As we continue striving to establish and provide solutions that are defensible, transparent, auditable, reproducible, and forensically sound, we need to keep measuring ourselves against the ever growing number of standards that our industry has been generating.
Listed below are just some of the key standards that we need to consider when working for our clients. We need to be prepared to answer how we apply these to the work we do. With these standards in mind, we also need to explain how we ensure that our processes are maintained.
Electronic Discovery Reference Model (EDRM): (EDRM Model)
The industry standard for eDiscovery that everyone uses as the basis for their products and services.
EDRM eDiscovery Maturity Self-Assessment Test: (eMSAT)
The eMSAT was “designed to help you assess your organization’s level of eDiscovery maturity and use that assessment to reach the level of maturity you deem appropriate for your organization.” REW Computing uses this, as well as a number of other industry standards, to build the foundation of its Litigation Readiness/Preparedness Assessment service offerings.
EDRM Security Questionnaire – Just Released – March 2017! – (Security Audit Questionnaire)
“The Security Audit Questionnaire was designed primarily to help evaluate the security capabilities of cloud providers and third parties offering electronic discovery or managed services. The tool is also useful as a self-checklist for organizations testing the security capabilities of their own in-house systems.”
EDRM Information Governance Reference Model: (Reference Model)
“…a model that will frame the discussion of information management, in the same way the Electronic Discovery Reference Model has shaped our view of e-discovery. It was clear that this required much more than simply a better description of the Information Management node of the EDRM. The Information Management node deserved a reference model for itself.”
ARMA International Maturity Model for Records and Information Management – (The Principles Maturity Model)
“The Principles identify the critical hallmarks of information governance and provide both a standard of conduct for governing information and metrics by which to judge that conduct. In doing so, they give assurance to the public and society at large that organizations of every kind are meeting their responsibilities with respect to the governance of information. Because the Principles describe and measure fundamental attributes of information governance, they apply to all sizes of organizations, in all types of industries, and in both the private and public sectors. And, because the Principles are independent of local law and custom, multi-national organizations can use them to establish consistent practices across geographic boundaries.”
ISO/IEC 27050-1:2016: “Information technology — Security techniques — Electronic discovery — Part 1: Overview and concepts” – (Read more here)
“Electronic discovery is the process of discovering pertinent Electronically Stored Information (ESI) or data by one or more parties involved in an investigation or litigation, or similar proceeding. ISO/IEC 27050:2016 provides an overview of electronic discovery. In addition, it defines related terms and describes the concepts, including, but not limited to, identification, preservation, collection, processing, review, analysis, and production of ESI. This document also identifies other relevant standards (e.g. ISO/IEC 27037) and how they relate to, and interact with, electronic discovery activities.”
ISO/IEC 27000 family – Information security management systems – (Read more here)
“The ISO/IEC 27000 family of standards helps organizations keep information assets secure. Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties. ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS). There are more than a dozen standards in the 27000 family…”
ISO 9001:2015 – Quality Management – (Read more here)
“ISO 9001:2015 sets out the criteria for a quality management system and is the only standard in the family that can be certified to (although this is not a requirement). It can be used by any organization, large or small, regardless of its field of activity. In fact, there are over one million companies and organizations in over 170 countries certified to ISO 9001. This standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement.”
Association of Certfied EDiscovery Specialists: (aceds.org)
Although this may not be perceived as a standards body, it is an organization that is pushing to see standards being established and enforced within our community of experts through certification processes.