1 / 20

Electronic Discovery (eDiscovery)

Electronic Discovery (eDiscovery). Chad Meyer & John Vyhlidal ConAgra Foods. Overview. Background Risks and Security Concerns Effective eDiscovery program Assurance Considerations Wrap up. Background. Discovery

nola
Download Presentation

Electronic Discovery (eDiscovery)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Electronic Discovery (eDiscovery) Chad Meyer & John Vyhlidal ConAgra Foods

  2. Overview • Background • Risks and Security Concerns • Effective eDiscovery program • Assurance Considerations • Wrap up

  3. Background • Discovery • The process of identifying, locating, securing and producing information and materials for the purpose of obtaining evidence for utilization in the legal process • Additionally the process of reviewing all materials that may be potentially relevant to the issues at hand and/or that may need to be disclosed to other parties, and of evaluating evidence to prove or disprove facts, theories or allegations • What is eDiscovery: • The process of collecting, preparing, reviewing, and producing electronically stored information (ESI) in the context of legal discovery

  4. Background • 2006 updates to Federal Rules of Civil Procedure (FRCP) by US Supreme Court • Applies to all US enterprises, public or private • Set strict expectations that an enterprise must be able to produce electronically stored information as evidence within a practical time frame Litigation and eDiscovery are key drivers for enterprise records retention

  5. Risks and Security Concerns • Un/Intentional removal of records • Un/Intentional alteration of records • Privacy considerations • Inability to recover/identify records • Providing unnecessary/wrong records • Losing litigation cases (macro level risk) • Fines for non-compliance (macro level risk)

  6. eDiscovery Program

  7. Goals for an effective program • Ability to provide any discovery-requested ESI • Regardless content type and storage location • Responding to requests for discovery efficiently, effectively and completely • Well documented process • Policies and procedures prior to discovery • Search methods in response to discovery • Refraining from providing information not requested

  8. Assurance considerations

  9. Identify key risks • Risks vary based on size, industry or other unique factors • Top down risk assessment • Involve key stakeholders • Legal • Records management • IT Security • System/Data owners • Understand all potential sources/locations

  10. Consider existing control environment • Existing controls may aid in mitigating risks associated with eDiscovery • SOX, HIPAA, PCI • Review existing control libraries for applicable controls • Conduct interviews with key members of legal, risk management, and IT

  11. Evaluate existing controls related to eDiscovery • Consider purpose and scope of existing controls • Many controls may aid an eDiscovery program, but not fully • Records retention policies • Backups • Logical Security

  12. Identify gaps • Classify gaps by ERDM process and responsible function • Information Management, Identification, Collection, Preservation, etc. • Link gaps to existing controls (where applicable)

  13. Identify Gaps Source: An EDRM White Paper – part of the EDRM White Paper Series September, 2010 – Adam Hurwitz, BIA CIO, Business Intelligence Associates, Inc.

  14. Cost/Benefit of risk treatment • Typical risk treatment plans include options • Avoid • Reduce/Mitigate • Transfer • Accept • Consider probability and magnitude • Factor ROI against noncompliance and/or alternative methods (typically manual)

  15. Select and implement solutions • Entity level controls • IT general controls • Other controls • Prepackaged solutions

  16. Select and implement solutions (cont.) • Gartner classifies eDiscovery solutions into the following categories for analysis: • Information governance and archiving tools • Identification, collection, preservation and processing • Analysis tools

  17. Monitor • Maintained records retention and legal hold policies and procedures • Clear ownership of each portion of the EDRM process • Legal hold tracking process • Include selected solutions in enterprise risk assessments and audits

  18. Recap • Background • Risks and Security Concerns • Effective eDiscovery program • Assurance Considerations • Conclusion

  19. ISACA White Paper • Published 3/10/2011 (Link to ISACA download)

  20. Questions? Chad Meyer chad.meyer@conagrafoods.com John Vyhlidal john.vyhlidal@conagrafoods.com

More Related