO
Security leader
Records leader
Member of management
Nobody
Other
11
2. The IG Framework Requires
Buy-In
I Understand the Benefits of IG
“The key to successful
leadership is influence,
not authority” – Kenneth
Blanchard
• You may not have the
authority to mandate IG in
your firm, but you can
influence leaders to adopt it
• You can influence other
influencers
I Influence You to Understand Them
You Influence Management Management Supports IG
We Can Build the IG Framework
Also see the article: ”How to Influence When You Don’t Have Authority” Forbes, 1/3/2011. http://www.forbes.com/2011/01/03/influence‐persuasion‐cooperation‐leadership‐managing‐ccl.html
12
6
IG Helps the Firm Achieve Its
Goals
• What keeps your boss up at night?
•
•
•
•
•
•
•
•
Client demands for increased information security
Competitive advantage
Lateral integration
Lawyer productivity
Lowering operational costs (increasing partner profits)
Managing staffing levels
Compliance with ethical and regulatory requirements
Protection of firm intellectual property
13
Polling Question 4
• Does your management support IG?
1. Yes
2. No
3. I don’t know
14
7
3. The IG Framework Requires a
Team
• Structure
Governance
• Formal or informal
Engaged
leadership or
advisory?
• Components
• Governance
• Operations
• Considerations
• Maturity of programs
• Stakeholders
Operations
Active builder
or leader and
builder?
15
The Team Needs the Right
Subject Matter Skills
• Have the right experts on board:
•
•
•
•
•
RIM
Information security
Technology
Compliance (Legal)
Other business leaders
• HR (staffing changes)
• Finance (funding)
• Marketing (branding and awareness)
16
8
The Foley IG Structure
• Reports to the COO
and General Counsel
• Led by Director, IG
(DIG)
• Oversight by Director
Prof Resp. &
Compliance Dept. and
CIO
• Governance = IG
Advisory Board
• Operations = RIM +
Security
COO
GC
Dir., PRCD
CIO
DIG
RIM
Security
17
Members of Foley IG Advisory
Board
• Executive sponsors
• GC and COO
• Leader
• Director of IG
• Members
•
•
•
•
Director PRCD and CIO
CAO, CHRO, CFO, CMO
Deputy GC
Privacy partner
18
9
Polling Question 5
• What kind of IG team do you have at your firm?
1.
2.
3.
4.
Formal
Informal
We don’t have an IG team
I don’t know
19
4. The IG Framework Requires a
Plan
Definition of IG
• A plan is
• A benchmark
• A roadmap
• Planning requires
• Strategic and
tactical skills
• Think “big” and
“long”
• Think “specific”
and “now”
Vision, Mission, Values
Strategies
Initiatives
Roadmap
Charter
20
10
Planning Includes Defining IG
• What does IG mean
to your firm?
• Here is how we’ve
defined it at Foley
Compliance
• Based on the Foley
“pinwheel”
Training & Awareness
Information Security
Information
Mgmt
21
Planning Also Includes: Vision,
Mission, And Values
Vision
• All strategies,
initiatives, policies,
and procedures
must support these
statements
The Desired
Future
Mission
How We’ll Get
There
Values
The Heart of
the Program
22
11
At Foley
Vision
Foley IG promotes a culture in which all personnel:
• Value information as a critical asset of the firm and its clients.
• Understand the risks, responsibilities, and legal requirements
related to law firm client and business information.
• Manage information in ways that protect our clients, our
colleagues, and the firm.
Mission
Protecting critical client and firm information assets
Values • Stewardship
• Compliance
• Access
• Security
23
Strategies v. Tactics
Strategies
Tactics
Broad, long‐term goals to advance IG
Specific initiative in support of a strategy
Example Electronic records management
Example
Enterprise imaging
Example
Information security
Example
Mobile device management solution
24
12
Foley Strategies
Security
Information
Management
Compliance
Awareness
Data Loss
Protection
E-Records
Audit
Public
Awareness
Mobile Device
Management
Storage
Management
Legal
Awareness
Technical
Training
Access
Management
Industry
Awareness
Third Party
Access
Continuous
Improvement
Vulnerability
Monitoring
25
Example of a Strategy and
Supporting Initiatives
Strategy = Storage Management Managing access and cost by designating official repositories for recordkeeping, controlling the proliferation of information, and by disposing of information in all media in accordance with firm policy. Initiatives
• Define and operationalize the ongoing destruction of legacy records (i.e.,
records in storage 10 years or longer)
• Develop workflow solution for operational retention and disposition for in
accordance with firm policies
• Identify official recordkeeping repositories
• Evaluate content on shared drives and determine governance standards
• Evaluate potential of internal collaboration tool (i.e., SharePoint) to be
used by legal teams upon request
• Evaluate and confirm back‐up strategies
26
13
The Roadmap Supports the
Strategies and the Initiatives
• Priorities
• Which strategies are most important
• Which initiatives in the top strategies are most important
• Timelines
• Project phasing and timing
• Funding
• Budgeting
• Resources
• Skills and personnel needed
27
The IGO Charter
• Sets forth management’s commitment for IG
• Defines the scope of the IGO
• Establishes the structure of the IGO
• Defines roles and responsibilities
28
14
Polling Question 6
• Has your firm developed a strategic plan for IG?
1. Yes
2. No
3. I don’t know
29
5. The IG Framework Requires
Policies and Principles
• Policies
• Align with IG scope, vision, mission, and values
• Document desired behaviors
• Provide benchmark for the development of IG systems
and programs
• Principles
• Guidelines that derive from the policies
• Make it easy for users to understand IG goals and
objectives
30
15
Foley IG Policies
Governing Policies
Policy on Information Governance
Policy on Confidentiality
• RIM Policies
• Management of
Records
• Retention Policies &
Schedules
• Mobility Policies
• Document Holds
and Destruction
Obligation
• Security Policies
• Acceptable Use
• Information Security
• Access, Use &
Disclosure of PII and
PHI
• Third Party Access
Policies
• Responding to Third
Party Information
Security Requests
31
Foley “10 Guiding Principles”
1.
2.
3.
4.
5.
Manage confidential,
sensitive or Personal
Information as required
by law, agreement or
Firm Policy
Understand third party
access requirements
Respond promptly to IG
Compliance notices
File email records
regularly
Maintain the Firm’s
Official Records in
electronic form, unless
hard copy is required
Store Official Records in
an official repository
7. Organize Official Records
by correct client/matter
number
8. Retain and destroy
records as permitted by
Firm Policy
9. Avoid making multiple
copies of records
10. Don’t handle file
transfers (in or out) on
your own
6.
32
16
Polling Question 7
• Does your firm have a policy framework for IG?
1. Yes
2. No
3. I don’t know
33
6. The IG Framework Requires a
Change Management Strategy
• Understand your
firm
• Adopt a brand
• Communicate early
and often
• Use plain English
• Use a variety of
techniques
34
17
Driving Change - Understand
Your Firm
• Is it a “top down”
organization?
• Can you mandate
change?
• Or, is it a “grass
roots” organization?
• Do you have to
slowly “grow”
change?
35
Branding
• Communications
are recognizable
and consistent
36
18
Communication Techniques
• Presentations and
announcements
• Making complex ideas
simple
• Focus on one IG
concept at a time
• News articles and
awareness
• Exercises
• Foley: Information
security exercise
• Hands-on training on
systems and tools
37
Polling Question 8
• Have you begun to talk about IG within your firm?
1. Yes
2. No
3. I don’t know
38
19
7. The IG Framework Requires a
Strategy for Continuous Improvement
• Scanning and awareness
• Measure results
• Add and improve
39
Scanning and Industry
Awareness
• What’s happening in your firm?
• Expansion
• Added practice areas
• What’s happening in the industry?
• New requirements for lawyers?
• What’s happening in society
• New norms (i.e., social networking)?
• New laws
40
20
Measure
• Audit for compliance
• Gather data, indicators, ROI to demonstrate the
impact of IG
• Examples
•
•
•
•
•
•
Lowered storage cost
Quicker access
Better security
Quicker response to client security questionnaires
Coordinated response to a potential breach
More efficient lateral integration processes
41
Improve
• Enhance current IG processes and services
• Add IG programs and initiatives
• Evaluate team and other resources
• New jobs or IG responsibilities?
42
21
The IG Framework is Just the
Beginning
• Now the really hard
work begins
• Making good on your
strategies and tactics
• Designing, building,
implementing according
to your roadmap
• Driving cultural change
• Becoming an IG aware
law firm
43
Please Complete Your
Session Evaluation
ILTA: Developing an IG Framework for the Law Firm
Beth Chiaiese, CRM, MLIS; [email protected]
Education Code: MO07-4243
44
22