Thursday, July 23, 2009

Questions to Ask Prospective eDiscovery Vendors

When it comes to implementing an eDiscovery product or service, it is extremely important to know what you exactly need. In the eDiscovery realm, customer needs are extremely diverse. Some organizations need a full-service provider to put together soup-to-nuts eDiscovery process support while others need only forensic collection support.

The diversity of requirements and various product offerings makes it difficult to select the perfect eDiscovery vendor. In addition, as the main drivers behind implementing eDiscovery systems and procedures are compliance, litigation readiness, and fine/sanction avoidance (and vendors are well aware of this fact), it is often difficult for an organization that is in the early stages of developing its eDiscovery capabilities to distill the fear-mongering messaging of certain vendors down to what services those vendors actually provide and, most importantly, whether those services are a fit. Please find below a glimpse of a few key questions to be asked of potential vendors.

You will want to break down the questions in the following categories: collection, processing, review, production and pricing models and specific pricing for both implementation and per eDiscovery process that you run. The first four categories are major parts of of eDiscovery process and vendors often specialize in one or two of those activities.

Questions About Collection:

  • How is paper-based information brought into the eDiscovery process?
  • What methods of electronic collection exist (e.g., remote agent desktop collection, disk imaging)?
  • What methods are used to initiate a defensible chain of custody and secure access?
  • How quickly can tapes be restored? What is the cost of tape restoration? Is this a native capability or provided by partners?
  • What methods are used to identify/fingerprint documents?
  • How is chain of custody preserved and spoliation avoided?
  • Where and how is metadata managed and preserved?

Questions About Processing:

  • What culling methods exist?
  • Can culling happen at the point of collection?
  • How is data extracted from different types of media?
  • Are attachments extracted from emails and processed as separate documents? If so, how are they associated with the original email message?
  • Does the product/service support both static and dynamic encryption?
  • Are documents converted to a standard type for review? If so, what type and if there is additional cost?
  • How is deduplication performed (e.g. within custodians, across custodians)?
  • What is the average indexing speed?
  • What methodology is used for metadata management?

Questions About Review:

  • For native file reviews, are native applications required?
  • Does the review application have workflow support?
  • What kind of statistics are provided to manage the workflow?
  • What type of access rights are enabled (e.g. by function or by data)?
  • How are documents indexed and categorized?
  • Are double-byte characters indexed?
  • How is "concept" searching defined and enabled?
  • How is value-add metadata managed?
  • What security protocols are used?
  • How is redaction enabled?
  • How many simultaneous reviewers can the system support?
  • What is the average document to document speed?

Questions About Production:

  • What output options are available (e.g., native, TIFF, PDF, load files)?
  • What is the average turnaround time for exporting data?
  • How does the product support Bates numbering?
  • What fonts are supported?
  • How is output to multiple languages handled?
  • Are there any partners for production services?

Questions About Pricing Models:

  • What software pricing models are available (per user, per CPU, etc.)?
  • Are there recurring charges for installed software (other than typical maintenance fees)?
  • Is there an ASP offering? If so, how is it priced?
  • How is data processing charged (e.g. per GB)?
  • Are there different pricing models for load files to different review applications?
  • What is included in management consulting (e.g., strategic guidance, computer forensics, technology consulting)?

Hope this is useful for all who are trying to move forward with eDiscovery solutions.

Sunday, July 19, 2009

How to Drive Information Management Adoption


'Information Management' is a problem identified by many and you would think that IM adoption should be easy, but every organization I have consulted with suffers from an Information Management adoption problem.


All too often, IT-driven product evaluations focus on how well a tool supports managing, finding & retaining documents, leaving project teams in many enterprises surprised at how quickly users abandon what IT believes to be a superior Document Management/Records Management product. Here are some of the key lessons I have learned:

  • What worked for one department doesn't/won't necessarily work for another - Focus on the business processes of a department and what they do on a day to day basis instead of taking a massive cookie cutter approach.

  • Mandate from the 'Boss' negatively affecting users - Today's increasing focus on compliance and risk mitigation forces many enterprises to lock down and better manage documents located on the notorious shared drive. Properly mandating without change management is not going to cut it. Almost all effort is spent on rolling out the system and very little on Change Management, whereas my personal approach is to focus around 70-80% on Change Management.

  • Poor usability plagues many IM initiatives - If the IM system does not integrate well with the most commonly used tools, then it can be a nightmare. Be very careful when selection a vendor/tool.

  • Making everyone a Information Manager - When onboarding a group into an Information Management system, build solutions that reflect their business process and do not bog users down with useless classifications, categories or making them select individual documents and declaring them as records. Leave the job of RM with the records managers and focus instead on creating an information architecture for the particular user group that works for them.

Finally, all IM needs are not the same and make sure you gather requirements and answer key questions for each constituency. Rapid deployment of technology is the easy part, but deriving business value out of the deployment is the difficult part.