The Law Society previously published a Small Practice Bulletin on the main features and benefits of a Case Management System ‘CMS’).  This note contains a list of questions and issues that you may wish to address with a prospective Vendor when planning and acquiring a CMS that may be additional to, or part of, an onsite/live demo.

When considering a CMS, it is prudent to explore whether to implement same as software-as-a-service (i.e. web based which is accessed over the internet) or self-hosted on your firm’s hardware/premises.  Both types of offerings have advantages and disadvantages for a business from an operational perspective as well as the costings involved.   The questions below cover both scenarios but obviously if you are going with a cloud-based service, assurances regarding security and access to data are of most importance.  If you intend hosting the system on your hardware, then disruption to business caused by updates and the availability of support may be of more relevance.

Please note that this list of questions is for guidance purposes only.  It is non-exhaustive and professional guidance from your IT providers and/or experts should always be sought.

The provider

• Please provide a background to your organisation
• Approximately, how many Irish law firms currently use your software?
• What type of firms are you primarily focused on - sole practitioners, small to mid-sized firms, large firms, working across what particular areas of law – general or specialist?
• Do you have any certificates/ISO standards that you comply with – please provide details?
• What is your unique selling point which sets you apart from your competitors?
• Do you have testimonials available regarding your services?
• Can you provide contact details for 2 referee firms of a similar size to ours?

The case management system

• Do you provide a cloud-based hosted solution or will the system be self-hosted on my firm’s server(s)?
• What legal accounts packages does the case management system integrate with?
• Does it integrate with other software such as digital dictation, voice recognition etc? please give examples.
• What other applications is the software required to interact with (e.g. Outlook) and what versions of those applications?
• Is there an app and, if so, what Operating Systems and their versions do you support?
• Does the software have granular access control based on a user’s role – i.e., can we control who has access to what?
• What service value add-ons (e,g. productivity tools, user development, user training, on-going support) do you provide?
• Can we customise workflows in relation to tasks and cases?
• Does the system come with precedents and, if so, are they (a) updated (and how often) and (b) customisable?
• Are there any quantifiable limitations to using the system that a user should be aware of (e.g. hardware or bandwidth requirements, limited capacity of users, it only works with certain versions of Windows, it is only supported on a limited number of smartphone operating systems, etc)
• How is the system backed up?
• What problems or issues are most reported by users?

Cost

• How is the system priced – per user, per subscription?
• Please provide a breakdown of the various costs incurred in using your system.
• What ongoing costs should we expect?
• Can you buy full user or light user licences?
• What services are included in the annual licence fee?
• Please provide worked examples of costs that may be incurred for [ X ] users for each of (a) installation and (b) on a standard annual basis and (c) for exceptional circumstances (upgrade, termination and transfer to new user etc)

Installation

• Please give a brief outline of the installation process together with timeline (days involved, downtime, etc) to include data transmission, installation and training, and going live.
• How many hours/days do we need to budget internally for software implementation and training?
• What kind of configuration changes can be made to change the look, feel, and performance of the software – are there additional costs for this?
• Do you keep a copy of our old system for a period – if so, for how long and how is it deleted?
• What happens if we encounter significant difficulties during the initial use period? How easy/difficult would it be to roll back?

Support

• What support services do you offer to your customers?
• What is the escalation process and the response time for each?
• How frequent are your service outages & how long do they last on average?
• Where are your support engineers based?
• What is your number of installations already installed in Irish legal offices?
• What type of interactive help features are included?
• Which of the following support resources are available: technical manuals, video tutorials, online chat, remote access, 24/7 email and phone support, and user support communities?
• What training resources do you make available to users?
• Is there an active online community for users of the software/system?
• What is your disaster recovery plan- please provide details?
• Who is your point of contact if we are interested in engaging with you?

Upgrades and patch updates

• How often do you (version) upgrade your software?
• Are upgrades covered by the licencing agreement?
• What type of planning must go into upgrades - how are they effected, will we experience any downtime/slowdown/limited use during an upgrade, will it affect the SLA – please provide details?
• Do you provide phone-based/on-site/remote tech support during software upgrades?
• Is there an additional charge for any such upgrades?
• What if additional training is required for an upgrade – will there be additional costs?
• What if we choose not to upgrade?
• How often do you publish patches and/or minor updates?
• Are patches/updates pushed automatically?
• Will there be any impact on business continuity caused by patches/updates?

Data protection and security

• Please confirm (in writing) if you dispute that all data held in the system is owned by our firm.
• Do you propose to have access to the data on the system?
• What is your data protection policy?
• Do you have a data processing agreement to review?
• Please advise where exactly the data we send, and the documentation created, physically reside.
• Does the data go to any other entity?
• Does the data/information ever leave the data centre/our server?
• Does the data transfer outside the EEA?
• What happens to the data at the end of the contract?
• What precautions do you take to ensure compliance with data protection legislation?
• (For web-based applications) What does your service level agreement cover in terms of data loss or theft?
• Will we have dedicated or shared infrastructure? If shared, how do you maintain isolation and privacy of our data?
• Have you ever had to make a disclosure to the relevant authorities regarding a data breach?
• If Saas, please provide details on the security measures you employ to prevent unauthorised access to the data we send and create.
• What compliance and security protections are enforced at the location(s) where the data is stored?
• Does your software support 2 factor authentication, encryption settings, and audit trails or logs of all user activity?
• Do you run intrusion detection or intrusion protection on your network – can you provide any certification in relation to same?
• Please confirm that any individuals that are employed or engaged by you, whom have access to our data, have already signed Confidentiality Agreements with you.
• Does the software include graphical reporting features?
• For Saas, how often do you update firewall rules/policies?
• What insurance coverage do you have in place in the event of an IT security breach?
• What is your incident response plan/process?
• Please advise as to who assumes risk in situations where your system has been breached or our data had been disclosed without our consent.
• What reports can you provide us regarding the use of and access to our data?

General queries

• Please provide a copy of your SLA and/or terms & conditions (issues to consider here include governing law, jurisdiction, warranties and indemnities and any limitations on the liability of the vendor).
• How long is the contract?
• How much notice do we need to give to end our contract?
• What happens in the event of a dispute – can you lock us out of the system?
• Is there anything else about the software that we need to know?

We would suggest that you run this list by your IT support providers/experts to see if they have any additional questions or issues that may be particular to your firms’ current/future hardware and software requirements.