Five Critical Steps in Selecting a Managed Services Partner

In my previous article, “A Simplified Approach to Making the Managed Services Decision,” I discussed how you could go about deciding on whether or not a managed services program is the right choice for your firm. Once the decision is made that it is, there are five critical factors to consider in selecting the perfect partner.

1. The Company

Quite often we get so caught up in the services a company offers that we forget about asking questions about the company itself. For example, what do you know about the company's business plan: How long has the company been in business? What is the company's business plan over the next five years? Is the company financially secure? Are there any plans to divest or sell?

It is also very important that its culture is in sync with your firm's. For example, is it invested in its people and technology? What is the tenure of employees? How are employees motivated? What types of educational training and advancement are offered? Be sure to ask for references and client satisfaction surveys. Once you are comfortable with the company, you can then start to probe the specific service details.

2. Project Management/Team Members

When you are evaluating any service provider, meeting all direct client-facing personnel is critical. Demanding at least two client-facing contacts is recommended. Ask to see their resumes and understand their experience in the industry. Remember, a certification in any software can never take the place of real-time project experience. The project manager must have law firm experience in my opinion with a strong legal background to understand technology and how it applies to the law.

The project manager must be an excellent communicator both when writing and speaking, so I would recommend an in-person meeting to evaluate the latter. The service provider should bring the project manager to any presentation, and if that doesn't happen, question it. Also, don't be afraid to ask about other team members such as the subject matter experts. Do they understand the process and can they take you over the finish line?

3. Technology

When evaluating any service provider, have a detailed understanding of what software is offered. Choose a partner with options to support your projects. For example, remember to ask detailed questions regarding processing software and how the software manipulates the data (e.g., how does it deduplicate?). Second, get a feel for its artificial intelligence capabilities (e.g., what information does the software utilize to create email threading?). Furthermore, be clear on what the software can't do (e.g., what capabilities does the software have regarding native file redactions or video review?).

In addition, detail what you can do yourself versus what the vendor will have to do for you. For example, are you able to load your own data and manage your own databases?

4. Scalability

Another determining factor when choosing an e-discovery partner is how scalable services truly are. First, have a concrete understanding of how much data your partner will be able to turn over within a 24-hour period. The key factors here must be ingesting raw data (denisting, deduplication, indexing); traditional filter testing (applying keyword and date restrictions); applying AI (email threading/clustering and categorization); and finally, image conversion output (how many images can be processed?).

Find out the timeline from client approval of a production to when it will be ready to send to the opposing party. Having these questions answered ahead of time will set any project on the path to a successful outcome for your client.

5. Security

The hot topic in any decision on an e-discovery provider is security. When you first think of security, you think of an outside individual or entity infiltrating an office or data center, but you should also be considering client data in transit between the law firm and the vendor.

First and foremost, it is essential to visit the vendor's office and also its data center, which could be in two different locations. Observe the protocol for entering and exiting the building. In case of a disaster, confirm the provider has a second data center location. Also understand the turnaround time to have you data restored if a disaster occurs. Ask for the written documentation surrounding the vendor's disaster recovery program and also share this with your chief security officer.

Confirm all necessary steps the provider takes to ensure data protection and minimize the risk of data infiltration. Ask the vendor to supply all security documentation and share it with your firm's and/or client's chief security officer to make sure it meets all internal compliance standards. This should also include data breach audits and infiltration testing. See the EDRM security questionnaire on this topic for more information.

If the vendor meets all security infiltration standards and protocols for your firm and your client, the next security discussion should involve handling of data once it leaves the client.

The question to ask is: How will the client data get into the hands of the vendor? Usually it goes through what I call the “multiple copy syndrome”: Through the normal course of business the client will make a copy of the data to send to the law firm. The law firm usually makes a copy and then sends it to the vendor. We now have three copies of the same data. To minimize the risk, it would be better for the client to send the data directly to the vendor via a secure data portal.

The final security question involves how the provider handles privileged information. It is critical that you understand how privileged information is protected. Ask questions regarding the privilege review workflow and understand the quality control involved in production team preparations. Finally, ask how PII and privacy standards are met through redaction protocol methods and procedures.

Selecting the right partner can seem daunting, but with the proper research and asking the right questions, you can be sure to get the perfect match for your managed service's needs.

 

Christa Iannone is a senior discovery consultant with The MCS Group (themcsgroup.com) where she counsels corporate law departments and law firms on how to apply a cost-effective solution to every day challenges in Information Governance, Security and eDiscovery.

In my previous article, “A Simplified Approach to Making the Managed Services Decision,” I discussed how you could go about deciding on whether or not a managed services program is the right choice for your firm. Once the decision is made that it is, there are five critical factors to consider in selecting the perfect partner.

1. The Company

Quite often we get so caught up in the services a company offers that we forget about asking questions about the company itself. For example, what do you know about the company's business plan: How long has the company been in business? What is the company's business plan over the next five years? Is the company financially secure? Are there any plans to divest or sell?

It is also very important that its culture is in sync with your firm's. For example, is it invested in its people and technology? What is the tenure of employees? How are employees motivated? What types of educational training and advancement are offered? Be sure to ask for references and client satisfaction surveys. Once you are comfortable with the company, you can then start to probe the specific service details.

2. Project Management/Team Members

When you are evaluating any service provider, meeting all direct client-facing personnel is critical. Demanding at least two client-facing contacts is recommended. Ask to see their resumes and understand their experience in the industry. Remember, a certification in any software can never take the place of real-time project experience. The project manager must have law firm experience in my opinion with a strong legal background to understand technology and how it applies to the law.

The project manager must be an excellent communicator both when writing and speaking, so I would recommend an in-person meeting to evaluate the latter. The service provider should bring the project manager to any presentation, and if that doesn't happen, question it. Also, don't be afraid to ask about other team members such as the subject matter experts. Do they understand the process and can they take you over the finish line?

3. Technology

When evaluating any service provider, have a detailed understanding of what software is offered. Choose a partner with options to support your projects. For example, remember to ask detailed questions regarding processing software and how the software manipulates the data (e.g., how does it deduplicate?). Second, get a feel for its artificial intelligence capabilities (e.g., what information does the software utilize to create email threading?). Furthermore, be clear on what the software can't do (e.g., what capabilities does the software have regarding native file redactions or video review?).

In addition, detail what you can do yourself versus what the vendor will have to do for you. For example, are you able to load your own data and manage your own databases?

4. Scalability

Another determining factor when choosing an e-discovery partner is how scalable services truly are. First, have a concrete understanding of how much data your partner will be able to turn over within a 24-hour period. The key factors here must be ingesting raw data (denisting, deduplication, indexing); traditional filter testing (applying keyword and date restrictions); applying AI (email threading/clustering and categorization); and finally, image conversion output (how many images can be processed?).

Find out the timeline from client approval of a production to when it will be ready to send to the opposing party. Having these questions answered ahead of time will set any project on the path to a successful outcome for your client.

5. Security

The hot topic in any decision on an e-discovery provider is security. When you first think of security, you think of an outside individual or entity infiltrating an office or data center, but you should also be considering client data in transit between the law firm and the vendor.

First and foremost, it is essential to visit the vendor's office and also its data center, which could be in two different locations. Observe the protocol for entering and exiting the building. In case of a disaster, confirm the provider has a second data center location. Also understand the turnaround time to have you data restored if a disaster occurs. Ask for the written documentation surrounding the vendor's disaster recovery program and also share this with your chief security officer.

Confirm all necessary steps the provider takes to ensure data protection and minimize the risk of data infiltration. Ask the vendor to supply all security documentation and share it with your firm's and/or client's chief security officer to make sure it meets all internal compliance standards. This should also include data breach audits and infiltration testing. See the EDRM security questionnaire on this topic for more information.

If the vendor meets all security infiltration standards and protocols for your firm and your client, the next security discussion should involve handling of data once it leaves the client.

The question to ask is: How will the client data get into the hands of the vendor? Usually it goes through what I call the “multiple copy syndrome”: Through the normal course of business the client will make a copy of the data to send to the law firm. The law firm usually makes a copy and then sends it to the vendor. We now have three copies of the same data. To minimize the risk, it would be better for the client to send the data directly to the vendor via a secure data portal.

The final security question involves how the provider handles privileged information. It is critical that you understand how privileged information is protected. Ask questions regarding the privilege review workflow and understand the quality control involved in production team preparations. Finally, ask how PII and privacy standards are met through redaction protocol methods and procedures.

Selecting the right partner can seem daunting, but with the proper research and asking the right questions, you can be sure to get the perfect match for your managed service's needs.

 

Christa Iannone is a senior discovery consultant with The MCS Group (themcsgroup.com) where she counsels corporate law departments and law firms on how to apply a cost-effective solution to every day challenges in Information Governance, Security and eDiscovery.