Legal blog post

When contemplating outsourcing your firm’s information management processes, you should ask yourself the following questions:

    1. Can I adequately brief the information management company so that it understands what is required and expected?
      You’re not looking for another cookie-cutter information management solution. Ensure the company you’re evaluating assigns a consultant to get a proper grasp on what your firm needs to improve its information management. They should sit down with you to create a customised solution that caters to your specific storage, indexing, retrieval and sentencing requirements.


    1. Is the process adequately supervised?
      Or does outsourcing continue ad infinitum behind the scenes, with your firm’s information handled outside a secure chain of custody or through unsecured networks? Make sure your chosen information management partner never sub-contracts, no matter how far or at what time of day you’re sending or retrieving it.


    1. Can I make conflict checks?
      The practices of any good information management company should render this question redundant. They should provide an indexing system that offers no indication to their employees what an archive contains. Their job is simply to ensure that information is retrieved and delivered as rapidly as possible when you need it.


    1. Do the employees of the information management company have an adequate legal education to undertake the tasks to be assigned?
      As above, employees of any third party you engage should have no access to the information in files beyond that required to effectively index and retrieve them. However, you should insist that all employees pass a police background check as standard.


    1. Does the provider have a security system that will protect confidential information when being transmitted and subsequently held?
      Make sure that any information partner you consider using provides state-of-the-art security at their facilities, throughout their transportation network, and online. This means 24-hour surveillance, an unbroken chain of custody from A to B with GPS tracking, and dedicated cloud hosting with a system accessible only to you.


    1. How do I obtain my client’s informed consent?
      Once your clients know that their confidential information is being stored more securely, accessed more efficiently and destroyed in a more timely fashion than it would be if dealt with in-house, they’ll be more than willing to consent to your use of third-party information management. Just make sure you tell them up-front how information will be managed.


    1. Are the costs to be charged ‘fair and reasonable’?
      When weighed against the cost of data breach or loss, the price of an external information management solution is negligible. But this is an important question. If engaging a new provider, ask what services they can combine with the initial mass-archiving of your firm’s documents. You might be pleasantly surprised. Also, make sure they can create case-by-case sub-accounts in their billing system so it’s easy for you to be transparent when externalising costs to clients.



Find out more in Grace’s FREE in-depth information management report for government agencies – available exclusively at