Because of restrictions put in place in response to COVID-19, document review has had to go almost entirely remote. According to one model, estimates for onsite review have dropped 80% in favor of shifting to off-site, or remote, review.[1] While remote managed review is a new experience for many, some providers have had the infrastructure and foresight to quickly move their review workforce to handle remote managed review.
But how is remote managed review securely provided? And is it the right choice for your organization?
What is the Difference Between Traditional and Remote Review?
“Managed review” can be defined as a team-based undertaking designed and executed to meet a client’s document review needs on a case-by-case basis. Traditionally these teams generally have consisted of reviewers working from a secure brick-and-mortar facility with a combination of high-level reviewers, quality control personnel, and project managers who make sure the reviewers’ work meets the clients’ needs.
“Remote managed review” should be all of that – but in a secure remote facility such as a reviewer’s home, using as a device, typically a personal computer, to connect to a secure desktop and work in a review platform. Key components are a robust cloud-based review platform that can be both used and managed remotely; a managed review infrastructure that supports and encourages high quality, cost effective, and innovative review; a workforce of reviewers provided with the tools and support needed to work effectively from home or other remote locations; and solid security at each step along the way.
Before embarking on a project with remote managed review, companies should check to see whether there are legal obligations that might prevent its use. Client, law firm, or provider policies might specify, for example, that review must be performed in a brick-and-mortar review facility or require physical inspection of review sites before review may commence. These barriers aren’t necessarily deal breakers barring use of a remote option, but they need to be flagged and addressed if they come up.
Cloud-Based Review Platforms
Truly remote managed review should start with a review platform operating in a major cloud computing system such as Microsoft Azure or Amazon Web Services (AWS). Systems like these offer security, scalability, and geographical hosting options that are difficult if not impossible to match with traditional data centers or on-premise installations.
A solid cloud computing system should comply with standards such ISO 27001, SOC 2, and HIPAA. ISO certification, for example, can be challenging to obtain, entailing a lengthy and time-consuming process of demonstrating conformity with ISO’s documented standards. The cloud system should offer scalability so that you can adjust capacity to meet the constant and unpredictable changes in data and processing capacity that are commonplace with eDiscovery. It should allow you to choose where, geographically, your data is stored and computing takes place, to help avoid running afoul of data privacy and similar constraints.
Ricoh eDiscovery for example migrated to the public cloud in 2014 and uses Microsoft Azure for its suite of technologies to provide protections and capabilities, such as encryption in transit and at rest. Any review provider should have a comparable digital security safety net, yet some providers still rely solely on more traditional approaches. Look for providers that have a long-standing relationship embracing the secure cloud.
High-Quality, Cost-Effective Remote Managed Review
For quality remote managed review, a lot of moving parts need to work together. At minimum, remote reviewers need a place to work without disruption or distraction with reliable power, like a small uninterruptible power supply (UPS) or uninterruptible power source. They should also have dedicated work computers with sufficient capacity to handle the mass amounts of data and reliable, high-performance internet access and Wi-Fi to connect provider and reviewer.
Most importantly however, reviewer computers should be appropriately secured to protect client data and the work produced generated by the reviewers. Remote desktops that only give reviewers access to the secure cloud are ideal – this means client data never leaves that cloud.
Remote reviewers also need an array of communications technologies so they can more effectively work together with colleagues and clients. These might include secure video conferencing capabilities, chat or texting platforms, and file-sharing capabilities. These tools let reviewers communicate insights and pose questions in real time and share concerns with other reviewers, managers, and outside or in-house counsel and their staff. They facilitate better communication of and collaboration on changes in protocol, focus, methodologies, and the like.
To ensure that remote reviewers perform their work accurately, productively, and cost-effectively, their time and work need to be monitored closely. Ideally this includes detailed, verified time reports combined with productivity reports that generate a daily comparison of reviewers, monitor documents reviewed per hour, and keep tabs on decision revisions. Providers should be able to ensure that remote review productivity is maintained at a level equal to on-site review.
The Security of your Data is the Highest Priority
Security at every step of the review process long has been important, and that continues to be true when review is performed remotely. Providers should offer an array of security measures to clients. Look for providers that require the use of multi-factor authentication and USB encrypted key authentication; thoroughly vets remote staff, including checking licenses and performing background checks; assure that your data never leaves the secure cloud; and block download, print, email, and copy capabilities on remote desktops. Other security considerations for remote managed review include:
Reviewers
Reviewers’ licenses and certifications should be verified when they are engaged and then checked on a regular basis. Background checks should be performed. Performance should be routinely monitored and evaluated for quality, compliance, and the like. While none of these tasks is new, accomplishing them can be more challenging when reviewers work remotely and others, such as folks performing background checks, are subject to stay-at-home orders.
Reviewers’ Physical Workspaces
Reviewers should work in controlled environments, not in public spaces. Care should be taken to ensure that reviewers’ physical workspaces are set up and used in ways that protects clients’ data and information about work done on client data from leaving the workspace or being seen by others. Paperless processes and no mobile devices, cameras, or smart speakers in the workspace are additional, but important measures.
Computers that reviewers use to perform their work should be secured. First, reviewers’ internet connections should be protected using mechanisms such as virtual private networks. Reviewers should either use dedicated devices or ones that have been locked down. Whichever type of computer is used, physical protective measures can be put in place to help safeguard against loss or inappropriate dissemination of client data. These can include the use of computer cable locks; privacy screens; headphones; computers with no USB or similar ports and no CD, DVD, or similar drives; and even computers without removable drives.
Reviewers’ access to review tools should be constrained as well. Often this is accomplished using one or more of the following: multi-factor authentication, USB encrypted key authentication, and biometric authentication.
Benefits of Remote Managed Review
Switching from a model where reviewers go to a review facility, to a model where reviewers work remotely, offers advantages.
We are starting to see that geography matters less and less. When a reviewer goes to a physical review facility, it means they must live reasonably near that facility. If the best reviewer is settled in San Diego and the review facility you are using is in St. Louis, you won’t be hiring that reviewer anytime soon. And for the reviewer, not having a commute can translate into a better quality of life.
Reducing geographical constraints opens opportunities to draw talent from anywhere instead of just locally. This also means a blended pool of reviewers can be engaged, combining less expensive reviewers from lower-cost geographical locations with selected reviewers from locations where review costs tend to be higher.
Conclusion
When deciding whether to move from traditional to remote managed review and determining which remote review services to use, there are quite a few factors you should consider.
In the end, two factors are paramount. First comes security. This includes electronic and physical security, as discussed above. It also includes the security – and strength – of the provider’s business. Find out how long the company has been in business, how wide and deep its bench runs, and how long it keeps its employees. Inquire into its technological strength; does it rely entirely on others for the tools it uses, or does it have, for example, technology and innovation patents of its own.
Second, and in some ways most importantly, ferret out from the provider, and those it serves, what sort of business relationships the provider maintains with its clients. If you are like me, you want someone who is there at your side through good times and bad, helping meet your needs, solve your problems, and grow with you.
Award-winning attorney and consultant and EDRM co-founder George Socha has worked with corporate, law firm, governmental, and service and software provider clients on eDiscovery and litigation support challenges and opportunities for over three decades. As a practicing lawyer at one large and one medium law firm for 16 years, as an independent consultant for over 13 years, and at a large service provider for nearly four years, George had worked on just about every aspect of eDiscovery. George also has been working remotely since 2003. Details at www.linkedin.com/in/georgesocha
Notes:
[1] Rob Robinson, Revisions and Decisions? New Considerations for eDiscovery Secure Remote Reviews, ACEDS Blog (May 4, 2020)
https://blog.aceds.org/revisions-and-decisions-new-considerations-for-ediscovery-secure-remote-reviews/.
