Controlling access to legal records

Frequent Contributor.

Controlling access to legal records

I'm creating access control groups in HPRM for a legal team. Most records will be restricted by an Access Control Group that only includes members of the legal team. Containers will be created bassed on the legal matter. Other access groups would include executives and slect staff from various departments.

I'm proposing to make all legal folders accessible by the Legal team. Then add other access groups as required and then add individual positions as required. But I want to implement a simple system that isn't onerous to manage.

Would someone suggest how I can design an access control system that allows a legal team to communicate information to the right people without creating complexity where it can be avoided? 

Outstanding Contributor.

Re: Controlling access to legal records

Access control is best implemented as a part the business process and practices,  if you can shed some more light on the process (Type of Executives and Other Staff you mentioned) and when these Executives & Staff requirng access , action they suppose to do on the information etc e.g Reviewing only, or writing , Case filing etc. It also depends if you have external Barristers working in the cases and provide consultation etc.  Those may be external and contribute to the case information etc. 

In summary, the approach you defined is also valid and good enough for Access control implementation, the only thing you may consider is not to assign each individual to the folder and consider creating a Case based Location (I would personally stay away from Caveats) group and add people  in that Case group then assign the access to the Casegroup which is assigned to the Folder. (This is just a thought without too much of details, Access Control is a broad topic with plenty of options to implement)