Having the right policies and technology in place is key to reduicing e-discovery risks, according to IT governance organisation ISACA.
To help enterprises effectively search, classify, preserve and present information that is stored electronically, ISACA has published a free Electronic Discovery whitepaper.
The whitepaper provides steps to identify and mitigate the risks related to potential litigation, and helps organisations establish a formal e-discovery programme.
ISACA, the information security association for 95,000 IT professionals, recommends the following steps:
-Assess regulatory requirements specific to the organisation
-Ensure the proper mix of policy, process and technology to reduce reliance on any specific individual and maintain consistency
-Apply a consistent approach to e-discovery, giving the organisation time to evaluate and validate the information
-Establish information security controls - in line with the organisation’s security policies - to protect information extracted.
-Conduct employee training and awareness
“An added bonus of creating an e-discovery programme is that it not only reduces risk related to litigation, but can also improve an organisation’s compliance posture,” said Kamal Dave, chief architect at Hewlett-Packard, who co-authored the Electronic Discovery whitepaper.
"It can also help control costs by eliminating a ‘keep everything’ mentality that exists when an organisation is unclear about the type of information to retain and how long to store it,” said Dave.