Security Control

Creating a Security Control

Use security controls in your firm to set up ethical walls to protect your most sensitive information and govern who can access what information. It allows authorized users and groups access to workspace, folders, and documents. This policy can be applied based on practice group, matter type, and any other metadata value. CAM allows you to set security levels up to five metadata values.

It manages permissions and sharing for users and groups to identify, prevent, and revoke access to content.

To Create A Security Control

1. From the Control Center tab, click Create Control.

Open

1. To use existing control details, click Copy Existing Controls, Or enter new details.

2. Enter a Control Name.

3. Enter a Label to display for the control.

4. Select Type as Security.

   1. Select Sub Type: Set the policy type

1) Inclusion: It will allow access to the Users and Groups added to the Triggers & Action. When the subtype Inclusion is selected, the option High Priority will be displayed, if it is set as Yes, this control will be applied over other controls that do not have this option enabled.

2) Exclusion: It will deny access to the Users and Groups added in the Triggers & Actions

3) Competitive: Cross-customer access to restrict access to competitors' matters;

E.g. Side1Users : List of users and Side1ClientMatters : List of Client-Matter

Side2Users : List of users and Side2ClientMatters : List of Client-Matter

Side1Users are not allowed to access Side2ClientMatters list, and Side2Users are not allowed to access Side1ClientMatters list.

6. Select Security Level to apply the control.

You can configure multiple Security Levels at Settings > Configure Security Level.

Client and Clien-Matter in common are out-of-the-box Security Levels. You can add, modify, or delete as per your requirements.

• If you do select Client, security control will be applied universally to all Matters created for the client selected in the Criteria.

• If you do select Client Matter, security control will be applied to the specific Client-Matter selected in the Criteria.

7. Select the System(s), it will list External systems configured in the CAM. E.g. iManage, NetDocuments, Office 365

Setting Triggers and actions on Users and Groups

In this section, set your criteria to narrow down the specific matter to create an ethical wall.

Open

• Description: Optional field, provide details about the trigger.

• Criteria: This is required information. You can add parent-child relationships while configuring the security level.

  1. Select the Metadata from the dropdown.

  2. Set the operator to filter on. Supported operators are Equals, In

  3. Type the metadata value desired.

• Select Users to apply the security policy selected in the Sub Type.

• Select Groups to apply security policy to the group of users.

• Select the checkbox Contractual Security, a specific inclusive policy where if the user/group has access to X number of projects, then access should be typically restricted to only those content. Access to other contents is excluded explicitly.

Setting Activation & Approval

1. Approval Request: Select Yes to send the control for approval and activate it once the approvers (E.g. Team Lead) have reviewed and approved, or select No.

2. Activate Now: This option will be enabled when the Approval Request is selected No. Select Yes to activate and observe impacted workspaces now or select No to create a control in the system and activate later from the Actions hamburger menu.

3. Auto Attach: This option is by default set to Yes for Security control, so it's not visible on the page.

Once the control is set up, each time security is added or modified on the source system like iManage, NetDocuments, or M365, the security control then will update CAM appropriately once approved.