A partner at a law firm I know — sharp, meticulous, the kind of person who colour-codes her calendar — once told me about the single most embarrassing moment of her professional career.

A long-standing client called. They were in the middle of a dispute with a former supplier and needed the original service agreement from four years ago. The one her firm had drafted. The one that had been executed, countersigned, and filed away in the confident knowledge that it was safe.

It took her team eleven days to find it.

Eleven days. At a law firm. Whose entire business is built on the handling of documents.

She told me this story not with shame, but with the weary recognition of someone who has since fixed the problem. "The document existed," she said. "It had always existed. We just had no reliable way to get it to the person who needed it, at the moment they needed it."

That gap — between a document existing and a document being accessible — is where a surprising amount of corporate risk quietly lives.

The Founder's Blind Spot

Let's start at the top, because that's usually where the problem originates.

Founders and CEOs are, almost by necessity, the gravitational centre of a business. Information flows toward them. Decisions radiate outward from them. And documents — critical ones, the kind that determine what the business owns, what it owes, and what happens if something goes wrong — tend to accumulate around them.

The shareholder agreement. The original articles of incorporation. The employment contracts for the senior team. The licensing agreements. The insurance policies. The lease. The terms under which the two biggest clients signed up, back in the early days when you were willing to make concessions you'd never agree to now.

These documents exist. They were carefully drafted, properly executed, and stored somewhere — in a folder, in a drawer, in the firm's document management system, in the inbox of a lawyer who has since moved firms.

Here's the question worth asking on an otherwise ordinary Tuesday afternoon: if you were suddenly and genuinely unavailable — not on holiday, not in a meeting, but truly unreachable — would your board, your CFO, your successor, or your legal counsel be able to put their hands on these documents without you?

Not eventually. Not after a week of phone calls. Immediately.

For most founders, the honest answer is: probably not. And for most businesses, that's a risk that sits quietly on the balance sheet, unquantified and unaddressed, right up until the moment it becomes extremely expensive.

What "Secure" Actually Means in a Legal Context

Legal and compliance professionals have a more sophisticated relationship with document security than most. You understand encryption. You understand access controls. You understand the difference between a document being stored securely and a document being shared securely.

What you may not have a great solution for is the handover problem.

Here's what that looks like in practice. A client relationship ends — or transitions to a new partner, or the client's own business changes hands. Somewhere in the history of that relationship are documents that remain relevant: executed agreements, signed declarations, compliance certificates, records of due diligence. Documents that the client may need to access not now, but in two years. Or five.

The standard approach is to email them. Or to put them in a shared folder and send a link. And that works, in the sense that the file leaves your hands and arrives somewhere in the client's digital world.

But then what?

The email gets buried. The shared folder link expires, or the account it's tied to gets closed, or the client's IT department runs a migration and something gets lost in the shuffle. The client, years later, needs the document. They call you. You search your own systems. You find your copy — probably. You send it again. And everyone pretends this is a perfectly normal way to manage critical legal documents.

It isn't. It's just normal.

The Business Continuity Question Nobody Wants to Answer

There is a conversation that boards of directors should have, regularly, about business continuity. Most of them don't have it — or they have a version of it that addresses the obvious things (disaster recovery, IT infrastructure, key person insurance) without addressing the document layer underneath.

What is the document layer? It's the answer to questions like:

If our CEO and CFO were both unavailable tomorrow, where are the banking mandates?

If we needed to invoke the force majeure clause in our supplier contracts, where are those contracts, and who has authority to act on them?

If a regulator asked for our compliance documentation from three years ago at forty-eight hours' notice, where would we find it?

If the company were acquired tomorrow, where is the complete record of our intellectual property agreements?

These are not exotic scenarios. They are the kinds of things that happen to businesses — not often, but when they do, the businesses that have thought about them in advance fare considerably better than the ones that haven't.

The answer to all of these questions should be the same: in one place, accessible to the right people, with a clear and auditable process for how that access works.

Not in the outgoing CEO's email. Not on the finance director's laptop. Not split across three different systems that were each introduced by someone who has since left the company.

One place. Clear access. Proper process.

Sharing Sensitive Documents with Clients and Partners

Here's a specific problem that comes up constantly in professional services, financial advisory, and any business that regularly handles sensitive client documentation.

You need to share a document. Not broadcast it — share it. With one specific person, or a small group of specific people, under conditions that you control. You want to know who has accessed it, and when. You want to be able to revoke access if circumstances change. And you want to be confident that in three years, if that document needs to be accessed again, it will actually be there — not buried in an email thread, not on a server that's been decommissioned, not in the inbox of someone who left the firm.

The tools most organisations use for this were not built for this purpose. Email was built for communication. Shared drives were built for collaboration. File-sharing links were built for convenience. None of them were built for the problem of making sure a sensitive document reaches a specific person at a specific moment, under controlled conditions, with a full record of what happened.

Legggacy was.

When you upload a document and nominate a beneficiary — a client, a partner, a board member, a successor — they go through a proper acceptance process. They know they have access. You know they've accepted. There's an audit trail. And critically, the document doesn't depend on an email account remaining active, or a shared folder link still working, or a piece of software that your firm used in 2022 still being available in 2027.

The document is there. The access is controlled. The process is clear. And when the moment comes — and in business, the moment always comes — everything works the way it's supposed to.

256-Bit Encryption, SOC 2 Compliance, and Why That Matters

For the legal and compliance readers in particular: yes, the security credentials matter, and yes, Legggacy has them.

Bank-level 256-bit encryption. SOC 2 compliance. AWS S3 storage with automatic backups and 99.9% uptime. A full activity log so you know exactly who accessed what and when.

This isn't security theatre. It's the level of protection that sensitive legal and commercial documents actually warrant — and that most of the improvised solutions businesses currently use (email attachments, shared drives, USB sticks handed over in meeting rooms) do not come close to providing.

If you'd be uncomfortable with a document ending up in the wrong hands, it deserves to be stored somewhere that takes that seriously.

The Conversation You Should Have Had Last Quarter

Here's the honest version of this blog post, distilled into a single paragraph.

Somewhere in your business — or in your clients' businesses — there are documents that are critical, sensitive, and currently stored in a way that would not survive proper scrutiny. Not because anyone was negligent. Not because the right intentions weren't there. But because the tools most of us use to handle documents were built for other purposes, and we've adapted them as best we can and called it a system.

It isn't a system. It's a workaround. And the difference between the two only becomes apparent when something goes wrong.

The good news is that this is fixable. Not with a six-month implementation project or a significant IT budget. With an afternoon, a clear head, and a tool built specifically for the job.

The partner at the law firm fixed it. Her clients can now access their documents at any time, through a proper process, with a full audit trail. It took her less time to set up than it took her team to find that contract.

She did mention she wished she'd done it about four years earlier.

Find out how Legggacy works for businesses, law firms, and professional services at legggacy.com.

The Contract Is Signed. Now Where Did You Put It?

Stay in the loop