iManage Security Policy Manager Overview

iManage Security Policy Manager is a web-based security solution, designed for law and other professional service firms, delivering need-to-know security, ethical walls and information barriers across a range of systems including iManage systems such as Work and Records Manager, and non-iManage systems such as time and billing, conflict management and other information repositories used by your firm. iManage Security Policy Manager delivers data protection and provides advanced control, audit and reporting capabilities to manage global security policies and protect client sensitive information. 

Using Security Policy Manager, security policies can be managed centrally by Conflicts, IT or Risk or can be delegated to client or matter teams and managed locally by an appropriate partner or their delegate.

Security can be assigned to clients, matters, client groups and cases, with access to these assets granted to, or denied from, specific users and groups. Client and matter details are typically imported from a time and billing or practice management system along with information on billing activity in order to service any self maintaining rules that have been established to add or remove people from client or matter teams automatically.  Users and groups are typically imported from active directory.

Security is applied to target systems via a series of agents.  Agents have a type - for example iManage Work or a specific time and billing system - and are configured to communicate with the target system and apply all security changes to content contained therein, preventing users with a conflict of interest or working for an opposing team from accessing relevant content and/or restricting access to sensitive material to just those individuals who are working on the matter.

Key Benefits of iManage Security Policy Manager

  • Implement need-to-know security and ethical walls at scale: Comprehensive solution that meets client confidentiality demands, firm security concerns and regulatory requirements, while addressing ethical matters arising from lateral hires, new clients and firm mergers.

  • Flexible security model: Apply need-to-know security at multiple levels including client, client group, matter, case, department and location. Use the security model that best suits your clients’ or firm’s security needs whilst ensuring that your users can continue to find relevant material and deliver services efficiently to your customers.

  • Quickly respond to client and regulatory audits: Visual timelines and dashboards with extensive reporting capabilities and advanced security enforcement allow you to meet the most rigorous security audit.

  • Manage security policies from anywhere: Intuitive, role-based UI design runs on any browser or device enabling you to stay productive on the go.

  • Instant protection of Work content: Seamless integration with iManage Work ensures that security policies can be instantly established, adjusted and ultimately removed.

  • Secure sensitive data: Easily enforce restriction of access to matters to the team that is working on them, through assignment of client policy to individual matters. Responsibility for maintaining access can be left with the IT service desk or handed to the client or matter owner or their delegates. A range of options allow the required level of self-service access to be provided, including automatic time limits to ensure urgent requests can be resolved out of hours, and access-after-approval by existing team members or the responsible attorney when access must be tightly controlled. Full audit of all changes ensures that access grants are recorded.

  • Modern intuitive user experience: Responsive user interface ensures that security policies can be managed and inspected on computers, tablets and phones. Security policies are clearly indicated in iManage Work and Records Manager client screens, making it easy to see who does and who does not have access. Role-based dashboards enable administrators, client owners and users to view information that is pertinent to them.

  • Multiple security policy types: Policy types include restricted (need-to-know) access, opposing client/matter segregation and conflicted user exclusions.