Tuesday, October 13, 2009

Roadmap to E-Discovery

So how can you meet compliance for all the global regulations and rules that affect your business while remaining competitive in the marketplace? Management commitment to compliance while reducing change is essential to beginning this journey. Once you have management commitment, you cannot turn back or relax your vigilance. The journey is ongoing and requires flexibility to maintain your program in a continually changing environment.

There are three key components that make up an effective e-discovery and compliance program:
1. Governance
2. Process
3. Technology

Step 1: Governance for Compliance and Policy Management

The first step in developing a sustainable program is to mitigate the inherent discovery risks for your electronically stored information by adopting an enterprise governance package. A governance package sets organizational standards, processes and compliance rules for streamlining document-handling activities, providing ease of reference and reducing the amount
of information you need to manage. A document and records governance package can consist of anynum ber of policies and procedures, based on your organizational culture, external risks, infrastructure complexity and compliance impact.

A governance package can also supply technology domain rules to help your IT department manage your program. These policies and procedures or business rules can affect all of your organizational staff, including external contractors, or they may affect specific functions. At the core some of the rules are Records Management policy or standard, Electronic Messaging policy or standard, enterprise retention schedule, document handling procedures, inactive media and archival standards, Litigation hold order and so on.

Step 2: Process for Knowing your Information Universe


The second step of the e-discovery journey—process— is the most challenging and resource intensive. Understanding how information is processed throughout its lifecycle is essential. Process also means change, especially as it relates to electronically stored information.
If you do not have individual, departmental or functional standards for describing how electronic
documents and e-mail are to be indexed, retained or disposed, any imposed standards can change how you process information.

Implementing information lifecycle standards must account for the functional needs of your organization. But when data can be stored on PC or laptop hard drives, external drives, thumb (universal serial bus or USB) drives, or CDs and DVDs—as well as on servers, external Websites, share drives and backup devices, how can you disclose all of the locations where you
keep electronically stored information? Only by conducting surveys and interviewing users by department or function can you create a realistic picture of your complex enterprise. Only after you capture storage protocols and understand how information is currently cataloged or indexed can you begin to break down the silo effect of storing information. This begins the
process of developing classification standards and local procedures that link with your overall
governance package.

Some key things to think here are Chain of custody and avoiding spoliation, Authenticity, Metadata and "Meet & Confer" standards.

Step 3: Technology to bring it all together

The increasing demand for e-discovery with the exponential increase in electronic information
demands that every organization should be prepared. You should not have to react when litigation arises. You need to man age your information proactively as a core asset, not only to reduce the risk of e-discovery but to increase the productivity of your day-to-day operations. In order to implement a governance package and processes, you need to implement technology to help you manage your information as an asset across your enterprise. The magnitude of
the problem, the volume and wide distribution of information and the implication of not taking proactive measures indicate that managing your information is now mandatory. Organizations around the globe are looking at document and records management solutions with rigorous and unified records management to support their e-discovery preparedness and operational productivity.

Whether information is in a paper document, an elec tronic document or a record, it is discoverable. There fore, you need to capture information upon creation and manage it through its lifecycle to disposition. You need to apply retention management regardless of whether a document is a record, and you need an easy-to-use process for your end users, one that does not require them to know how to use your retention rules. When looking for a document and records man agement system, make sure that all electronically stored information is treated consistently
across your organi zation, that it is easily captured, that it is categorized for easy finding over large volumes and time, that retention policies are applied by default, and that liti ga tion holds are easily applied and managed. Successful document and records management solutions provide value to both end users and your organization while helping you prepare
for e-discovery.

Technology can support your preparedness for e-discovery through some of the following:

• Lifecycle management of electronic information— capturing information at the point of creation and managing it throughout its lifecycle in line with corporate policies

• The ability to capture information easily from existing, commonly used authoring applications, such as Microsoft word and e-mail

•Capturing electronic metadata from an authoring application and preserving it throughout its lifecycle, supporting authenticity for the information

• Managing information, whether a document or a record, according to your organization’s policies for retention and disposition of information

• The ability to prove chain of custody through extensive audit trails that are preserved with your electronic information

• The ability to preserve electronic evidence, including audit trails and business rules for deletion, with security controls

• The ability to find information easily over long periods of time and from former employees

• The ability to preserve electronically stored information for long periods of time, regardless of the technology in which it was created

• The ability to place litigation holds on all forms of electronically stored and physical information, regardless of its format and how many litigation holds may already be in place, to protect you from spoliation and to support your discovery processes

No comments:

Post a Comment