ISACA Lays Out Steps to Successful eDiscovery

The Information Systems Audit and Control Association recently named regulatory compliance assessment and employee training as two key components of any enterprise eDiscovery deployment.

The organization’s report included six steps for companies to consider. Aside from compliance analysis and training, the ISACA said companies must find a proper balance between of “policy, process and technology” to avoid potential bottlenecks in this process. Developing a protocol that works best with a specific company is crucial as well. Various organizations have defined best practices, but fine-tuning the approach to work best for a specific company will make the transition and process easier.

As is the case with any information archiving, retention and retrieval process, implementing reliable email archiving and data security standards is vitally important. Virtually any piece of information could be named in an eDiscovery request, so these security, archiving and management solutions help ensure the information is available whenever a company needs it.

The report’s authors said the implementation of a reliable and customized eDiscovery process, which includes the use of an eDiscovery solution, helps organizations mitigate risk. Failure to comply with eDiscovery requests often results in fines and other sanctions for a company. Even if the data was lost due to a computer malfunction or employee error, courts and other regulatory authorities will still levy some form of monetary punishment for noncompliance. Obstruction of justice charges could even be part of the punishment.

In the past, companies relied solely on their IT or legal departments for evidence discovery. However, the automation of the process has made every employee critical to the success of discovery. At the base levels, employees must understand how to archive emails and other correspondence, such as social media and instant messaging, properly. From there, IT workers analyze data stores to ensure a solution and the process flow seamlessly. Finally, legal workers must inspect information to be certain the documents and other files archived are in compliance with regulations.

Many organizations now view eDiscovery and its corresponding data management solutions as value-adding assets for any organization. Once the technology and process are fully implemented, companies often find decreased costs relating to data storage and any legal processes.

“Finally, an effective eDiscovery program could assist in controlling cost and mitigating risk by eliminating a ‘keep everything’ mentality that sometimes exists when an enterprise is unclear about the type of information to retain, how
long to store it and what information is likely to be requested in the event of a government inquiry, regulatory action or civil lawsuit,” the report states.

The advent of SaaS-based eDiscovery solutions has also made the technology available to more companies than ever before. Especially during the recent recession, new IT investments were put off by companies of all sizes. Now, as organizations have more capital to invest and the cost of eDiscovery has come down, more are able to realize the benefits.

A representative from an eDiscovery vendor reported earlier this year that cloud computing, in general, has made eDiscovery a better overall process. Vendors handle everything for upgrades to scaling, so IT workers can dedicate this time elsewhere.

One element of modern eDiscovery deployments that can be challenging for some companies is integration. This is especially true for organizations using cloud solutions. Ensuring email archiving and other storage solutions work well with eDiscovery software will make life easier for all parties. The use of middleware to connect SaaS solutions has been found to improve this process.