Electronic Discovery (eDiscovery) Chad Meyer & John Vyhlidal ConAgra Foods.

Slides:

Advertisements

Similar presentations

Considerations for Records and Information Management Programs in Light of the Pension Committee and Rimkus Consulting 2010 Decisions.

Advertisements

© 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP TRIM HP Information Management.

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group

Ethical Issues in Data Security Breach Cases Presented by Robert J. Scott Scott & Scott, LLP

E-Discovery for System Administrators Russell M. Shumway.

E-Discovery LIMITS ON E-DISCOVERY. No New Preservation Rule When does duty to preserve attach? Reasonably anticipated litigation. Audio sanctions.

W W W. D I N S L A W. C O M E-Discovery and Document Retention Patrick W. Michael, Esq. Dinsmore & Shohl LLP 101 South Fifth Street Louisville, KY

1 Best Practices in Legal Holds Effectively Managing the e-Discovery Process and Associated Costs.

Decided May 13, 2003 By the United States Court for the Southern District of New York.

EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.

EMS Auditing Definitions

Developing a Records & Information Retention & Disposition Program:

1 © Copyright 2008 EMC Corporation. All rights reserved. Litigation Response Planning: eDiscovery Best Practices Stephen O’Leary Sr. eDiscovery and Compliance.

IS Audit Function Knowledge

1 E-Discovery Changes to Federal Rules of Civil Procedure Concerning Discovery of Electronically Stored Information (ESI) Effective Date: 12/01/2006 October,

Audit Planning and Documentation

RST processes Session 6 Presentation 3. A framework for RST processes Establishing an RST Membership Terms of reference Work programme (schedule, agenda,

AIIM Presentation Selecting and Implementing A Records Management System June 5, 2008.

The Evolution of IT Risk & Compliance February 2012 Rosalyn Ellis, CRISC Susan Hoffman, CISA,CGEIT 1.

Internal Auditing and Outsourcing

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

Information Asset Classification

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Avoiding the Iceberg Sean Regan October 2008.

Information Assurance and Information Sharing IMKS Public Sector Forum 7 February 2011 Clare Cowling, Senior Information Governance Adviser Transport for.

Investigating & Preserving Evidence in Data Security Incidents Robert J. Scott Scott & Scott, LLP

Service Organization Control (SOC) Reporting Options and Information

Electronic Records Management: What Management Needs to Know May 2009.

7 - 1 Copyright  2003 Pearson Education Canada Inc. CHAPTER 7 Audit Planning and Documentation.

Planning an Audit The Audit Process consists of the following phases:

The Sedona Principles 1-7

STORAGE MANAGEMENT/ EXECUTIVE: Managing a Compliant Infrastructure Processes and Procedures Mike Casey Principal Analyst Contoural Inc.

Audit Planning & Audit Evidence

FRCP 26(f) Sedona Principle 3 & Commentaries Ryann M. Buckman Electronic Discovery September 21, 2009 Details of FRCP 26(f) Details of Sedona Principle.

Chapter 8: Client Risk Profile and Documentation

EDiscovery, Records Management and Records Retention.

© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC Standard for Information Security Management Systems.

2009 CHANGES IN CALIFORNIA DISCOVERY RULES The California Electronic Discovery Act Batya Swenson E-discovery Task Force

Software Project Management

Practical Aspects of Litigation Management Elizabeth Ganiere Simon Keshishian © CLM Litigation Management Institute All rights reserved. The course.

Presented to AIIM William Penn Chapter Meeting 5/13/08.

P RINCIPLES 1-7 FOR E LECTRONIC D OCUMENT P RODUCTION Maryanne Post.

The Challenge of Rule 26(f) Magistrate Judge Craig B. Shaffer July 15, 2011.

Electronic Records Management: A New Understanding of Policy, Compliance, and Discovery Robert J. Sobie, Ph.D. Director Information Systems Department.

Information Asset Classification Community of Practicerev. 10/24/2007 Information Asset Classification What it means to employees.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

SOFTWARE PROJECT MANAGEMENT

Records Management for Paper and ESI Document Retention Policies addressing creation, management and disposition Minimize the risk and exposure Information.

E-discovery Discussion. 2 Policies and Procedures Do you have a set of e-discovery policies and procedures? – Who is the lead for e-discovery efforts.

Compliance August 18, Agenda Outline Status Draft of Answers.

1 1 Building RIM Programs Chattanooga Chapter of ARMA International by Helen Streck President and CEO Kaizen InfoSource LLC.

Enterprise Archiving, Retention and Discovery System Jim Albert Deputy Director Department of Information Services April 19 th 2007.

E-Discovery And why it matters to a SSA. What is E-Discovery? E-Discovery is the process during litigation of discovering information relevant to litigation.

EDiscovery Also known as “ESI” Discovery of “Electronically Stored Information” Same discovery, new form of storage.

WESTERN PA CHAPTER OF THE AMERICAN PAYROLL ASSOCIATION – NOVEMBER 4, 2015 Risk Management for Payroll.

CLOUD VIRTUALIZATION MLArchiver for vCloud Air Archiving | eDiscovery | Records Management | Analytics Stephen Catanzano August.

Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.

CLOUD VIRTUALIZATION MLArchiver for vCloud Air Archiving | eDiscovery | Records Management | Analytics Stephen Catanzano August.

Shared Services and Third Party Assurance: Panel May 19, 2016.

Improving Compliance with ISAs Presenters: Al Johnson & Pat Hayle.

1 Auditing Your Fusion Center Privacy Policy. 22 Recommendations to the program resulting in improvements Updates to privacy documentation Informal discussions.

Leveraging the Data Map – A Case Study November 15, 2016

Data Minimization Framework

CHAPTER 7 Audit Planning and Documentation

INFORMATION MANAGEMENT by John Ostrowski

RST processes Session 5 Presentation 2.

IUC Records Retention Tool: Zasio’s Versatile Retention

Enterprise Content Management (ECM) Project

Presentation transcript:

Electronic Discovery (eDiscovery) Chad Meyer & John Vyhlidal ConAgra Foods

Overview Background Risks and Security Concerns Effective eDiscovery program Assurance Considerations Wrap up

Background Discovery – The process of identifying, locating, securing and producing information and materials for the purpose of obtaining evidence for utilization in the legal process – Additionally the process of reviewing all materials that may be potentially relevant to the issues at hand and/or that may need to be disclosed to other parties, and of evaluating evidence to prove or disprove facts, theories or allegations What is eDiscovery: – The process of collecting, preparing, reviewing, and producing electronically stored information (ESI) in the context of legal discovery

Background 2006 updates to Federal Rules of Civil Procedure (FRCP) by US Supreme Court Applies to all US enterprises, public or private Set strict expectations that an enterprise must be able to produce electronically stored information as evidence within a practical time frame Litigation and eDiscovery are key drivers for enterprise records retention

Risks and Security Concerns Un/Intentional removal of records Un/Intentional alteration of records Privacy considerations Inability to recover/identify records Providing unnecessary/wrong records Losing litigation cases (macro level risk) Fines for non-compliance (macro level risk)

eDiscovery Program

Goals for an effective program Ability to provide any discovery-requested ESI – Regardless content type and storage location Responding to requests for discovery efficiently, effectively and completely Well documented process – Policies and procedures prior to discovery – Search methods in response to discovery Refraining from providing information not requested

Assurance considerations Identify key risks Consider the existing control environment Evaluate the design of current controls as related to eDiscovery Identify gaps Consider cost benefit of mitigating existing gaps Select and implement solutions Monitor

Identify key risks Risks vary based on size, industry or other unique factors Top down risk assessment Involve key stakeholders – Legal – Records management – IT Security – System/Data owners Understand all potential sources/locations

Consider existing control environment Existing controls may aid in mitigating risks associated with eDiscovery – SOX, HIPAA, PCI Review existing control libraries for applicable controls Conduct interviews with key members of legal, risk management, and IT

Evaluate existing controls related to eDiscovery Consider purpose and scope of existing controls Many controls may aid an eDiscovery program, but not fully – Records retention policies – Backups – Logical Security

Identify gaps Classify gaps by ERDM process and responsible function – Information Management, Identification, Collection, Preservation, etc. Link gaps to existing controls (where applicable)

Identify Gaps Source:An EDRM White Paper – part of the EDRM White Paper Series September, 2010 – Adam Hurwitz, BIA CIO, Business Intelligence Associates, Inc.

Cost/Benefit of risk treatment Typical risk treatment plans include options – Avoid – Reduce/Mitigate – Transfer – Accept Consider probability and magnitude Factor ROI against noncompliance and/or alternative methods (typically manual)

Select and implement solutions Entity level controls IT general controls Other controls Prepackaged solutions

Select and implement solutions (cont.) Gartner classifies eDiscovery solutions into the following categories for analysis: – Information governance and archiving tools – Identification, collection, preservation and processing – Analysis tools

Monitor Maintained records retention and legal hold policies and procedures Clear ownership of each portion of the EDRM process Legal hold tracking process Include selected solutions in enterprise risk assessments and audits

Recap Background Risks and Security Concerns Effective eDiscovery program Assurance Considerations Conclusion

ISACA White Paper Published 3/10/2011 (Link to ISACA download)

Questions? Chad Meyer John Vyhlidal