Customer lockbox

Note: When the Customer lockbox feature is enabled , Relativity system admins must also belong to a group within a workspace in addition to the System Administrators group to access and administer security within that workspace. Refer to Support if you need more information on this feature.

This page contains the following information:

Customer lockbox overview

The customer lockbox feature in RelativityOne prevents Relativity support or operations teams from seeing customer data even when granted administrative privileges necessary to provide responsive, high-touch support. When this feature is enabled (default), the customer lockbox prevents any system administrator (Relativity teams included) from seeing workspace data unless explicitly granted access.

Consider the following:

  • Lockbox is enabled by default.
  • System administrators must also belong to a group within a workspace to access that workspace or to administer security within that workspace.
  • With this feature enabled, members of Relativity's Customer Support team will not be able to access customer workspaces. If troubleshooting an issue requires workspace access, the customer will be prompted to add the Relativity Support technician to a workspace group in order to troubleshoot issues within that workspace.
  • You will see Relativity Support team users on the security permissions page (along with their specific permissions) unless you lock us out.

Note: Since Relativity will not change customer data, you will have access to report scripts via the Relativity Script Library as a measure of data security protection. We urge you to periodically run the Lockbox Report script and remove any groups we have access to as needed. You also can view an audit history of the instance setting that enables and disables Customer Lockbox feature via the Lockbox Bypass Report script.

Note: Customer Lockbox is not a full lock-out feature. System administrators can grant themselves access to these workspaces but this action is audited.

Refer to Support if you need more information on this feature.

Lockbox reports

Relativity provides you the following scripts that report on Customer lockbox use:

  • Lockbox Bypass report - provides an audit history of modifications made to the EnableCustomerLockbox instance setting (i.e., the change, who made the change, and when it occurred).
  • Lockbox report - provides a list of any workspaces to which an employee of Relativity ODA LLC has current access and the name of the group to which the user is linked. It does not include actual users’ names.
  • Note: This report includes references to the Maintenance workspaces (“[DO NOT ACCESS]…”) to which Relativity maintains access. This script is focused on auditing of “Relativity ODA LLC” employees, but customers can also create a similar custom scripts for your own employees if you wished to do so.

Lockbox security notifications

Relativity system admins can be added to the Security Notifications group in a given RelativityOne instance in order to receive notifications every time that:

  • Relativity staff are granted access to a customer workspace when Lockbox is enabled.
  • Lockbox is disabled via the EnableCustomerLockbox instance setting.
  • A user is added or removed from the Security Notifications group (only the person who was added or removed from the Security Notifications group will receive the email, other group members will not be notified).

    Note: If the Security Notifications group is deleted, you may re-add this group.

  • Adding a workspace to a group with Relativity Support. If any person with a Relativity email address in a group with associated workspaces, the Relativity email address will receive notfications of any user being added to or removed from the group.

Any time that any of the above conditions are met, users in this Security Notifications group are sent an email notification. When a user is added or removed from the Security Notifications group, the notification email includes a link to Security Center where  Relativity workspace access can be revoked, if needed.