The majority of legal technology vendors offer their products and services under what is known as an "ASP Model." ASP stands for "Application Services Provider" and it means that they can only offer their technology products and services via the Internet under a shared services model. This means that all of their clients use the same set of application code and the same set of underlying databases - in other words, every client uses the same system and all of their data is stored in the same database. In the early part of this decade, the ASP delivery model made a great deal of sense over a traditional in-house legal technology solution installation.

Today, the ASP model solution can still represent a viable legal technology deployment solution - but the world (and technology) has changed dramatically and the ASP model poses several significant Sarbanes-Oxley and HIPAA security and audit compliance risks. Fortune 500 corporations and insurance carriers must be aware of this before engaging and trusting their confidential legal financial data and privileged matter and/or claims data to an outsourced legal technology solutions provider that uses the ASP model.

The History of the ASP Model

Legal technology companies adopted the ASP model largely in response to two major factors. The first is that legal e-invoicing enjoyed the first wave of widespread adoption among the Fortune 500 just after the corporate world had finished spending billions on Year 2000 remediation efforts. Corporate technology budgets were completely depleted and the last thing corporate legal departments and insurance carriers wanted to hear was that they would need to engage their own IT resources in a large scale and costly technology deployment to support legal e-invoicing.

In response, legal technology vendors introduced the ASP model with the notion that the corporations would simply need to pay for an outsourced service. The ASP provider would take care all of the traditional back end implementation, deployment and technology support issues. This was a very attractive proposition for corporate legal, IT and procurement executives at the time.

The ASP model served these legal service providers very well as the majority of them were small privately held Internet startup companies. By offering their software via the Internet and deploying all of their clients in a single application and database, they could dramatically reduce their operational costs. Instead of deploying and paying for expensive dedicated servers for each of their clients, these legal technology providers could provide their software under the ASP model by using one server, a single set of application code and one database. It kept their implementation costs reasonable and allowed them to make substantial profit margins in subsequent years as they often charged the same rate the charged during their implementation year as they did in following years.

This ASP model worked well for all parties, but the same aspects which made this ASP deployment model from 2000-2004 would create serious security and audit compliance problems once Sarbanes-Oxley, HIPAA and other data and personal privacy protection legislation were enacted.

Have other questions? Want to learn more? Why not get in touch.