Technology and Practice
Design firms readily accepted CADD systems because they provided faster and more efficient ways to execute traditional design tasks. With the advent of email, firms welcomed the ability to communicate instantaneously. But the transfer and reuse of design documents and the informality of email can pose great risks to design firms. Now project websites can provide collaboration, communication, and documentation opportunities that can add efficiency and protection to design firm efforts.
Technology—and the accelerating pace of communications—are resulting in a redefinition of the roles and risks of all participants in the design and construction process. This fact is amplified when considering a “virtual” practice where the single office mentality is turned on its head, and the ability to “practice locally” while being “virtual”, is very important.
In most cases, project websites and other cloud-based solutions offer new levels of collaboration, layers of access to communication and documentation, and records management. However, all technology comes with some risk and consideration of the platform that works best for your firm should be the strongest consideration. Most project extranets using commercial application service providers offer users the opportunity to manage projects more efficiently, streamline communications, increase accountability, and create a permanent record of information, decisions, approvals, and conditions. Caution must be taken, however, to find the right solution for your practice and/or specific project.
While technology is forcing a profound change in how design professionals practice, this redefinition of the industry is not reflected in the base contract documents, primarily B101 and A201. Although the use of such technology may not appear to alter the professional services relationship, it is important to remember that project extranets are more than mere tools for carrying out traditional duties and routine functions. They should be recognized as establishing legal relationships that may differ from the traditional positions and they should accommodate collaborative project delivery responsibilities.
Although internet-based design and management systems do not, by themselves, create a new paradigm for the design, construction, labor supply, material procurement, and operation of facilities, it is clear that they will modify the roles of all construction participants along with the project delivery, contracting, and legal relationships.
Considering a Project Extranet?
Internet-based project management systems vary in sophistication and intent. Design professionals considering a virtual practice should evaluate and consider the following:
- What is the focus and intent of the project extranet?
- Is it meant to share documents, to perform administrative functions, or to serve as an integrated e-business site for contractors?
- Who owns the site and what is the commercial viability of the owner? Will the site remain in existence during the entire project?
- Who controls site security and maintains acceptable layered access protocols?
- How will site documents and data be authenticated and maintained?
- How will the project records be archived upon project completion?
- Who can access the inactive site or obtain a copy of the project records?
- Can the site be “rebuilt” for future dispute resolution purposes?
Addressing Technology Exposures When Employees Depart
Over time, virtual practice firms will have employees leave and the transition process may not be optimal unless the firm properly handles the technology exposures caused by a departing employee. Indeed, this also applies to contractors who are accessing the firm’s extranet and other file-sharing tools. A firm should have an employment manual with technology policies and management procedures to cover any employee or contractor departure. Technology transition policies and procedures should be established based on firm specifics and its use of technology. Due to the proliferation of portable devices, firms need to take care whenever someone departs for any reason.
Taking precautionary steps before employees leave the company, either voluntarily or involuntarily, is basic risk management. A primary reason is to prevent incidents of deliberate sabotage to company data, such as the destruction, alteration, or theft of proprietary information by the former employee. Firms should also make a best practice of following key steps to ensure company information is safeguarded even from well-intentioned employees who leave for better opportunities and who do not understand the confidential nature of firm, client, and project information. Key steps include:
Act quickly on restricting or limiting internet access. Even when you trust the departing employee, lax security practices can expose your entire network. A good first step is eliminating the existing user account and creating a temporary account with limited access to necessary resources and actions. Require company-issued smartphones and other devices to be turned in immediately. Taking a longer time to secure this step could become a costly mistake if the employee accesses the company’s information remotely. Due to the prevalence of password sharing, it may also make sense to force a company-wide password change on a regular interval, including the day access is revoked from an employee.
Make a determination about whether an email account can be retained. In some cases, an email account might remain open with supervision, or emails could be redirected to an account where they can be held and screened. Care must be taken as to what documents can be copied or downloaded. Although employees departing of their own volition have usually downloaded everything they want before announcing their departure, an effort should be made to ensure other information is not being sent inappropriately.
Keep a list of all hardware, software, and services the departing person uses. It is especially important to find out what templates, documents, and other files have been copied, forwarded, or downloaded, especially when a departing employee goes to a competitor. With information stored in a variety of security levels and locations across the network, access rights are numerous. It is advisable for a company to maintain a document that lists each employee’s access to the company’s information systems so they can then disable all access rights, limiting the chance of leaving open a forgotten avenue of access. Having a manager make sure that all access rights are disabled with a checklist that must be signed for confirmation is another measure to take to guarantee safekeeping of proprietary information.
Conduct an exit interview. If your firm did not have employees sign a non-compete or non-disclosure agreement in the initial employment stages, it should conduct exit interviews to remind employees that company information is confidential and should not be revealed to an outsider. This practice should be facilitated by a company policy already in place about the prohibition of disclosing company information to outsiders.
Pursue an investigation when an employee is suspected of illegal or unlawful activities. When an employee who has left the company is suspected of stealing company data, deleting files, or sharing information with outsiders, preserve the employee’s computer. Activities that occurred on the computer can be traced, but the chances of finding evidence are limited by continued usage of the computer. Companies can hire computer forensics experts to discover evidence that could prove that the employee did indeed perform illegal or unlawful activities.