ISO/IEC 27050-3:2017 pdf download – Information technology — Security techniques — Electronic discovery — Part 3: Code of practice for electronic discovery.
5 Electronic discovery background Electronic discovery is an element of traditional discovery and it is a process that typically involves identifying, preserving, collecting, processing, reviewing, analysing, and producing electronically stored information (ESI) that may be potentially relevant to a particular matter. The requirements and recommendations provided in this document are in accordance with the electronic discovery concepts described in the following clauses and subclauses of ISO/IEC 27050-1. — Clause 3, Terms and definition: Key electronic discovery terminology — 6.2, Basic concepts: Electronic discovery issues and primary cost drivers — 6.3, Objectives of electronic discovery: General electronic discovery objectives — Clause 7, Electronically stored information (ESI): Common ESI types, common sources and representations — Clause 8, Electronic discovery process: Description of the electronic discovery process and the process elements ISO/IEC 27050-1 differentiates between generic actions such as “identifying” from the specific electronic discovery process elements by preceding the names with “ESI” (e.g. ESI identification). Likewise, this document follows this approach. Figure 1, repeated from ISO/IEC 27050-1, shows all of the electronic discovery process elements and the interrelationships between them (see ISO/IEC 27050-1:2016, 8.1 for a full description).
This document addresses these challenges by: — promoting common understanding of various concepts and terminology for electronic discovery; — articulating objectives and risks inherent in the steps in the electronic discovery process; — encouraging practical and cost-effective discovery by those tasked with managing ESI through the process; — providing guidance and best practices for those responsible for delivering electronic discovery projects (e.g. legal practitioners, services providers, independent experts, courts, and any other parties engaged in the process); — identifying competency areas for those involved in electronic discovery; — promoting the proactive use of technology to reduce costs and risks, while increasing efficiencies throughout the discovery process; — suggesting ways to avoid inadvertent disclosures of potentially privileged, confidential, or sensitive ESI. The overriding goal is to help organizations meet their electronic discovery goals (e.g. legal obligations, business objectives, regulatory requirements). While this document has been written with larger electronic discovery projects in mind, and therefore covers aspects encountered in the majority of matters, it is not necessarily the case that all steps will be required or proportionate to every matter. For example, in small matters, it may well be that a single person manages and completes every aspect of the project, whereas larger matters may warrant the use of separate individuals or even teams for each element of the electronic discovery project.
6 Electronic discovery requirements and guidance 6.1 Overview 6.1.1 Structure of materials describing the process elements Each electronic discovery process element is addressed in a separate clause and each contains the following: a) an overview of the process element; b) objectives for the process element; c) considerations to avoid failures; d) the requirements and guidance specific for the process element. The order of the clauses in this document does not imply their importance or a particular sequence that needs to be followed. 6.1.2 Cross-cutting aspects Cross-cutting aspects are behaviours or activities that span multiple electronic discovery process elements and need to be coordinated across the process elements. — Planning. To be effective, most or all of the process elements need to be well planned from the outset, with the specific objectives and conditions taken into consideration and with the resources to be deployed readily available.
— Transparency. Implementation of the process elements often necessitates refinement and iteration that have to be readily explained to interested parties. An effective process will be dependent on transparency, as well as allowing for changes and for explanation later on. — Documentation. The process elements need to be well documented, both for the purpose of defending the scope and activities of the process elements down the line if they are challenged, and for the purpose of improving the effectiveness and consistency of future implementations of the process elements. — Expertise. Certain kinds of specialized expertise and qualifications will be necessary for each process element to do the work and to meet any operative standards. This expertise can be associated with the matter at hand, language, technology, the chosen tools or methods, or the quality assurance of the results of applying those tools and methods.