Document Management Checklist

Confirm the intake template captures every field the conflicts search needs — full legal names of client and related entities, opposing parties, key witnesses, and matter type. Lawmatics, Clio Grow, and Lead Docket all expose template editors; pick the one tied to your PMS so leads convert without re-keying.

Verify the form pulls every party the firm needs to screen under Rule 1.7 and 1.9 — current client, adverse party, related entities, witnesses, and any prior-firm representations for laterals. A blank witness field is the most common reason a conflict surfaces months into the matter.

Maintain separate templates for hourly, flat fee, contingency, and hybrid arrangements. Each must address scope, billing cadence, dispute resolution, and (for contingency) the gross/net calculation. Scope-creep language is the #1 thing junior attorneys forget to negotiate.

Confirm the retainer template specifies IOLTA deposit, evergreen replenishment threshold, and the funds-clearing waiting period before disbursement. Per Rule 1.15, no draw against unfunded retainer.

Used for joint representation, conflict waivers under Rule 1.7(b), and limited-scope engagements. The template must spell out the specific risks the client is consenting to — generic boilerplate has been rejected by disciplinary counsel.

Keep mutual and one-way variants. Used for prospective client consultations (to preserve confidentiality before engagement), expert witnesses, contract attorneys, and vendors with access to client data.

Compare NetDocuments, iManage, Worldox, and the document modules built into Clio, MyCase, or Smokeball against firm size and practice areas. Litigation-heavy firms typically need version control and email filing; transactional firms prioritize redline workflow and data rooms.

Standard buckets per matter: Pleadings, Discovery, Correspondence, Research, Client Documents, Billing, Trust, Closing. Litigation matters add a Depositions and Exhibits folder; transactional matters add Drafts, Signed, and Closing Set. Inconsistent taxonomies are why files go missing on attorney departures.

Tie the matter number to the billing matter in your PMS so DMS folders, time entries, and trust ledgers stay aligned. Common pattern: client-id.matter-id (e.g., 10234.0007). Sub-matters use a third segment.

Critical for transactional matters where a redline can pass through five hands in a day. Confirm the DMS keeps the full version history (not just the last ten) and surfaces the prior version on demand for clawback or production disputes.

State bar minimums commonly run 5–7 years post-close, with trust account records often 7+. Estate planning, real estate, and minors' matters typically run longer. Document the retention period per matter type and the destruction approval workflow.

At minimum: partner, associate, paralegal, legal assistant, billing, IT admin. Sensitive matters (family, criminal, internal investigations) need a separate ethical-wall group with explicit attorney-by-attorney membership.

Required for lateral hires under Rule 1.10 and any matter with intra-firm conflict waiver. The wall must block search results and folder visibility, not just open access. Have screened attorneys sign a wall acknowledgment.

Log in as a screened attorney and verify the walled matter does not appear in search, recent files, or folder browse. Document the test result for the conflicts file — disciplinary counsel will ask for proof the wall actually worked, not just that it was configured.

Every open, edit, download, and share event should write to an immutable log retained at least one year. NetDocuments, iManage, and Clio expose this; verify the log includes user, timestamp, IP, and action — IP is what tells you whether a download came from inside the office or a hotel network.

Firm administrator pulls the access report every 90 days, flags departures and role changes, and confirms terminated users are fully deprovisioned. This catches the contract attorney whose access was never revoked after the engagement ended.

Required under Model Rule 1.6(c)'s reasonable-safeguards standard and most state data breach laws. Confirm AES-256 at rest and TLS 1.2+ in transit. If the firm uses cloud DMS, the vendor's SOC 2 Type II report is the evidence to retain.

SMS-only MFA is no longer acceptable for sensitive matter access — push or hardware token. The DMS, email, and PMS must all enforce. Many state bars now treat MFA as part of the Rule 1.6(c) reasonable-safeguards floor.

3-2-1 rule: three copies, two media, one offsite. Test restores quarterly — backups that have never been restored frequently fail when needed. Retention of backups must align with the records retention schedule, not exceed it (or destruction obligations are violated).

State data breach laws (all 50) prescribe notification timing — often 30–60 days from discovery. Map the workflow: who declares, who notifies clients, who notifies state bar, who notifies attorney general. The plan needs to exist before the breach, not after.

Email attachments to clients are a confidentiality risk — use the PMS portal (Clio Connect, MyCase, NetDocuments ndShare) with link expiry and recipient authentication. Confirm the portal logs deliveries and downloads for the matter file.

No outbound document — pleading, contract, opinion letter — leaves the firm without responsible-attorney sign-off. For productions and pre-bills, require a second-attorney privilege or accuracy review before release.

DocuSign, Adobe Sign, or the PMS-native e-sign module. Confirm the signed PDF, audit certificate, and field-level timestamps file back to the matter folder automatically — manual save-back is where signed engagement letters get lost.

Engagement letters, conflict waivers, and settlement releases that sit unsigned for more than seven days need a chase. Build the report from your e-sign platform's open-envelopes API or the PMS task list.

When the operative draft of a closing document or settlement agreement is replaced, every recipient on prior versions needs a notice with the new version number. Stale-version sign-off is a recurring transactional malpractice scenario.

Managing partner and firm administrator review the configured system end to end and sign off. Capture the sign-off, any open punch-list items, and the next review date.