52
A Guide to Document Comparison & Security For Corporate Legal
©2009 Osterman Research, Inc.
2
Executive Summary
THE NEED TO MANAGE AND CONTROL DOCUMENTS
Electronic documents are, for many corporate legal teams, the primary “product” that they
manufacture. Many legal teams follow predefined document workflows and manage documents
within a central repository; others choose to assemble, revise, and verify information using
nothing more than their email and word processing applications.
Administrative and legal professionals generate the majority of their documents using several
different Microsoft productivity applications, including Microsoft Word, Excel and PowerPoint. It is
not uncommon for users within the same organization to use multiple versions of the same
application. These documents are then routinely sent via email to communicate and share
document drafts with other team members.
In today’s organizations, documents are created, revised and reviewed on desktop computers, on
the go with laptops, or mobile devices such as BlackBerry’s. As part of the review cycle these
documents are shared with others, who then make modifications and forward them to additional
interested parties, who further revise them and circulate them again to even more people. These
teams not only review and share documents but attach new versions to messages as they are
distributed to co-workers, colleagues, partners, and customers for input.
Documents are commonly stored in a variety of document management systems and formats,
some of which cannot be edited by the people who need access to them. Many of these
documents contain metadata or confidential information and can expose potentially sensitive
content to those who are not authorized to see it.
The end result is a mish-mash of document management practices, version control problems, lost
productivity, and higher costs – all of which will become more pronounced as documents and
document types proliferate, and as economic pressures force companies to do more work with
fewer people and tighter budgets.
THE CONSEQUENCES OF NOT DOING THINGS PROPERLY
An organization that does not adequately address these problems can suffer a variety of
consequences including damage to an organizations brand, lost customers, legal actions and
fines for improperly managing information.
Organizations in which documents are
not managed properly can also have a
sever loss in employee productivity. If
we conservatively assume that the
average employee who is paid $60,000
each year wastes just five minutes per
day dealing with version control, file
format and other document-related
problems, an organization of 1,000 such
users will lose $625,000 annually in
employee productivity.
However, the consequences can be much more severe and costly than just productivity. For
example, there have been a number of legal cases in which metadata has been mistakenly
exposed or not presented as required. An organization’s inability to track this information or its
failure to produce it in a timely way can lead to enormous legal judgments or sanctions.
An employee who
makes $60,000 per year and
who wastes 5 minutes per day
will cost the organization $625
per year in lost productivity
51
A Guide to Document Comparison & Security For Corporate Legal
©2009 Osterman Research, Inc.
3
ABOUT THIS GUIDE
This guide focuses on the key challenges in managing documents in today’s companies and
looks at the technology that is helping organizations with document comparison, metadata
removal, content security and company-wide policy control. This guide also discusses key
questions that decision makers should ask as they develop business practices and deploy
technologies to resolve them.
What are the Key Challenges in Managing Documents?
MULTI-PARTY REVIEW AND MODIFICATION/VERSION CONTROL
Collaboration has become the byword of the modern organization and will become more
important as organizations become more distributed and more dependent on teams to manage
projects. A key element of any collaborative process is the ability to create, review and publish
documents of various types easily and efficiently.
However, many collaborative tools today lack a variety of important features that are necessary to
ensure a seamless document creation and modification process:
•
Version control
Arguably one of the most critical challenges in any collaborative document process is version
control. The issue is exacerbated by the use of email as a file transport mechanism, as well
as by the sometimes large number of users that often participate in the document editing
process. While the “track changes” feature available in virtually all word processors is of
some help, it does little to solve the underlying version control issue with which most users
must contend. For example, sending documents for review via email cannot ensure that
reviewers will use “Track Changes” or make edits to the latest version of a document,
resulting in frequent modification of old versions and extra work in reconciling multiple, edited
versions.
•
Accurate document comparison
The ability to accurately compare different versions of a document is critical, particularly for
sensitive documents like contracts, proposals, statements of work and the like. This is
especially true for documents in which the legal and/or regulatory consequences for
misstatements can be severe. A “good enough” comparison that misses details like
complicated formatting or table cell changes can have damaging consequences.
•
Managing multiple document formats
There can be difficulties in ensuring compatibility between multiple document formats,
especially when different versions of the same software are used in an organization (e.g., the
difference in file format between Microsoft Word 2007 and Word 2003), not to mention when
different vendors’ software is used. For example, the typical user today will create or be sent
.doc, .docx, .rtf and .pdf files. Resolving the differences between file types and allowing
individuals to access and modify documents regardless of the software they use is vital to
ensuring employee productivity.
•
Ease of use
If a system is not easy to use, employees simply will not use it. Consequently, the difficulty
inherent in using many content control solutions will keep employees from utilizing them,
negating much of the value the organization had hoped to realize by deploying the system.
Solutions that are easy to use and leverage your existing software tools and infrastructure
investments will increase adoption and limit training costs.
53
A Guide to Document Comparison & Security For Corporate Legal
©2009 Osterman Research, Inc.
4
METADATA CLEANING & MANAGEMENT
Metadata is often defined as “data about data,” an accurate and descriptive definition, but not an
especially useful one. Metadata should be thought of as information associated with and made
part of an electronic document that is not visible in the normal viewing or printing of that
document. In that sense, “hidden data” might one day replace “metadata” as a more useful term.
Metadata includes descriptive, historical,
and technical information and is typically
generated automatically. It can also include
hidden information manually added by
users of the document. Classic examples of
metadata are the information contained in
“document properties” and comments or
tracked changes in Microsoft Word
documents.
What Challenges Does The Organization Encounter?
MANAGING & ENFORCING CONTENT POLICIES
The vast majority of legal teams utilize a metadata solution on desktop computers to limit the risk
of sharing critical content. However, metadata protection on the desktop is only part of the
challenge. Organizations need to go beyond the desktop and secure documents across
BlackBerry’s, web mail and USB drives. Some companies will require tools to easily monitor and
enforce metadata policies across the entire organization.
The key to managing content no matter where the document is located is policy control. With the
ability to define policies to manage, secure and control content organizations are able to enforce
content policies. Whether it’s monitoring users to make sure a metadata policy is followed, or
enforcing PDF file formats on any document that leaves a department, policy management is
one of the most important best practices that any organization can follow.
INFORMATION GOVERNANCE & RISK MANAGEMENT
Analyzing outbound email communications and performing policy-based operations for
documents that violate security policies are necessary protective measures in today’s
environment. From preventing IP data loss to enforcing information barriers to avoid conflicts of
interests or to preserve insider lists, organizations today need to look at solutions that provide
end-to-end document level security. A PDF conversion policy is one solution to secure your
content before it is emailed as an attachment or transferred to a portable media device.
Encryption is another option that allows today’s organizations to control data that is more mobile
on laptop computers and USB devices.
While the protection of the specific content generated and managed by users is important in and
of itself, the information about this data – or metadata – is also important to maintain. In many
cases, the metadata associated with electronic content is just as proprietary as the data itself,
and so must be managed and secured along with the content. Without proactive metadata
management, companies are subject to increased risks. Being able to remove, preserve and
manage metadata is critical for a variety of purposes, not least of which are statutory and legal
requirements.
With lawmakers passing legislation that mandates stringent controls on information such as
customer data, health records, transaction records, and non-public company data the cost of non-
compliance can be severe. An organization’s inability to track content, remove it as necessary or
its failure to produce it in a timely way can lead to enormous legal judgments, sanctions, public
An inability to properly clean
metadata from documents can
expose an organization to
enormous liability
44
A Guide to Document Comparison & Security For Corporate Legal
©2009 Osterman Research, Inc.
5
embarrassment and lost customers.
AUDITING DOCUMENT CHANGES
Being able to track the changes each document reviewer makes can provide valuable information
in legal matters, as well as identifying process improvements. A history of the document changes
can provide detailed history into the evolution of a negotiation process, for example, and analyze
the history of another reviewers input.
INTEGRATION WITH A VARIETY OF PLATFORMS AND SYSTEMS
Employees, particularly in larger organizations, must access several different systems to do their
work. A 2008 Osterman Research study found that 44% of information workers must access
more than five different systems in the normal course of doing their job, and 68% must access
more than three different systems. Consequently, leading solutions must be compatible with a
large number of platforms and systems. Being able to leverage existing systems through
integrations or web-based services will increase their utility as well as the employee productivity
that will be gained from their use.
LOST PRODUCTIVITY
One of the key issues associated with poor document management and collaborative practices is
the lost productivity that ensues. This is, for many organizations, the worst problem they face
because the problem is repeated over thousands of users in some cases. As noted earlier, just
five minutes of wasted time per employee each day can equate to $625,000 in lost productivity
every year per 1,000 employees.
COST
While the problems discussed above can sap employee productivity and create a variety of other
challenges, none of them will be solved if the solutions to address them are too expensive or
provide a return-on-investment that is too low to justify their deployment.
What Questions Should You Ask of Vendors?
OVERVIEW
Clearly, the problems outlined above are serious and should be addressed in order to reduce
costs and improve the efficiency of the company. However, it is important to ask the right
questions at the outset of any product evaluation in order to accomplish two primary objectives:
• To define requirements up-front in order to satisfy all of the constituencies within an
organization that will need to use the processes and technologies that are implemented.
• To put the vendors whose solutions are evaluated on a level playing field instead of relying
on statements of individual vendors’ varying features, functions and specifications.
We have assembled a list of questions that companies should ask of their prospective vendors.
WHAT ARE THE KEY FEATURES AND FUNCTIONS YOU NEED?
The features that a company might require to help manage documents will vary based on a
number of factors, including the number of documents it will need to review in a given period of
time, the size of the company, and the complexity of the documents that will be under review.
Included later in this section is a list of features that should be considered for comparison among
leading vendors’ solutions.
VB.NET PDF: Basic SDK Concept of XDoc.PDF You may add PDF document protection functionality into your VB.NET program. to edit hyperlink of PDF document, including editing PDF url links and quick
adding links to pdf in preview; convert a word document to pdf with hyperlinks
56
A Guide to Document Comparison & Security For Corporate Legal
©2009 Osterman Research, Inc.
6
• Document comparison capabilities
It is critical to evaluate the comparison engines of each offering. It is vitally important to test
these engines using complex and lengthy documents with complex formatting, since simple
documents may not reveal the differences in accuracy between each comparison solution. It
is also important to test the comparisons on other document formats your organization relies
on such as PDF.
• Multi-user document tracking capabilities
Except for use in all but the smallest organizations or for the simplest of documents, a
solution should be able to support both serial reviews and parallel reviews in order to
maximize the speed with which documents can be reviewed and the efficiency of reviewers.
Further, the solution must protect master documents against corruption during the review
process.
• Single-master tracking capabilities
This is a key feature, particularly in
organizations with a large number of
reviewers and/or if multiple document
repositories are employed. Single-
master tracking ensures that the
correct version of a document is the
one under review regardless of where
the document is stored.
• Metadata cleaning capabilities
It is critical that a solution be able to clean metadata from any document. As noted earlier,
reasons for cleaning metadata might include removing communications between a client and
an attorney that could be included as comments in a document, eliminating earlier changes
that might not have accurately reflected company policy, or eliminating comments that could
portray an organization in a negative light.
• Provision of document change history
An audit trail of a document’s change history can be very important to demonstrate how a
document evolved over time, and to determine who might have made changes and why the
changes were made.
• Version control capabilities
Version control is among the most vexing problems that any document reviewer will face.
Any solution should ensure that the correct document is the one under review to prevent
mistakes and time wasted reviewing older or incorrect documents.
• Comment management
Comments are a vital part of the document review process because they allow reviewers to
ask questions, request clarification from authors, point out potential violations of company
policy, and so forth. Any solution must be able to manage comments in meaningful ways,
such as using tracking comments for each individual reviewer, allowing comments to be
hidden, filtering comments by individual reviewers, and so forth.
• PDF capabilities
Any solution should support both the creation and manipulation of the Adobe Portable
Document Format (PDF) given the ubiquity of this format across multiple platforms.
Individual reviewers should be able to create PDF documents, compare PDFs to other PDFs
or Word documents, make changes to them, assemble multiple PDF documents into a single
document, etc.
A solution should be able to
support both serial reviews
and parallel reviews in order
to maximize the speed with
which documents can be
reviewed.
53
A Guide to Document Comparison & Security For Corporate Legal
©2009 Osterman Research, Inc.
7
•
Centralized policy management
Document security policies should be centrally managed to provide the maximum level of
control over metadata management, PDF conversion, encryption, or other security measures
to enforce how documents are shared, who has permission to access them, and how they
are controlled.
•
Ease of use
Ease of use is a critical consideration for any solution, since a system that is cumbersome,
time-consuming or difficult simply will not be used.
•
Document corruption prevention
Corrupt documents are the fear of all legal teams particularly at the 11th hour. Corruption
can be prevented by solutions which control round-tripping by protecting the integrity of the
master version by not introducing bad formatting, styles and other word processing formats
into the master document.
•
Security capabilities and support
Security is of critical importance for any solution. Depending on the organization’s policies,
security capabilities might include the ability to redact comments or changes, clean metadata
prior to document transmission or presentation; the ability to encrypt documents during
transmission and at rest, such as when written to CDs or DVDs; support for PDF security;
rights management; and data protection to ensure that sensitive information is not sent
outside of the company.
WHAT PLATFORMS AND ARCHITECTURES ARE SUPPORTED?
The platforms and architectures that a solution can support are a vital consideration, particularly
in a heterogeneous desktop and server environment, or when document reviewers in different
organizations are involved in the review process. Issues to consider here include support for:
•
Microsoft Office, the near-ubiquitous desktop productivity application.
•
Client/server capabilities.
•
Support for leading server operating systems and desktop operating systems, including the
growing penetration of 64-bit operating systems.
•
Support for a variety of other systems, including Microsoft Active Directory, Citrix, Microsoft
Outlook, Lotus Notes, Microsoft Internet Explorer and various mobile platforms.
HOW CAN THE SOLUTION BE DEPLOYED?
It is important that a solution support deployment options that are most useful to the organization
today and also based on how its needs will change in the future. It is important to not only
evaluate installation options such as silent installation on desktops, but to also look at solutions
that offer modular deployments so different workgroups can have a tailored interface with
different features.
WITH WHICH SYSTEMS DOES THE SOLUTION INTEGRATE?
A document solution should support all of the systems in use by an organization today or that it
might use in the future. These systems might include Microsoft SharePoint (rapidly becoming the
default collaboration platform in Exchange-enabled environments), Microsoft Office, EMC
Documentum, Open Text, Autonomy Interwoven, Starlaw and various other platforms, as well as
the email systems in which these documents will be sent.
58
A Guide to Document Comparison & Security For Corporate Legal
©2009 Osterman Research, Inc.
8
WHAT FILE FORMATS ARE SUPPORTED?
Clearly, any document review solution must support conversion to and from all of the file formats
that an organization might encounter, including all of the file formats even within the same
vendor’s offering (e.g., Microsoft’s .doc and .docx file formats). PDF support is also critical for
any solution given the universal nature of this format.
HOW ROBUST ARE THE OFFERINGS?
A key consideration for any document review solution is its robustness: the performance of the
solution when under heavy use with large documents, its scalability and the architecture that the
vendor has employed. A solution that has been tested in many different environments will likely
cause fewer issues. This is particularly important in very large deployments or when key users
will be relying on the solution every day.
HOW ARE POLICIES MANAGED?
Policy management is becoming an increasingly important consideration for document review
capabilities. Vendors need to be asked a variety of questions, including:
•
Can document security policies be
managed from a central administration
point?
•
What auditing and reporting tools are
available to ensure compliance with
company policies?
•
How granular are the policy
capabilities?
•
Are default policy templates provided?
•
Can policies be integrated with Active Directory?
The requirements for policy management will vary widely based on the specific needs of
individual organization.
HOW RELIABLE IS THE VENDOR?
The strength of any solution typically rests on how well the vendor supports their offerings. Key
questions to ask of prospective vendors include their support options (24x7 support vs. support
only during working hours), the number of locations they maintain, the number of customers that
have deployed the solution, the partnerships they have established for integration of their
platform, and their financial viability. While this is not to say that a small, startup vendor cannot
provide a robust and useful document review solution, solutions from large and established
vendors can give decision makers confidence that their solution has been thoroughly tested by
many users, will be supported over the long term, and that investments made in content review
processes will not be lost.
HOW DOES THE SOLUTION INCREASE PRODUCTIVITY?
Organizations should be looking for solutions that:
• Dramatically reduce staff time having to deal with processing, reviewing and distributing
documents
• Eliminate user confusion over document versions and the master file
• Allow you to include clients in the review process
HOW MUCH DOES THE SOLUTION COST?
Of course, any document solution must be affordable – the “perfect” solution that is too expensive
to deploy or support for all of the constituencies that will need it is no better than an inadequate
solution that is highly affordable.
Policy management is
becoming an increasingly
important consideration for
document review capabilities
26
A Guide to Document Comparison & Security For Corporate Legal
©2009 Osterman Research, Inc.
9
When considering costs it is also important to identify and ask about other expenses such as
implementation and training. If one solution requires a lot of IT support or many hours of end-user
training that may no longer be the cheapest solution for your company. Also, be sure to evaluate
the timesavings a solution may create. Some of the key questions to consider include:
•
How many hours will the solutions save each employee
•
Will there be a reduction in the time it takes to create and review documents
•
Does the solution eliminate document issues like corruption or version proliferation
If one solution requires many hours of end-user training or has a greater impact on user
productivity that may no longer be the best solution for your organization.
Summary
Managing documents effectively is critical for every corporate legal team. Legal professionals in
today’s organizations produce and manage contracts, legal agreements, documentation,
corporate policy manuals and more. A failure to adequately manage these documents and
control their content can lead to a variety of consequences, including loss of employee
productivity, legal judgments, and customers.
Technology that provides document capabilities that will permit individuals to manage documents
efficiently and securely, and at the lowest possible cost in terms of both direct expenses and
personal productivity are requirements in today’s companies. As organizations evaluate the
many solutions available to them, they should ask a series of detailed and probing questions to
ensure that the solution they choose best matches their current and expected requirements.
47
A Guide to Document Comparison & Security For Corporate Legal
©2009 Osterman Research, Inc.
10
Product Comparison Worksheet
The following worksheet provides a list of common features and functions to look for as you
review document solutions for your organization.
Solution
A
Solution
B
Solution
C
DOCUMENT COMPARISON
Can you compare Word-to-Word
Can you compare PDF-to-PDF
Can you compare Word-to-PDF
Can you compare embedded Excel tables and other objects
Can you compare multiple versions of documents?
Can you synchronize between all versions and changes?
Can you easily compare attachments in email messages
Can you accept/reject PDF and Word changes with Word track
changes
Can you email a redline as track changes
Can you email or save a redline as a PDF
Can you perform paragraph, line, character and word level
comparisons
Can you manage and customize rendering sets
Are comparisons of complex documents (100+ pages) accurate
Is accuracy high in tables, list numbering, bullets & complex formatting
COLLABORATION
Does the user interface allow for easy review cycles
Can multiple reviewers work in parallel on a document
Can you manage comments with/without MS track changes
Does it support MS track change reviews
Can you compare one-to-many document versions
Does it control a single master document for you
Does it provide an additional level of version control?
Does it decrease document corruption
SECURITY
Will the solution discover and remove metadata in documents
Does it detect metadata with mobile users (Web Mail, PDAs,
Blackberry’s)
Can you easily enforce company-wide rules for metadata cleaning
Does it go beyond metadata and prevent IP data loss, enforce
confidentially and control information barriers
Can rules dictate how to manage specific types of content
Can the user initiate metadata discovery on files
Documents you may be interested
Documents you may be interested
