Technology / Generative AI | Skadden, Arps, Slate, Meagher & Flom LLP

Technology Overview

Skadden’s technology environment is designed to support our legal teams in the complex and diverse work they perform for our clients worldwide. Facilitating secure, reliable collaboration, which is available 24 hours a day, 7 days a week, is a cornerstone of our architecture. We have developed a system which allows for highly secure, fully encrypted access to work resources from anywhere in the world where there is access to the internet. This system is built upon a combination of best-of-breed on-premise and cloud-based applications and services.

Our critical work is done using documents and electronic communications. The Firm has deployed OpenText eDOCS for document management. All documents are stored centrally and are available on a need-to-know basis. The robust system allows for legal team collaboration, granular security and complete access auditing. We use Microsoft Exchange for secure communications and document exchange across authenticated devices. Secure message transfer utilizes 256-bit encryption to and from clients when required, but otherwise uses opportunistic TLS. These resources are engineered for seamless collaboration.

Our legal technology platform is designed to leverage both on-premise and cloud-based solutions for handling sensitive client documents and information. While we maintain our own staff and technology resources, we can also leverage your approved vendors for printing, data conversions and eDiscovery review and production. We host a full range of legal technology resources including Lexis-Nexis eDiscovery (Concordance and TextMap transcript repository) and Relativity, and also maintain external vendor relationships and cloud service contracts. We tailor our approach to meet the special requirements of each client and each matter.

We create individualized collaboration resources for unique case requirements including secure extranet environments. These provide a convenient platform for the timely exchange of documents; sites are equipped with security, password authentication and user time-out keys. We use SFTP for secure file transfer.

Skadden’s knowledge management initiatives provide our attorneys with a comprehensive portfolio of readily accessible and highly curated global knowledge resources strategically delivered directly within the attorney workflow to enhance the quality, efficiency, and value of legal services. Our longstanding knowledge management commitment has resulted in superior information-sharing, seamless and consistent global implementation of best practices, and a differentiated delivery of client-focused legal services. Our knowledge systems capture both Skadden and global market experience and legal knowledge, which is made available to our lawyers Firmwide from multiple points of access via ubiquitous technology tools.

Information Security

Skadden prioritizes data protection and recognizes the importance of addressing this matter when representing our clients. By maintaining consistent compliance practices throughout the Firm, we aim to deliver a robust data protection policy that fulfills the data protection goals and objectives shared across our client base.

By centralizing our technology operations and minimizing the number of places where data and servers are housed, we are able to more effectively secure these resources. We utilize sophisticated internal and external monitoring tools to ensure data and network safety, and we subject our resources to rigorous security audits and reviews performed by independent security consultants.

Encryption plays a key role in our security — we encrypt all data at rest and in motion. We also deploy Next-Generation Firewalls (NGFWs) and intrusion detection/prevention systems in all locations, and continuously monitor our resources from a secure network operations center.

The Firm’s application suite is centralized and virtualized, avoiding local storage of client data. This improves not only our information security but also results in faster and more reliable systems.

While security tools are critical, nothing is more important than involving our attorneys and staff in the security process. On an annual basis, all personnel review and sign our security policies, attend mandatory Ethics Training developed and presented by our General Counsel, and complete Security Awareness Training.

Incident Response

While Skadden has robust security measures in place to protect client confidential information, security incidents and data breaches must be prepared for. The Firm has assembled a Security Incident Response Plan (“SIRP”) Team to anticipate and strategically address potential attacks and minimize impact. In the event of a breach of client information in our care, the Firm will notify affected clients, isolate and research the event, recover systems, and patch vulnerabilities to reduce the likelihood of future incidents.

Reliability

Skadden selects as partners the most reliable names in technology — Citrix, Dell/EMC, Microsoft, Cisco, LexisNexis—in constructing and supporting our technological workplace. It is important that our applications and resources seamlessly work together and that Firm technology is able to stay ahead of the curve. We have a seasoned staff of experts working on security and business continuity, as well as a full team of engineers.

Skadden utilizes state-of-the-art data centers to ensure that the physical components of the technological environment receive the most attentive security available. The Firm’s network design utilizes redundant data center architecture, providing the highest industry standards of data protection among law firms. A key factor in this is failover technology, which allows coexisting standby systems to take over operations if there is a failure.

Our Standards

The Skadden team has always held security and confidentiality to the highest standard — they are engineered into every element of our technological environment. We maintain ISO/IEC 27001:2013 certification and our data centers are SOC2 certified. Upon the signing of our Confidentiality Agreement for Client Assessments, a meeting can be scheduled to review documentation related to technology, information security and confidentiality at Skadden.

Generative AI

Committed to a culture of innovation and responsible use of technology, Skadden continuously explores the potential for extractive artificial intelligence (AI) and generative artificial intelligence (generative AI) applications to add efficiencies and optimize client service. Regarding use of generative AI:

Skadden agrees to maintain the confidentiality of all client and Firm data, and provide and maintain an appropriate security and governance framework to manage information security and client confidentiality.
Skadden will not enter any client-related information into any open-source/publicly available generative AI application, including ChatGPT, Bard, Bing, or any other publicly available or non-proprietary application.
Client data will not be provided or used for the purpose of training foundation models or algorithms, and any data input into a generative AI application will be regularly deleted.
Generative AI applications utilized by Skadden:
- Do not use client / Skadden data, documents, inputs or outputs to train large language models or algorithms.
- Do not permit non-Skadden personnel to have access to any client / Skadden data, documents, inputs, or outputs.
- Do not store client / Skadden data, documents, inputs, or outputs beyond the retention period set by Skadden.
- Are thoroughly reviewed by Skadden's security team to ensure compliance with Skadden's security, governance, and architecture standards.
Skadden employs adequate measures to ensure the quality and accuracy of all of the information incorporated directly or indirectly into any work product or deliverable.