Step 1 of 7 14% Email* FirmProject Type*UpgradeNew Intapp Walls ImplementationNew Auditing Package - Activity Tracker without WallsMigration from Compliguard ProtectAdd module or extensionCustom rule, report, workflow, or security extensionTraining or ConsultingCompliGuard Protect configurationPlease briefly describe: 1) What systems are currently secured by CG Protect? 2) Any new systems you want to secure with Intapp Walls? (we typically recommend adding new systems in a Phase 2) 3) Are notifications sent from CG Protect? 4) Do you monitor DMS activity with CG Protect? (replaced with Activity Tracker) 5) Do you manage External Users with CG Protect? Called "Limited Access" in CG Protect and Contractor Walls in Intapp Walls. Users who should not have access to public documents in the DMS, only those clients/matters to which they are explicitly granted access. 6) Matter Team Manager - Do you want to allow delegating team adds/removes to partners (or any other users you chose) 7) Do you manage groups in CG Protect? Key differences between Intapp Walls and CompliGuard Protect Intapp Walls does not use SQL triggers. Instead the "Incremental Repair" process checkes the DMS activity history table every minute to detect changes that need to be repaired Intapp Walls does not allow maintaining groups in the application. Groups must be synced from a source like Active Directory or iManage By default, DMS Self-Maintaining in Intapp Walls adds only users who authored documents for a given matter rather than anyone who accessed it. However, we have a script to make activity based self-maintaining through the Generic DMS Self-Maintaining feature if requested. Intapp Walls creates an iManage security group per client or matter secured. CG Protect allows putting multiple groups on a wall which are added as seperate groups in the DMS. Intapp Walls will consolidate into a single security group per client/matter secured. Intapp Walls allows overlapping walls. The Policy Conflict Resolution model determines the effective security when there are overlapping walls. For example, if there is a client level inclusionary wall and a matter level exclusionary wall, the documents will be private to all users granted access at the client level except the excluded user. Intapp Walls Software LicenceAuditingDMS SecurityConfidentialityAdvanced Security(show all modules and extensions)Remote AccessRemote Access to Intapp Walls servers through Citrix or similar (direct access discount)Only supervised access over WebEx or similarOnsiteTo be determinedBrief description of business goals Current VersionTo see the installed version, go to Intapp Walls in a browser and hover over Copyright in the bottom/right corner.6.0 or laterBetween 5.0 and 6.0Before 5.0I don't knowTest ServersNew Test ServersExisting Test ServersTo be determinedProduction ServersNew Production ServersExisting Production ServersTo be determined select * from config where configvariable not like '%password' select wat.WallAccessType, wat.PolicyCategoryId, count(*) from walls w join WallAccessTypes wat on w.WallAccessTypeId=wat.WallAccessTypeId where w.isenabled=1 and w.isdeleted=0 group by wat.WallAccessType, wat.PolicyCategoryId FilePlease run the following SQL queries against your production Intapp Walls database and upload the results (CSV, Excel, RPT, etc.) Drop files here or Accepted file types: csv, xslx, xsl, rpt. Notes Activity Tracker is included in Auditing and Advanced Security licenses and is available as add-on to Confidentiality licenseWhite Paper - Is your firm leaking more than lawyers? Intapp Website - Lateral Prevention & Defense Inflection IT - Activity Tracker demo environment Activity Tracker Activity Tracker provides automated monitoring to help firms identify activities that may signify a larger problem. Activity Tracker can detect suspicious activity, monitor high-risk, log access to sensitive data, manage lateral departures, and mitigate email risk. Maximize your security and auditable proof by deploying Activity Tracker along with Intapp Walls. Note, however, that Activity Tracker can be deployed stand-alone. Monitor: iManage (on premise only) eDocs (DM5/10) NetDocuments Box Email Monitoring Time Entry or Financial System Other: Activity Tracker can typically monitor custom systems as long as activity logs are available that can be linked to specific clients/matters and imported into the Activity Tracker Intermediate Database. Notes Import walls from: LegalKEY Elite Excel Spreadsheet DMS Groups Active Directory Groups SQL Database Other: Features and Modules - all licenses except AuditingEnterprise Search Security Cloud Information Security & Risk Management Lobbying Regulations ITAR Inclusionary Clients/matters are made private with only those on the wall having access Client Confidential and Segregated Matters HIPAA / HITECH ISO 27001 Certification Protective Orders White Paper: Security & Confidentiality Exclusionary Users are denied access to clients/matters on opposite side of the wall. Includes both Lateral Hire walls and Multi-Sided Ethical Screens Ethical Walls and Information Barriers Lateral Hiring (Joiners) White Paper: Managing Lateral Risk Attorney-Secretary Pairing Secretary access can be restricted based on lawyer assignments, and secretaries can be automatically added or removed from selected walls. Self-maintaining - Time Entry Automatically add users to walls based on timecards entered for clients/matters on the wall. Self-maintaining - DMS Automatically add users to walls based on documents authored in the DMS Self-Maintaining Source Intapp Time Elite 3E Elite Webview Aderant (CMS) Carpe Diem Custom SQL View Notes Features and Modules - Confidentiality License Notifications Automatically send emails to attorneys, simplifying your administrative burden and mitigating your risk. Contractor Walls Contract lawyers can be granted access only to the documents they need while full-time staff retain their existing access. Available for Worksite (hosted and on-premise), eDocs, NetDocs, Share Point, Biztalk and Matter Center. Custom integrations to additional systems are typically possible, if interested please provide name(s) in Notes below.Contract Lawyer Security Dynamic Groups Auto-populate and maintain groups based on metadata such as practice group, office, jurisdiction or any other segment we can extract from the firm’s data. Typically used with Foundational Walls which is recommended for walls over 100 matters to ensure reasonable performance. Lawyer Portal (SharePoint or IIS Web Parts) The Lawyer Portal integrates with Microsoft SharePoint to give lawyers visibility of the policies that affect them. It also allows users to identify screens through a simple search. There are 4 out-of-the-box web parts provided by Intapp: MyWalls Lawyers see only the walls they are on. Can acknowledge outstanding requests from notifications Matter Access Check See whether a user should have access to a specific client/matter. All Walls by Client See a list of all walls grouped by Client All Walls by Client See a list of all walls grouped by Wall Type Inflection IT also builds custom web parts to specific needs. If interested, please provide details in Notes below. License add-on required (available to Confidentiality and Advanced Security)Insider List Management Regulatory Access (Insider Lists) Monitor and generate timely responses to regulatory compliance requests. Please include your specific requirements in Notes below as the out-of-the-box Insider Lists are policy focused and don't track if data was actually accessed. Ask your Intapp sales rep for the Intapp MAR Compliance data sheet. Notes License - Advanced Security - includes Confidentiality and Auditing packages above and:Intapp Risk Solutions - Compliance - Legal Holds Matter Team Manager (Delegated Policy Administration) Matter Team Manager (MTM) allows you to delegate governance of matter-level security to attorneys or the help-desk, giving your firm more flexibility and responsiveness in matter administration. Matter Team Management Inflection IT - Matter Team Manager demo environment Foundational Walls Allows securing large sections of your DMS by practice group, office, jurisdiction or any other segment we can extract from the firm’s data. Available only for the following systems: - Worksite (hosted and on-premise) - NetDocuments - eDocs - Aderant Expert - Intapp Time - File Shares - SharePoint (HTTPModule) - Generic Extension Custom integrations to additional systems are typically possible, if interested please provide name(s) in Notes below. Legal Holds Restrict editing rights on selected documents to comply with hold requirements Available for Worksite (on-premise only), eDocs, NetDocs and LegalKEY 4.18 and 4.21. Custom integrations to additional systems are typically possible, if interested please provide name(s) in Notes below. Document-Level Security (Criteria-Based Access) Granular access controls for sensitive information like PHI, PII, HR or Financials Only available for Worksite (on-premise only) Legal Hold security - Worksite 8.x+ (on premise only, hosted is not supported yet) Legal Hold security - eDocs (DM5 5.1-5.3, DM10) Legal Hold security - NetDocuments Legal Hold security - LegalKEY 4.21 Legal Hold security - LegalKEY 4.18 Foundational WallsNote that if an extension is not listed above, Intapp Walls is not able to apply Foundational Walls to that system yet. Foundational - iManage Work (on-premise) - version 8.5, 9.0-9.5, 10 Foundational - Hosted Worksite 9.3, 9.4, 9.5, 10 Foundational - OpenText eDocs - version DM5, DM10, DM16.1 Foundational - NetDocuments Foundational - Aderant Expert 7.5.1, 7.5.3, 8.0, 8.0.1 Foundational - Intapp Time Foundational - File Shares Foundational - LegalKEY (custom integration) Foundational - Generic Extension Notes Security ExtensionsDocument Management System NetDocuments Hosted iManage - versions 9.3, 9.4, 9.5, 10 Worksite on premise (iManage / Interwoven) - versions 8.5, 9.0-9.5, Work 10 OpenText eDocs - versions DM5, DM10, DM16.1 ProLaw Multiple NetDocuments Regions?Intapp Walls does not support securing multiple regions simultaneously yet. If the firm has multiple regions, Inflection IT has built a workaround which requires implementing 2 Intapp Walls instances. Implement 2 Intapp Walls instances Multiple NetDocuments Regions?Intapp Walls does not support securing multiple regions simultaneously yet. If the firm has multiple regions, Inflection IT has built a workaround which requires implementing 2 Intapp Walls instances.Only a single NetDocuments region needs to be securedImplement 2 Intapp Walls instancesLet's discussNetDocuments Extension Limitations Non-sequential Execution of API Methods – NetDocuments API methods run asynchronously, and the execution order of these methods are not ensured. This means that if operations are performed quickly in Intapp Walls, the resulting security changes being performed via the NetDocuments API may run in the wrong order. The full repair process will later correct any problems or the wrong security that might occur. However, it still might be preferable to make sure that the security operations related to one Intapp Walls operation are complete prior to beginning the next operation. Client/Matter Lookup – NetDocuments API does not support the exact lookup of a client or matter. Rather, the API only supports retrieving a client or matter that starts with a given ID value. To address this, Intapp Walls filters the results returned from the lookup to find a client or matter that is an exact match. However, the API method can only return a maximum of 500 results. This means that security may not be applied for clients and matters with IDs located at the beginning of over 500 other client or matter IDs. For example, if Intapp Walls applies security for client "1" and there are over 500 other clients also starting with "1" (e.g., "1000", "1001", ... "1999"), then security may not be applied for client "1" in NetDocuments. Note: For matters, this problem only occurs for matters with the same client. MassACL Call – Intapp Walls uses a mass call to adjust permissions for content matching a search criteria (client and matter). NetDocuments has a limitation that this MassACL adjusts no more than 10,000 items. To minimize the impact of this limitation Intapp Walls performs these security changes at the matter level. However, should a single secured matter contain more than 10,000 items there is no guarantee which items will have the ACL adjusted. NetDocuments has removed this limitation to allow this call to be unlimited in the 16.3 (September 2016) release. Please consult latest NetDocuments REST API documentation for current documented limitations and method details. Group Cache – In order to improve performance of the NetDocuments security actions, the Intapp Walls application creates a group cache of the security groups and GUID values. This cache is named for the repository and is stored at: C:\Users\\AppData\Roaming\Intapp . The NetDocuments API call used to retrieve all groups within a Repository has an undocumented limitation of 10,000 with the NetDocuments 16.3 release. Customers on versions of Intapp Walls prior to 6.2.6 with >10,000 total groups in the repository should be aware of this limitation. The 6.2.6 release of Walls introduced a temporary workaround for this behavior to prevent security change issues for groups not returned within 10,000. This workaround has the potential to leave unused, obsolete security groups within the repository, should the customer environment exceed this group limitation. As of 6.3, the group retrieval has been paginated to eliminate this limitation. Unknown Group – When groups are deleted from a repository but still exist on an individual ACL for a document, this can lead to an unknown group displaying on an object. These typically are internally resolved by NetDocuments within 30 minutes, but may require NetDocuments support involvement. During execution of the incremental repair, presence of this Unknown groups will cause ACL modifications for exclusionary and contractor type policies to fail. Intapp Walls has introduced a warning to denote these cases. Security Processing Delays – Certain REST calls are processed according to a queue within NetDocuments. Based on performance testing tracing call completion, large policy (3000 clients with 2000 users) enable and disable actions have been observed to take an excess of 48 hours. Network Optimizer-caused Issues – Presence of network optimization software, such as Riverbed Steelhead, can cause issues for on-premise software communicating with NetDocuments servers. This can be manifested as random errors returned by the REST API. The network optimization software needs to be either disabled in such cases or configured to bypass the endpoints involved in this interaction. Hosted Worksite Extension Limitations The following limitations apply to the Hosted extension, as compared with the on-premise version: Interwoven::ContractorGroupsOnPrivateObjects does not work; both private and public documents are secured, regardless of the option’s value. Client-only profiled documents (i.e., no matter on profile) will not get their security updated by Walls. Documents in a workspace profiled to a different matter than the workspace itself will get the workspace security. Records Management Systems Interwoven Records Manager (iManage Govern / WSRM / iRM) Elite Records Autonomy Records Manager (ARM / FileSurf) LegalKEY 4.19 or newer (requires OpenText Core Services Layer API) LegalKEY 4.18 or older Accutrac Records Financial and Time Entry Systems Intapp Time - Time Core (formerly DTE Axiom) Intapp Time - Time Capture (formerly Time Builder) Elite 3E - Matter Working Timekeeper (rejects timecards for blocked timekeepers) Elite 3E - Ethical Walls and Confidentiality (secures the user level which typically requires Data Level Security to be enabled and additional security configurations within 3E) Elite Enterprise (Webview) - versions 3.8, 3.9. 3.10 Aderant Expert (CMS) - versions 7.5.1, 7.5.3, 8.0, 8.0.1 Carpe Diem - versions Classic, 2014, NG TimeKM Intapp Time - Time Core Extension Limitation The Time Core (DTE Axiom) client has limitations on the total number of rows within the Validation table with performance on start up. These performance impacts can occur with as few rows as 2 million. Please ensure this limitation is discussed and policies are optimized to minimize security rows.Limitation - CMS Conflicts Model ExceptionThere may be performance issues if there are a lot of instances of overlapping client level and matter level inclusionary walls. The workaround is limited to affected clients have no more than 5000 matters. Implement workaround? (requires extra integration to create Dynamic Groups) Other Intapp Walls Generic Extension (used for custom integrations and securing custom systems) Intapp Open - Intake - version 3.3+ Intapp Open - Conflicts - version 3.3+ BizTalk InterAction Matters Module Matter Center Recommind Decisiv 3.6-3.9 Decisiv Extension Limitations Inclusionary Security – The Decisiv extension does not support exclusionary security. Any users that are denied access to a client or matter (via an exclusionary wall) will not be explicitly excluded from client/matter information on the Decisiv server. However, any overriding exclusionary walls (e.g., Client Inclusion + Matter Exclusion) will prevent users from obtaining explicit access to client/matter information on the Decisiv server. Domain Issues – Decisiv Server and Decisiv client software works within a single domain. While the Decisiv extension currently functions in a cross-domain environment, this may not always be possible or practical. To prevent future issues, it is recommended that the Decisiv Extension be installed on the same domain as the Decisiv Server. Performance – The Decisiv extension secures client/matter projects through use of the highly inefficient Decisiv XML API. Depending on server performance and the amount of security information, it is possible that the security of each client or matter project can take many seconds. Certain operations, such as Self Maintaining or enabling multiple walls simultaneously, may take much longer than in other extensions. Project References – Decisiv uses an identifier (called “reference ID”) to attach a unique value to every object within the Decisiv taxonomy. The Decisiv extension uses this value to secure the appropriate client/matter objects. As a result, it is imperative that any client IDs within Intapp Walls match reference IDs of client projects within Decisiv (e.g., 10005). In a similar fashion, all matter IDs within Intapp Walls must match the properly formatted reference IDs (including the client/matter separator character) of matter projects within Decisiv (e.g., 10005-0001). As such, the creation of new client/matter projects should only be performed by someone who is familiar with Intapp Walls and understands this requirement. Additionally, the Decisiv extension requires that the client/matter separator character (see ClientMatterSeparatorChar in the Intapp Walls Administration Guide) contains a valid delimiting character. Client Folder Security – Since folder-level security is not supported in Decisiv, it is not possible for the Decisiv extension to secure folders directly; only projects may be secured. If the client IDs within Intapp Walls correspond to Decisiv folders, then it is not possible for the Decisiv extension to secure client information. To address this limitation, the Decisiv::OnlySecureMatters configuration flag has been created. This flag specifies whether the extension service should only secure matters in the Decisiv extension. This should only be enabled if clients are represented with a folder (instead of a project) in the Decisiv taxonomy. All matter projects will continue to be secured, regardless of this flag’s value. See the Intapp Walls Administration Guide for additional information. To avoid this limitation, it is recommended that client information within Decisiv be organized using projects instead of folders, where possible. Intapp Walls Generic Extension - Use CasePlease describe your use case for the Generic Extension. If securing a custom system, please describe the security model of the custom system to be secured. 1) How is content tagged to a client or matter? 2) How would an administrator apply security manually if a matter needed to be made private to only a group of users? 3) How would an administrator apply security manually if a single user needed to be denied access to a matter? 4) Will Inflection IT write this integration or will your firm develop it after being trained on how to integrate with the Generic Extension?File Shares (secure Windows DFS) File Share Extension File Share Extension Details Secures by creating Active Directory groups. There are known limitations including 1) Active Directory "token bloat" can cause users to be locked out if an individual user in 1000+ groups. Users in too many groups can be configured to be added as an individual instead, but this has a negative performance impact 2) A single folder can not have more than 1800 users. Performance Note: Large firms with many walls have experienced full repair run times of up to 3 weeks. Additional File Share Extension Resources Intapp Walls - File Share Extension Options (PDF)SharePoint SharePoint Extension - version 2010, 2013, 2016 SharePoint Online Intapp Walls - SharePoint Extension Options (PDF)Extension VersionsPlease list the current versions of all the selected extensions and any planned upgrades or migrations.NotesAny additional scoping notes.What would define the ideal, successful project for you? This iframe contains the logic required to handle Ajax powered Gravity Forms.
