Every eDiscovery company is aware of the importance of eDiscovery information security. Implementing eDiscovery capabilities without considering security can lead to serious and expensive breaches of sensitive information, degrading the reputation of the eDiscovery company that developed the software. The process of measuring a system’s information security can range widely in terms of reliability, cost, and time.

The Importance of Information Security in eDiscovery

The good news for eDiscovery companies is that eDiscovery is becoming a bigger part of most litigation. More and more law firms and corporations are communicating electronically and making the transition from paper records to electronic data storage. As such, eDiscovery has the potential to save incredible amounts of time and money. With this increased demand, however, comes an increased interest in eDiscovery information security. The discovery process involves a lot of sensitive material, and clients want to be assured that the data is safeguarded. As a result, corporations and law firms are beginning to demand some assurances that the eDiscovery solutions they rely on will meet their needs.

Evaluating eDiscovery Information Security

In general, the simplest measurement of an information technology platform’s information security is a vulnerability assessment, but one of the most trusted measure of information security is ISO 27001 certification. There are a wide variety of options in between these two extremes, but customers with information at stake worth millions or billions of dollars are likely to demand strong guarantees.

ISO 27001 is a publication promulgated by the International Organization for Standardization which sets internationally recognized standards for information technology security. In order to be ISO 27001 certified, the system must be scrutinized for security risks, protections must be implemented to minimize those risks, and those protections must be implemented uniformly across the entire information technology system.

In order to receive ISO 27001 certification, the information technology system must be deemed compliant by an Accredited Certification Body. In order to maintain the certification, the system must be tested periodically. If necessary, any company interested in ISO 27001 certification should seek assistance from a third-party ISO 27001 consulting company to guide the way towards certification. A company offering ISO 27001 consulting services should be sherpa’d by an ISO 27001 Certified Lead Auditor.

The Value of Intense eDiscovery Security

The security offered by an ISO 27001 certified eDiscovery platform offers excellent selling points to customers. The systematic and uniform safeguards are especially important in the realm of eDiscovery security. The people who run high-powered corporations and firms often work in a fast-paced environment, and although eDiscovery security is very important to them, it is not something they think about constantly. When they get rushed, they are unlikely to comply with or fully utilize the safeguards of systems with lesser security. However, an eDiscovery platform which has an ISO 27001 certification already has those safeguards automatically and uniformly implemented. The customer’s information remains safe without any effort on the customer’s part.

ISO 27001 certification can be expensive and time-consuming. There are a variety of lesser options which may offer an acceptable balance between cost management and security assurance. Ultimately, the nature of the data that customers intend to transmit via eDiscovery will determine what kind of assurances they demand.

Free Whitepaper: Five Best Practices for SIEM

The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

• Simplify compliance monitoring/reporting
• Vastly improve Incident Detection & Incident Response
• Contextualize event information with other business relevant information

Download: Information Security Attestation Guide

A Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Best Practices for Firing A Network Security Administrator

Want to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

Free Download: A Best Practices Guide to Database Security

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Is ISO 27001 Right for (Y)our Organization?

Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

• How to deal with increasing threats
• How to manage multiple regulatory requirements
• How to handle client requests for attestation
• To validate that significant changes did not have unanticipated results

Free Download: ISO 27001 Implementation Roadmap

Have no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Free Whitepaper: Stop Wasting Money on Penetration Testing

Penetration Testing is most frequently performed to:

• Substantiate the net effectiveness of a mature control environment
• Prove to a third party that an environment is secure/trustworthy
• Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
• To validate that significant changes did not have unanticipated results