ISACA: Policy and technology key to reducing e-discovery risks

Having the right policies and technology in place is key to reduicing e-discovery risks, according to IT governance organisation ISACA.

Share

Having the right policies and technology in place is key to reduicing e-discovery risks, according to IT governance organisation ISACA.

To help enterprises effectively search, classify, preserve and present information that is stored electronically, ISACA has published a free Electronic Discovery whitepaper.

The whitepaper provides steps to identify and mitigate the risks related to potential litigation, and helps organisations establish a formal e-discovery programme.

ISACA, the information security association for 95,000 IT professionals, recommends the following steps:

-Assess regulatory requirements specific to the organisation

-Ensure the proper mix of policy, process and technology to reduce reliance on any specific individual and maintain consistency

-Apply a consistent approach to e-discovery, giving the organisation time to evaluate and validate the information

-Establish information security controls - in line with the organisation’s security policies - to protect information extracted.

-Conduct employee training and awareness

“An added bonus of creating an e-discovery programme is that it not only reduces risk related to litigation, but can also improve an organisation’s compliance posture,” said Kamal Dave, chief architect at Hewlett-Packard, who co-authored the Electronic Discovery whitepaper.

"It can also help control costs by eliminating a ‘keep everything’ mentality that exists when an organisation is unclear about the type of information to retain and how long to store it,” said Dave.

Now read IBM acquires e-discovery vendor PSS Systems

Find your next job with computerworld UK jobs

"Recommended For You"

Five ways to get your cloud provider ready for eDiscovery ISACA sets six key principles for cloud rollouts