Stack of books in library

When building a records information management system, start with the foundation 

by Stephanie Kurtz


How to build a secure information management strategy for your law firm


Time: 2 minute read

Today, attorneys are practicing law in more mobile locations and utilizing more sophisticated equipment that allows them to access, transform and manage information related to their clients and colleagues.

With this level of information, law firms are a gold mine for data security breaches – digital and paper records can be lost, employee and customer trust can be weakened, and productivity and revenue can be threatened severely. 

Today’s law firms are now managing more and more data daily, and it’s no secret that record keeping security and management must be built properly. It is a complicated process, and having a solid information governance (IG) program is necessary to help address this growing information management challenge.

I see many law firms make the mistake of approaching recordkeeping by making significant investments in Records Information Management (RIM) systems with state-of-the-art technology before reviewing their current IG program. On the surface, buying and deploying technology seems like a logical first step, but is it?

In the legal industry specifically, RIM is an essential component to an IG strategy. In fact, the 2015-2016 IGI Annual Report1 highlights that 94 percent of respondents believe RIM is an important facet of an IG concept – ranking above eDiscovery (86 percent), risk management (77 percent) and compliance (88 percent), to name a few.

This high indicator points to the records inventory as a critical component of knowing what you have, why you have it, who’s responsible for it, and where it’s located. We see many firms attempting to enhance their records programs from traditional, tactical programs based on legacy paper to a more digital capture- and risk-focused strategy. 


Law firms are a gold mine for data security breaches – digital and paper records can be lost, employee and customer trust can be weakened, and productivity and revenue can be threatened severely.

Records management infographic
As a Certified Records Manager and Information Governance Professional, I advise many law firms to evaluate and improve their IG policies and procedures prior to implementing any technology via the following initial steps:

1. Begin with a review of current-state information management policies and practices and identify gaps by looking at the firm’s biggest challenges and concerns; assess the risk(s) to the firm and the opportunities for greatest benefit.

2. Identify what the future state may look like – uncover where the firm’s leadership sees it in 2 years or 5 years.

3. Design and recommend an IG solution that incorporates a framework for people, process and technology following a roadmap to successful process improvement within the firm’s practice priorities and firm culture.

4. Implement a process to ensure continuous improvement through routine monitoring and periodic assessments. Audit and adjust as required.

Consider working with a partner certified in IG – a partner with core competencies in RIM, who understands the value of integration among IG processes, technologies, and people across multiple practice groups, locations, departments and functions. 

Recommended for you

1  "2015-2016 Annual Report." November 11, 2015. 
Cookie Policy

Ricoh uses data collection tools such as cookies to provide you with a better experience when using this site.
You can learn how to change these settings and get more information about cookies here.

Close Chat
HelpChoose A Topic