eDiscovery Daily Blog

Thanks to EDRM, There Will Be a Way to Assess the Data Security of Your Providers: eDiscovery Best Practices

Do you ever wonder or worry about how securely your providers and partners handle your sensitive data during the discovery process?  Then, this latest project from EDRM will help address those worries.

As they announced earlier this week, EDRM has established a new project to develop and provide a security survey. A team of experienced and qualified EDRM members will be working to develop and publish a “straightforward and easy tool for evaluating the security capabilities of corporations, law firms, cloud providers and third parties offering electronic discovery or managed services”.

The goal of the security survey project is to provide organizations with an overview of the critical questions to ask when assessing the data security of an eDiscovery vendor or partner. The overview includes specific sections on risk management, asset security, communications and networking security and identity and access management. The evaluation allows the assessor to determine the level of risk the organization may be assuming by engaging the vendor or partner and to make suggestions to improve security practices and enhance the service provided.

Once created, the security survey will be intended to evaluate an organization’s data security and practices, allowing potential customers to assess the risk of entrusting their sensitive data to the vendor. The tool will also be able to be used to assess data protection from destruction or unauthorized access, as well as to assure regulatory compliance with data-related legislation such as HIPAA, the Sarbanes-Oxley Act and security breach notification laws.

Project leads for this new EDRM project are Julie Hackler, regional sales manager at Avansic, and Amy Sellars, senior litigation attorney with The Williams Companies. As you can guess, project deliverables are in the development stage. If you’re a professional in eDiscovery, data management or security and interested in joining and contributing to the project, you can direct questions or volunteer interest by email to Tom Gelbmann: mail@edrm.net.

So, what do you think?  Do you worry about how securely your providers and partners handle your sensitive data during the discovery process?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.