A client can have one of the following two security policy values:

• Open - Access to matters for such client is open by default. Matters can be individually secured to ensure access to authorized users only.
• Restricted - Access to matters for such a client is only available to authorized users. Authorized users are named in the client team unless the matter is individually secured. Matter team restrictions can be made more restrictive or less restrictive than the client team. You can select this behavior using the following checkbox option:
  • Matter staffing is required to be Limited to users named under Client staffing. (Checkbox selected.)
  • Matter staffing is not required to be Limited to users named under Client staffing. (Checkbox not selected.)

  NOTE:

  See also Realignment of security policies, below, for additional information.

As a client and matter administrator, client and matter manager, or applicable type of local client administrator, you can modify the excluded systems, access request settings, and memos defined at the client level for a client.

• Accessing client security settings
• Adjusting client security policy
• Access Requests
• Security Memo
• Scheduled Awareness Reminders and on-off Awareness Reminders
• Exclude systems from policy
• Realignment of security policies
• Updating custom properties
• Holds

Accessing client security settings 

On the Client Details page, click the Security tab. 
The Security page appears.
Alternatively,
On the Client Details page, in the Overview tab, click View Security Policy. 
The Security page appears.

Adjusting client security policy

1. Select the Security pane (under Client Details).
2. In the Policy panel, select Open or Restricted.
   • If you select Restricted, you have further options as to whether or not the client allows staffing on individually secured matters to include non-client staffing. Select one of:
     • Matter staffing is required to be Limited to users named under Client staffing. (Checkbox selected.)
     • Matter staffing is not required to be Limited to users named under Client staffing. (Checkbox not selected.)

3. Select Save.

   • If you have set client security to Restricted (Limited to users named under Client staffing), and there are underlying individually restricted matters, a warning message is displayed, along with options to adjust security or staffing as required. Adjust these as required and when done, select OK. (See also Realignment of security policies.)

    Changes are applied.

Access Requests

The Access Requests pane appears on the page if the selected security policy is 'Restricted'. 

1. Click in the Access Requests pane to update the access request approval preference for the matters under the client.

2. There are six possibilities for requesting, approving or providing access:

   1. Access cannot be requested by users. Access can be provided by the administrators.

   2. Access requests can be approved by the responsible attorney.

   3. Access requests can be approved by an administrator.

   4. Access requests can be approved by any member of the team.

   5. Access requests are granted automatically and are time-limited. In this scenario, no approvals are required. Upon raising a request by a user, access is automatically granted by the system.

   6. Access requests are granted automatically. In this scenario, no approvals are required. Upon raising a request by a user, access is automatically granted by the system.

3. Click the required option, and then click Save to update the changes.

Security Memo

In the Security Memo text field, enter/update the security instructions as required, and then click Save to update the changes.

This memo can be added to relevant notification events, for example to staff members gaining or requesting access to the client. It is also displayed to users requesting access to the client.

Scheduled Awareness Reminders and one-off Awareness Reminders

You can also schedule Awareness Reminders of the Security Memo to help ensure that users are reminded regularly of their obligations with regards need-to-know access. Scheduled Awareness Reminders are not sent by default, but can be sent on a scheduled or a one-off basis, as follows:

1. To set up the sending of a regular, scheduled Awareness Reminder:
   1. Under Scheduled Awareness Reminders, select Edit Reminder.
   2. A pop-up window, Edit Scheduled Awareness Reminder displays. Click on the Frequency of Review dropdown.
   3. Choose the frequency that you would like the reminder to be sent, from the following options: Never, One Week, One Month, Three Months, Six Months, One Year, or Custom.
      1. If your selection is Never, One Week, One Month, Three Months, Six Months, or One Year, the Due Date of the next Awareness Reminder that will be sent is displayed in accordance with your selection. Click Save.
      2. If your selection is Custom, there are some additional options to configure, as follows:
         1. Click the Select Time Period dropdown first. The options available are: Days, Weeks, Months, or Years.
         2. Click in the Custom Period text field and enter the number of Time Periods (that is, the number of Days, Weeks, Months or Years accordingly to your selection in 1. above) between which you wish to send the Awareness Reminders.
            (For example, if you wish to send reminders every 3 months, you would choose Months from the Select Time Period, and the enter the number '3' in the Customer Period text field.)
         3. In accordance with time period you have set, the Due Date of the next Awareness Reminder that will be sent is displayed.
         4. Depending on the configuration, you may also see the option The Security Memo must be acknowledgement for continued access to the client. Select the checkbox if this option is required.
         5. Select OK.
   4. The Scheduled Awareness Reminders field now displays text of type: "The Security Memo will be sent once every 3 months".
2. To set up the sending of a one-off Awareness Reminder, at any time: 
   1. Click on Send a one-off Awareness Reminder now.
   2. A pop-up window, One-Off Awareness Reminder displays. This gives a reminder that proceeding will cause the memo to be sent to all current staffing on the client.
   3. Select Send to proceed.

   4. A confirmation pop-up displays "The one-off Awareness Reminder has been sent."

      NOTE:

      Under Staffing tab, icon appears next to all the existing and non-excluded users till they acknowledge the security memo.

Exclude systems from policy

You can exclude specified systems from policy. This feature should be used cautiously with full awareness of security implications. The client will be 'Open' in the excluded system, regardless of the security policy specified in SPM.  

To exclude a system:

1. Click Add Excluded System. The New excluded system dialog box appears.
2. Enter the agent system name you want to exclude in the System Name field. As you type the value, the system will suggest the system names based on the string entered. 
3. Enter the reason for excluding the system in the Reason field.
4. Click OK. The system is excluded for the current client. 

Realignment of security policies

For some types of client level security policy update, matter security policy is automatically aligned to match the updated client level security. However, when client policy is changed and security policy alignment is not automatic, for example when a client changes from Restricted (Not limited to users named under Client staffing) to Restricted (Limited to users named under Client staffing), but there are already underlying individually secured restricted matters with their own non-client staffing, SPM provides options to adjust staffing or security as required.

Security policy overviews

(Re)alignment options

Updating custom properties

As a Client and Matter Administrator or Client and Matter Manager, you can define custom properties for assets, under the Settings>Custom Properties page. These custom property fields will appear either under the General Details page or the Security page of an asset, based on how you have defined them. See Custom Properties for more information on how to define custom properties.

Depending on how the individual properties have been configured and defined, you may be able to add/update the values in the custom property fields from the General Details page or the Security page of the asset. If a property has the tooltip Read-only or Secured by Client, this property is not editable (in current configuration).

To edit an editable property, click on the property value and, depending on the type or property (for example Date, Number), an appropriate editor will be available (for example text cursor, date picker).

If a custom property under the property set is configured to accept 'text' values, then the icon appears upon clicking the property field and entering any character. Click the icon to add the value, or click Save.
If you have configured an iManage Work link, in Settings > General Settings > Work Document and Folder Links, you can add a iManage Work link that you want to direct the user to, in place of adding text in the field.

1. Select . The Add Work Link dialog box appears.
2. Select one of the options provided:
   1. Paste Work Link: You can add a different work document/folder url to the one configured in the Settings page. You can test the link by clicking Test Work Link.
   2. Select Document by ID and Version: You can add the document Id and version. In this option, the URL configured in the Settings page is considered.
   3. Select Folder ID: You can add the folder Id. In this option, the URL configured in the Settings page is considered.
3. Enter the relevant details based on your selection.
4. Enter brief and relevant text that provides a context to the content in the link in the Link Text field, and then select Add Link.
5. Select Save.

Holds

You can view and add related holds. For more information, see Holds.