How Do You Replicate A Document Review “Clean Room” Environment In The Cloud?
The cornerstone of a defensible document review is security and taking a “clean room” approach to a review site insures that data is safe and secure. But, what exactly is a clean room? A clean room refers to a highly purified and regulated room for producing equipment sensitive to contamination, such as pharmaceuticals. What does this have to do with document review? In a document review space, the term “clean room” has come to mean a room where data remains secure. To safeguard the security of every document in a review space, these rooms retain strict entry protocols. People who enter a clean document room must have the proper access, no phones (cell or landline), cameras, personal computers, or other electronic devices and there is a manager onsite to confirm compliance with these rules.
Cleaning the document review center: creating sound security protocols
In order to access document review platforms, contract attorneys must use computers that are connected to an internet line. Considering the many configurations and varying levels of security profiles, real information security risks emerge when a device has an internet connection. It is imperative that review attorneys or staff cannot download sensitive discovery documents or for any data to be cached on a network. In order to avoid other types of security breaches, administrators should lock down browsing abilities or other parts of a user’s internet access so that the document review team does not have access to unauthorized and unmanaged email systems or other software applications.
Clean rooms need to be physically locked and access should be denied to anyone without the proper credentials, but internet access should also be locked or regulated. To prevent other types of unauthorized information transfer, most review clean rooms do not allow printing capabilities and Universal Serial Bus (USB) ports are locked. All of these security protocols allow for a room where sensitive documents are safe and sound which is the cornerstone of a legally defensible document review.
From the Document Review Room to the Cloud
With the outbreak of COVID-19 and so many businesses closing their brick-and-mortar facilities, how do providers maintain a defensible, clean room approach when document review is now in remote, home-based locations?
The process for a document review is critically important and they need proper governance to remain legally defensible. When working with contract attorneys who are remote, it is crucial to ensure the security of review documents. To do that, make sure any remote computers are locked in the same way they would be in a clean room environment. All contractors should be logging into a virtual desktop and never accessing the hosted environment directly.
A secure virtual desktop should have the following features:
- A secure image that allows for access only to the database review platform
- No access to the internet without written client approval
- Multi-factor authentication
- Disabled device redirection preventing data transfer between the device and the virtual desktop
- Inability to print from the virtual desktop
- Disabled clipboard access preventing the ability to copy or paste information
- Restricted ability to save documents to the user profile on the virtual desktop only and not on the device being used
- Ability to wipe the virtual desktops each night, clearing any user data or browsing history from the virtual machine
- No data stored at any time on any personal device or vendor provided laptop
Maintaining Document Review Oversight Remotely
To mimic a live document review atmosphere, there also needs to be remote-enabled project management and oversight. The same high standards of a traditional clean review room should be the same in a virtual clean room as well. All contract reviewers should sign confidentiality agreements which include information related to the policies and procedures that must be followed for remote document review. The same comprehensive reporting that clients were previously receiving should not be altered; they should still be provided with metrics showing that productivity and quality standards are being met. To help continually maintain the highest standards of quality control, frequent and regular internal calls to discuss feedback from the team, review protocol updates, and to conduct additional training should be conducted. Reviewers, even remotely, should be provided with quality control feedback through email, phone, or instant message in order to maintain appropriate quality levels.
No matter where a document review takes place, proper procedures need to be followed in order to ensure a defensible review. Make sure your vendors are not compromising any security or oversight in this new virtual reality.
If your organization is interested in the industry’s most powerful, efficient, and defensible managed document review solutions: Document Review and Analytics.
If you found this blog informative, you may enjoy: The Future of eDiscovery Post COVID-19.